[Snort-sigs] Snort Subscriber Rules Update 2016-10-11

Research research at ...435...
Tue Oct 11 15:18:11 EDT 2016


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Talos Snort Subscriber Rules Update

Synopsis:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Security Bulletin MS16-118:
Microsoft Internet Explorer suffers from programming errors that may
lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 40364 through 40365,
40372 through 40375, 40378 through 40379, 40385 through 40386, 40396
through 40397, and 40420 through 40421.

Microsoft Security Bulletin MS16-119:
A coding deficiency exists in Microsoft Edge that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 40366 through 40367,
40370 through 40371, 40383 through 40384, 40404 through 40405, 40420
through 40421, and 40423 through 40424.

Microsoft Security Bulletin MS16-120:
A coding deficiency exists in Microsoft Graphics Component that may
lead to remote code execution.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 39824 through 39825.

New rules to detect attacks targeting these vulnerabilities are also
included in this release and are identified with GID 1, SIDs 40408
through 40411 and 40425 through 40428.

Microsoft Security Bulletin MS16-121:
A coding deficiency exists in Microsoft Office that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 40368 through 40369.

Microsoft Security Bulletin MS16-123:
A coding deficiency exists in a Microsoft Kernel mode driver that may
lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 40376 through 40377,
40380 through 40381, 40392 through 40393, and 40418 through 40419.

Microsoft Security Bulletin MS16-124:
A coding deficiency exists in a Microsoft Windows Registry that may
lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 40394 through 40395,
40400 through 40403, and 40412 through 40413.

Microsoft Security Bulletin MS16-125:
A coding deficiency exists in a Microsoft Diagnostic Hub that may lead
to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 40398 through 40399.

Microsoft Security Bulletin MS16-126:
Microsoft Internet Explorer suffers from programming errors that may
lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 40364 through 40365.

Talos also has added and modified multiple rules in the
browser-firefox, browser-ie, browser-other, browser-plugins, deleted,
exploit-kit, file-flash, file-identify, file-office, file-other,
file-pdf, indicator-compromise, malware-cnc, os-windows, protocol-dns,
protocol-ftp, server-apache and server-webapp rule sets to provide
coverage for emerging threats from these technologies.


For a complete list of new and modified rules please see:

https://www.snort.org/advisories
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAlf9OvIACgkQs9U0LCYEKaCtxgCgwsBveVoEa1Y8eukVn8j6UuLr
WGsAn0tiXUC0t4MqYaNMKLYF+Qozeafi
=QKXB
-----END PGP SIGNATURE-----





More information about the Snort-sigs mailing list