[Snort-sigs] Snort Subscriber Rules Update 2016-04-12

Research research at ...435...
Tue Apr 12 15:34:28 EDT 2016


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Talos Snort Subscriber Rules Update

Synopsis:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Security Bulletin MS16-037:
Microsoft Internet Explorer suffers from programming errors that may
lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 38465 through 38470,
38491 through 38492, and 38503 through 38508.

Microsoft Security Bulletin MS16-038:
A coding deficiency exists in Microsoft Edge that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 38473 through 38474,
38479 through 38480, and 38483 through 38486.

Microsoft Security Bulletin MS16-039:
A coding deficiency exists in Microsoft Graphics Component that may
lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 38459 through 38460,
38487 through 38488, and 38493 through 38494.

Microsoft Security Bulletin MS16-040:
A coding deficiency exists in Microsoft XML Core Service that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 38463 through 38464.

Microsoft Security Bulletin MS16-041:
A coding deficiency exists in the Microsoft .NET Framework that may
lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 38469 through 38470.

Microsoft Security Bulletin MS16-042:
A coding deficiency exists in Microsoft Office that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 36751 through 36752,
38471 through 38472, 38481 through 38482, and 38495 through 38496.

Microsoft Security Bulletin MS16-044:
A coding deficiency exists in Microsoft Windows OLE that may lead to
remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 38489 through 38490.

Microsoft Security Bulletin MS16-046:
A coding deficiency exists in Microsoft Secondary Logon that may lead
to an escalation of privilege.

A rule to detect attacks targeting this vulnerability is included in
this release and is identified with GID 1, SID 38458.

Microsoft Security Bulletin MS16-047:
A coding deficiency exists in Microsoft SAM and LSAD Remote Protocols
that may lead to a downgrade attack.

A rule to detect attacks targeting this vulnerability is included in
this release and is identified with GID 1, SID 38462.

Microsoft Security Bulletin MS16-048:
A coding deficiency exists in Microsoft CRSS that may lead to a
security feature bypass.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 38475 through 38476.

Talos has added and modified multiple rules in the browser-ie,
browser-plugins, exploit-kit, file-office, file-other and os-windows
rule sets to provide coverage for emerging threats from these
technologies.


For a complete list of new and modified rules please see:

https://www.snort.org/advisories
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFXDU3Es9U0LCYEKaARAncWAJ9A5TaRzR7s63zpJnioxY8bqSEzwwCg0naY
d3YEXvNs28vok71erGqf8vU=
=VC8W
-----END PGP SIGNATURE-----





More information about the Snort-sigs mailing list