[Snort-sigs] Snort Subscriber Rules Update 2016-03-08

Research research at ...435...
Tue Mar 8 13:27:40 EST 2016


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Talos Snort Subscriber Rules Update

Synopsis:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Security Bulletin MS16-023:
Microsoft Internet Explorer suffers from programming errors that may
lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 38065 through 38070,
38081 through 38082, 38085 through 38086, 38088 through 38091, 38094
through 38099, 38108 through 38109, 38112 through 38113, 38117 through
38118, and 38122 through 38123.

Microsoft Security Bulletin MS16-024:
A coding deficiency exists in Microsoft Edge that may lead to remote
code execution.

Previously released rules will detect attacks targeting this
vulnerability and have been updated with the appropriate reference
information. They are included in this release and are identified with
GID 1, SIDs 37279 through 37280.

New rules to detect attacks targeting these vulnerabilities are also
included in this release and are identified with GID 1, SIDs 38106
through 38107.

Microsoft Security Bulletin MS16-026:
A coding deficiency exists in Microsoft Graphic Fonts that may lead to
remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 38063 through 38064.

Microsoft Security Bulletin MS16-027:
A coding deficiency exists in Microsoft Windows Media Player that may
lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 38079 through 38080
and 38124 through 38125.

Microsoft Security Bulletin MS16-028:
A coding deficiency exists in Microsoft Windows PDF Library that may
lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 38073 through 38078.

Microsoft Security Bulletin MS16-029:
A coding deficiency exists in Microsoft Office that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 38100 through 38101
and 38126 through 38129.

Microsoft Security Bulletin MS16-030:
A coding deficiency exists in Microsoft Windows OLE that may lead to
remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 38110 through 38111.

Microsoft Security Bulletin MS16-031:
A coding deficiency exists in Microsoft Windows that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 38092 through 38093.

Microsoft Security Bulletin MS16-032:
A coding deficiency exists in Microsoft Secondary Logon that may lead
to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 38114 through 38115.

Microsoft Security Bulletin MS16-034:
A coding deficiency exists in Microsoft Kernel Mode Drivers that may
lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 38061 through 38062,
38071 through 38072, 38083 through 38084, and 38119 through 38120.

Talos also has added and modified multiple rules in the browser-ie,
exploit-kit, file-multimedia, file-office, file-other,
indicator-obfuscation, malware-cnc and server-webapp rule sets to
provide coverage for emerging threats from these technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFW3xmcs9U0LCYEKaARAsNcAJ43Au//WZN6YKqPm0u4OKiZ21jMZACgwkup
V1VVsEXWsmBhX8BYBiNWPq4=
=2sY0
-----END PGP SIGNATURE-----





More information about the Snort-sigs mailing list