[Snort-sigs] Snort Subscriber Rules Update 2017-06-13

Andrew signa.inferre at gmail.com
Tue Jun 13 15:11:26 EDT 2017


Is there an SID for the Platinum hacking group issue yet?

http://securityaffairs.co/wordpress/59876/hacking/platinum-hackers-amt.html

On Tue, Jun 13, 2017 at 1:59 PM, Research <research at sourcefire.com> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> Talos Snort Subscriber Rules Update
>
> Synopsis:
> Talos is aware of vulnerabilities affecting products from Microsoft
> Corporation.
>
> Details:
> Microsoft Vulnerability CVE-2017-0215:
> A coding deficiency exists in Microsoft Device Guard Code Integrity
> Policy that may lead to a security feature bypass.
>
> Rules to detect attacks targeting these vulnerabilities are included in
> this release and are identified with GID 1, SIDs 43157 through 43158.
>
> Microsoft Vulnerability CVE-2017-8464:
> A coding deficiency exists in Microsoft LNK that may lead to remote
> code execution.
>
> Previously released rules will detect attacks targeting these
> vulnerabilities and have been updated with the appropriate reference
> information. They are also included in this release and are identified
> with GID 1, SIDs 17042 and 24500.
>
> Microsoft Vulnerability CVE-2017-8465:
> A coding deficiency exists in Microsoft Win32k that may lead to an
> escalation of privilege.
>
> Rules to detect attacks targeting these vulnerabilities are included in
> this release and are identified with GID 1, SIDs 43173 through 43174.
>
> Microsoft Vulnerability CVE-2017-8466:
> A coding deficiency exists in Microsoft Windows Cursor that may lead to
> an escalation of privilege.
>
> Rules to detect attacks targeting these vulnerabilities are included in
> this release and are identified with GID 1, SIDs 43173 through 43174.
>
> Microsoft Vulnerability CVE-2017-8468:
> A coding deficiency exists in Microsoft Win32k that may lead to an
> escalation of privilege.
>
> Rules to detect attacks targeting these vulnerabilities are included in
> this release and are identified with GID 1, SIDs 43173 through 43174.
>
> Microsoft Vulnerability CVE-2017-8496:
> Microsoft Edge suffers from programming errors that may lead to remote
> code execution.
>
> Rules to detect attacks targeting these vulnerabilities are included in
> this release and are identified with GID 1, SIDs 43165 through 43166.
>
> Microsoft Vulnerability CVE-2017-8497:
> Microsoft Edge suffers from programming errors that may lead to remote
> code execution.
>
> Rules to detect attacks targeting these vulnerabilities are included in
> this release and are identified with GID 1, SIDs 43169 through 43170.
>
> Microsoft Vulnerability CVE-2017-8509:
> A coding deficiency exists in Microsoft Office that may lead to remote
> code execution.
>
> Rules to detect attacks targeting these vulnerabilities are included in
> this release and are identified with GID 1, SIDs 43159 through 43160.
>
> Microsoft Vulnerability CVE-2017-8510:
> A coding deficiency exists in Microsoft Office that may lead to remote
> code execution.
>
> Rules to detect attacks targeting these vulnerabilities are included in
> this release and are identified with GID 1, SIDs 43171 through 43172.
>
> Microsoft Vulnerability CVE-2017-8524:
> A coding deficiency exists in Microsoft Scripting Engine that may lead
> to remote code execution.
>
> Rules to detect attacks targeting these vulnerabilities are included in
> this release and are identified with GID 1, SIDs 43163 through 43164.
>
> Microsoft Vulnerability CVE-2017-8529:
> Microsoft Edge and Microsoft Internet Explorer suffer from programming
> errors that may lead to information disclosure.
>
> Rules to detect attacks targeting these vulnerabilities are included in
> this release and are identified with GID 1, SIDs 43161 through 43162.
>
> Microsoft Vulnerability CVE-2017-8543:
> A coding deficiency exists in Microsoft Windows Search that may lead to
> remote code execution.
>
> Rules to detect attacks targeting these vulnerabilities are included in
> this release and are identified with GID 1, SIDs 43175 through 43176.
>
> Microsoft Vulnerability CVE-2017-8547:
> Microsoft Internet Explorer suffers from programming errors that may
> lead to remote code execution.
>
> Rules to detect attacks targeting these vulnerabilities are included in
> this release and are identified with GID 1, SIDs 43155 through 43156.
>
> Talos has also added and modified multiple rules in the blacklist,
> browser-ie, file-office, file-other, file-pdf, malware-cnc, os-windows,
> policy-other, protocol-scada and server-webapp rule sets to provide
> coverage for emerging threats from these technologies.
>
>
> For a complete list of new and modified rules please see:
>
> https://www.snort.org/advisories
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
>
> iQIcBAEBAgAGBQJZQCfoAAoJEPE/nha8pb+tcb0QAKQZ9XgKjRJ6NRNl4o7nLH+K
> maHCcLqWHo9lzkxFivOWEeWLN2Rs6UPk8+jJF9lPXcBzUFYpo0mHcXmbGXGfEMX6
> 2w0Di8JhyeLDy0pZgdGlBY+/2es3NWkeSLeu9WtTbo9iiiXujg7PC6oY1XM40J7s
> 8CtfIpK144zDaAoRjqrZX/gz2OLv9T06F9OqwKJPgw0PncxeDDppoDO0sXUkRxyB
> BPUFz7Ba73ACevxrzW6DuzuK+DWs6+Fsg2v5oeJNY5BRo1UBexi7NHSw0hgSYXjr
> iY8SZcBsxD3l/f3PcDOPhBoJebqolz2UTi2m8ZA7+BaWD9KfC2a1HCxjchS//IH5
> SZI/kHbRmt1DqXyr5O0Y2V1QzsNDYGsrGyGdEnXxkMaLLbo9iG15UcMpg5DhkKuA
> L0zG55H5JbIoMxbKXNRr7mQPiThFMsqLX8/svhiHSNoXiQOuCF9ht1vRaETMmzln
> OeMANx7xK2JcUGHFT4e2RtP0lJ9daadKKvUjD6iuSF42gup3gQAxpPccuBkt7g3z
> 4orujME8ShJgpx8g/NeiqL8gutgs886SRBBgTbn/sB5vTSU7b4TRduruH7jJ+Fl9
> Fz+hYgQFWs23lXw6g+cTRn394M5mNyAX/TkYalF5LZaTjJPaOAO6ojUlPMw+imlG
> qn0Lz0SXB0Pq2ZbwKTCR
> =eG0h
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.snort.org
> https://lists.snort.org/mailman/listinfo/snort-sigs
>
> http://www.snort.org
>
> Please visit http://blog.snort.org for the latest news about Snort!
>
> Visit the Snort.org to subscribe to the official Snort ruleset, make sure
> to stay up to date to catch the most <a href="
> https://snort.org/downloads/#rule-downloads">emerging threats</a>!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20170613/55139e17/attachment.html>


More information about the Snort-sigs mailing list