[Snort-sigs] Snort Subscriber Rules Update 2016-02-09

Research research at ...435...
Tue Feb 9 15:04:55 EST 2016


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Talos Snort Subscriber Rules Update

Synopsis:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Security Bulletin MS16-009:
Microsoft Internet Explorer suffers from programming errors that may
lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 37553 through 37554,
37571 through 37574, 37581 through 37582, 37596 through 37597, 37602
through 37605, and 37616 through 37617.

Microsoft Security Bulletin MS16-011:
A coding deficiency exists in Microsoft Edge that may lead to remote
code execution.

Previously released rules will detect attacks targeting this
vulnerability and have been updated with the appropriate reference
information. They are included in this release and are identified with
GID 1, SIDs 36986 through 36987.

New rules to detect attacks targeting these vulnerabilities are also
included in this release and are identified with GID 1, SIDs 37575
through 37576, and 37608 through 37615.

Microsoft Security Bulletin MS16-012:
A coding deficiency exists in the Microsoft Windows PDF library that
may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 37565 through 37566
and 37594 through 37595.

Microsoft Security Bulletin MS16-013:
A coding deficiency exists in Microsoft Windows Journal that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 37577 through 37578.

Microsoft Security Bulletin MS16-014:
A coding deficiency exists in Microsoft Windows that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 37555 through 37558,
37567 through 37570, and 37588 through 37591.

Microsoft Security Bulletin MS16-015:
A coding deficiency exists in Microsoft Office that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 37559 through 37564,
37579 through 37580, 37592 through 37593, 37598 through 37601, and
37606 through 37607.

Microsoft Security Bulletin MS16-016:
A coding deficiency exists in Microsoft WebDAV that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 37586 through 37587.

Microsoft Security Bulletin MS16-018:
A coding deficiency exists in a Microsoft Windows kernel-mode driver
that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 37584 through 37585.

Talos has added and modified multiple rules in the browser-ie,
file-identify, file-image, file-office, file-other, file-pdf,
indicator-shellcode, malware-cnc, os-windows, pua-adware and
server-webapp rule sets to provide coverage for emerging threats from
these technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFWukZns9U0LCYEKaARAiMOAJ472yisuqo4QgFnDXjbFhlRlDxBYACZAcbJ
MRw/wkQ8odDbOrwwIdn900o=
=Z5Q8
-----END PGP SIGNATURE-----





More information about the Snort-sigs mailing list