[Snort-sigs] Snort Subscriber Rules Update 2017-12-12

Research research at sourcefire.com
Tue Dec 12 17:05:56 EST 2017


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Talos Snort Subscriber Rules Update

Synopsis:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Vulnerability CVE-2017-11885:
A coding deficiency exists in Windows RRAS Service that may lead to
remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 45130 through 45131.

Microsoft Vulnerability CVE-2017-11886:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 37283 through 37284.

Microsoft Vulnerability CVE-2017-11888:
A coding deficiency exists in Microsoft Edge that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 45121 through 45122.

Microsoft Vulnerability CVE-2017-11889:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 42749 through 42750.

Microsoft Vulnerability CVE-2017-11890:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 45138 through 45139.

Microsoft Vulnerability CVE-2017-11893:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 45162 through 45163.

Microsoft Vulnerability CVE-2017-11894:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 45140 through 45141.

Microsoft Vulnerability CVE-2017-11895:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 45142 through 45143.

Microsoft Vulnerability CVE-2017-11901:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 45144 through 45145.

Microsoft Vulnerability CVE-2017-11903:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 45146 through 45147.

Microsoft Vulnerability CVE-2017-11907:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 45148 through 45149.

Microsoft Vulnerability CVE-2017-11909:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 45150 through 45151.

Microsoft Vulnerability CVE-2017-11911:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 45155 through 45156.

Microsoft Vulnerability CVE-2017-11913:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 40132 through 40133.

Microsoft Vulnerability CVE-2017-11914:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 45128 through 45129.

Microsoft Vulnerability CVE-2017-11916:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 45169 through 45170.

Microsoft Vulnerability CVE-2017-11918:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 45160 through 45161.

Microsoft Vulnerability CVE-2017-11930:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 45167 through 45168.

Microsoft Vulnerability CVE-2017-11935:
A coding deficiency exists in Microsoft Excel that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 45123 through 45124.

Microsoft Vulnerability CVE-2017-11937:
A coding deficiency exists in Microsoft Malware Protection Engine that
may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 45152 through 45153.

Talos also has added and modified multiple rules in the
browser-firefox, browser-ie, browser-plugins, file-multimedia,
file-office, file-other, file-pdf, indicator-compromise, os-windows,
policy-other, protocol-snmp and server-webapp rule sets to provide
coverage for emerging threats from these technologies.


For a complete list of new and modified rules please see:

https://www.snort.org/advisories
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJaMFLCAAoJEPE/nha8pb+ti5AP+weMmk5TLG2JglDAGXtb1t8O
YLmaORreeAaU/QDBzIxFE/ve1fv6NwSK5HaXMUcAXsDMVECSKB+5wUplwQRqgj18
Y8u1JPhxn5u2XDgGDJQbFdAdEQmQXL5C/BJDi8KR4LMA0+d+0MD+P2OH91O0VQUC
O2kAERCwwDBIbl1RYIOM9+SxQ+CEbxIPm+Cs4q4wqXymC6ZxdswAKoGMOpl6yuaE
6q+h9QhbsiScPBy50XbqP7ZacR8gpa+TQP5JP0GFdVxPPyYjAbmhpg0zRqWF3wHZ
gkyTID1zLBjw1sRGTMsFfwTDjA+3Ik5ernwP7onhxDcrRj0X/AkpYn8vfk3W/pZb
99qzGlUI6FCAS0/P5tVjs9IgdvRB0k5VocdENUg7YS3JwLJ66fGhfobqAQhbvbIa
ULUWVpzqa4j9GWGjcAuIdOVfvgyKSrVequ9wznM696eAVvCsKkXoi8GmE1Ty0JZt
PQSwnTpFjQaoFBu+ehqiFLuCSTmwfIC9eARXhRw5W8piIM8kFksJd/9Ywn11WIpm
0/e4u+58nUt/Jo4axlMFu3ukmdWrig8aK82CQgY2bKzAb4S0F9jHKUbs+r2RA1+q
liPivv8L9dKUYIeqtXiHDqUgxcuAM+t5zsRQv6D51G3w10RB6CvPnjwH35ht+sd5
UBLFeS4SqJAcgS2UCy5c
=bfXO
-----END PGP SIGNATURE-----



More information about the Snort-sigs mailing list