[Snort-sigs] Snort Subscriber Rules Update 2018-12-12

Research research at sourcefire.com
Wed Dec 12 12:57:16 EST 2018


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Talos Snort Subscriber Rules Update

Synopsis:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Vulnerability CVE-2018-8583:
A coding deficiency exists in Microsoft Chakra Scripting Engine that
may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 48515 through 48516.

Microsoft Vulnerability CVE-2018-8617:
A coding deficiency exists in Microsoft Chakra Scripting Engine that
may lead to remote code execution.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 45142 through 45143.

Microsoft Vulnerability CVE-2018-8618:
A coding deficiency exists in Microsoft Chakra Scripting Engine that
may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 48509 through 48510.

Microsoft Vulnerability CVE-2018-8619:
A coding deficiency exists in Microsoft Internet Explorer that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 48531 through 48532.

Microsoft Vulnerability CVE-2018-8624:
A coding deficiency exists in Microsoft Chakra Scripting Engine that
may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 48517 through 48518.

Microsoft Vulnerability CVE-2018-8629:
A coding deficiency exists in Microsoft Chakra Scripting Engine that
may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 48513 through 48514.

Microsoft Vulnerability CVE-2018-8631:
A coding deficiency exists in Microsoft Internet Explorer that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 48533 through 48534.

Microsoft Vulnerability CVE-2018-8634:
A coding deficiency exists in Microsoft Edge that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 48519 through 48520.

Cisco Talos would like to thank Symantec and the Cyber Threat Alliance
for working with us to protect our users from Seedworm, rules are
identified with GID 1, SIDs 48559 through 48562.

Talos also has added and modified multiple rules in the  and  rule sets
to provide coverage for emerging threats from these technologies.


For a complete list of new and modified rules please see:

https://www.snort.org/advisories
-----BEGIN PGP SIGNATURE-----

iQIcBAEBAgAGBQJcEUv6AAoJEPE/nha8pb+ttvAP/iFDrcvyHp6JAPlvZxUpu1kP
+zxUghP0vo340ks11GRTcY7cQxf0DV88uGd85BHymoqPZjfda0mlElcFmjRohu2f
BDeNeimuDp00LA/hYF2E/9XoqcDuImYLMiYee8vb/C6rkr//bNcMKBAxHvlJkwcW
tjm7Oy2aWxM8EoQ/GcoyDX5TAFqm4WmkxVd66Hxgge8tQDhC7S+BMNQTJOo4zq/u
GccKUkNRsAHeIwNoqgqXk6rEpjotzX7v/wll6q6Zklys/0j7lA3RbPgRzsxjz8qQ
yG7Vy/5jNvYB2hh5SmXtTzVZKN0sbbqrHQfIiKhZ8yvnARshXQt31oYS5QOz2jI6
OtgEpw6qp4bpbA3voRk9y58EttjjFs0sSwg5N9wHpcjcgjsR54t5asTphAI4F9ou
Shkh11Pne1CV4MQ5XLcl8To4lGBCuTED6DcNYccZYRc5tk7SGvs+r2S4StUMkPyH
uS2MQpK0xtk4L6H6CdCpLHeffAk4nGSdnMT/iOpNzF0E/o1e8iet1FOZvIrkD6Te
NhsDVttLtHSZke7bVyoS9CmAV4NJWx7SYK2ypGgxL9rjT5dnLse7ds7jltDUDE6o
L8EOgINPh9QbN05OuwSGG95H5r3ZjnRruI8XUOVdaH9Cj9ebxoykNUDb1dB+dv4+
ChVAvDk1hVhknHchvke5
=O0Iw
-----END PGP SIGNATURE-----



More information about the Snort-sigs mailing list