[Snort-sigs] Snort Subscriber Rules Update 2019-02-12

Research research at sourcefire.com
Tue Feb 12 14:24:35 EST 2019


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Talos Snort Subscriber Rules Update

Synopsis:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Vulnerability CVE-2019-0590:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 49128 through 49129.

Microsoft Vulnerability CVE-2019-0591:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 49134 through 49135.

Microsoft Vulnerability CVE-2019-0593:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 49130 through 49131.

Microsoft Vulnerability CVE-2019-0606:
A coding deficiency exists in Microsoft Internet Explorer that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 49144 through 49145.

Microsoft Vulnerability CVE-2019-0607:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 49149 through 49150.

Microsoft Vulnerability CVE-2019-0610:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 49140 through 49141.

Microsoft Vulnerability CVE-2019-0621:
A coding deficiency exists in Microsoft Windows Kernel that may lead to
information disclosure.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 49172 through 49173.

Microsoft Vulnerability CVE-2019-0628:
A coding deficiency exists in Microsoft Win32k that may lead to
information disclosure.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 49180 through 49181.

Microsoft Vulnerability CVE-2019-0630:
A coding deficiency exists in Microsoft SMB that may lead to remote
code execution.

A rule to detect attacks targeting this vulnerability is included in
this release and is identified with GID 1, SID 49146.

Microsoft Vulnerability CVE-2019-0633:
A coding deficiency exists in Microsoft SMB that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 49174 through 49177.

Microsoft Vulnerability CVE-2019-0636:
A coding deficiency exists in Microsoft Windows that may lead to
information disclosure.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 48799 through 48800.

Microsoft Vulnerability CVE-2019-0640:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 49153 through 49154.

Microsoft Vulnerability CVE-2019-0642:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 49169 through 49170.

Microsoft Vulnerability CVE-2019-0644:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 49151 through 49152.

Microsoft Vulnerability CVE-2019-0645:
A coding deficiency exists in Microsoft Edge that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 49142 through 49143.

Microsoft Vulnerability CVE-2019-0648:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to information disclosure.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 49157 through 49158.

Microsoft Vulnerability CVE-2019-0650:
A coding deficiency exists in Microsoft Edge that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 49147 through 49148.

Microsoft Vulnerability CVE-2019-0651:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 49138 through 49139.

Microsoft Vulnerability CVE-2019-0652:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 49136 through 49137.

Microsoft Vulnerability CVE-2019-0655:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 49167 through 49168.

Microsoft Vulnerability CVE-2019-0656:
A coding deficiency exists in Microsoft Windows Kernel that may lead to
elevation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 49159 through 49160.

Microsoft Vulnerability CVE-2019-0658:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to information disclosure.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 49165 through 49166.

Microsoft Vulnerability CVE-2019-0661:
A coding deficiency exists in Microsoft Windows Kernel that may lead to
information disclosure.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 49161 through 49162.

Microsoft Vulnerability CVE-2019-0669:
A coding deficiency exists in Microsoft Excel that may lead to
information disclosure.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 49132 through 49133.

Microsoft Vulnerability CVE-2019-0676:
A coding deficiency exists in Microsoft Internet Explorer that may lead
to information disclosure.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 49155 through 49156.

Talos also has added and modified multiple rules in the browser-ie,
file-office, file-other, file-pdf, indicator-compromise, malware-cnc
and server-webapp rule sets to provide coverage for emerging threats
from these technologies.


For a complete list of new and modified rules please see:

https://www.snort.org/advisories
-----BEGIN PGP SIGNATURE-----

iQIcBAEBAgAGBQJcYx1xAAoJEPE/nha8pb+tGqwQAMnwZn0r3VAAxtpPnAo6udaw
R3EzITVM8TA5E8aDhlUApwwAAk4zUJj81xZJmRWcgxge9NeyF/QUoegnMljz1lvZ
QtH/A5ZyYAMgwUTONPvivBZNWJG7H/LvPPz7HV8sDAeYWwsjHJ81jYoSm8azomcr
30rdWLb05jKK+RMUzxdCXoKX6ivA4cJVfeuqtnR3k40dTYGeFaUqnHCN7T0JJI7I
tNjNBjC9YLINceqfEvrJd0GYr5iQ1AByBehsQfRmwfLwDUADrXBbM6H6JZp+fgHn
lQ+fi/Vqv3KfWTA5JqNi8Mq3aq7ts68+C5WJDg/hAdBqzSny3W9Pysi4UgRVIOcq
sQfAyG3Bod7mSZul7I1S/jYj6r+pj8z7fqzUnrhVX/tE9MqpTVpS56bJxYzbZUoW
bcUgBbIqwGOIB1sOoMVxL/wMqBB5ThdaxbgRCF08W7IvwpR2zYg5cMXU+wWcs2Au
McHW9Dlsa0KYhFEWAJDQ2Ie/8+npA7FvNb9Fwrs6X8Y3FypEjOPcaNm/hYgy5WFf
OlWslt0P80WNoj+xxwZWC2WMv5iT3aTR5UHyQK8ia+kW4pYUJhKmGD5ban6sWJeO
GiveriRxXYM5UIOg+GNtuW6HxuztF53uZNsnq3BKjPrbF50ykml689REfOQPXoaU
gRvDJYnOM+XmVR5547vn
=NXWM
-----END PGP SIGNATURE-----



More information about the Snort-sigs mailing list