Snort mailing list archives
Sourcefire VRT Certified Snort Rules Update 2015-03-10
From: Research <research () sourcefire com>
Date: Tue, 10 Mar 2015 19:35:50 GMT
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sourcefire VRT Certified Snort Rules Update Synopsis: Talos is aware of vulnerabilities affecting products from Microsoft Corporation. Details: Microsoft Security Bulletin MS15-018: Microsoft Internet Explorer suffers from programming errors that may lead to remote code execution. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 33287 through 33288, 33707 through 33710, 33718 through 33721, 33726 through 33727, 33730 through 33731, 33736 through 33739, 33741 through 33744, and 33763 through 33764. Microsoft Security Bulletin MS15-020: A coding deficiency exists in Microsoft Windows Shell that may lead to remote code execution. A previously released rule will detect attacks targeting these vulnerabilities and has been updated with the appropriate reference information. It is included in this release and is identified with GID 1, SID 17042. New rules to detect attacks targeting these vulnerabilities are also included in this release and are identified with GID 1, SIDs 33775 through 33776. Microsoft Security Bulletin MS15-021: A coding deficiency exists in the Adobe Font Driver that may lead to remote code execution. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 33711 through 33714, 33722 through 33725, 33728 through 33729, and 33732 through 33733. Microsoft Security Bulletin MS15-022: A coding deficiency exists in Microsoft Office that may lead to an escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 33705 through 33706, 33715 through 33716, 33734 through 33735, and 33808 through 33809. Microsoft Security Bulletin MS15-023: A coding deficiency exists in a Microsoft Kernel Mode driver that may lead to an escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 33765 through 33770. Microsoft Security Bulletin MS15-024: A coding deficiency exists in Microsoft PNG image processing that may lead to information disclosure. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 33760 through 33761. Microsoft Security Bulletin MS15-025: A coding deficiency exists in the Microsoft Windows Kernel that may lead to an escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 33773 through 33774. Microsoft Security Bulletin MS15-026: A coding deficiency exists in Microsoft Exchange Server that may lead to an escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 33762, 33807, and 33810 through 33811. Microsoft Security Bulletin MS15-027: A coding deficiency exists in Microsoft Netlogon that may allow spoofing attacks. A previously released rule will detect attacks targeting this vulnerability and has been updated with the appropriate reference information. It is included in this release and is identified with GID 3, SID 15453. Microsoft Security Bulletin MS15-028: A coding deficiency exists in the Microsoft Task Scheduler that may allow a security feature bypass. A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 1, SID 33717. Microsoft Security Bulletin MS15-029: A coding deficiency exists in a Microsoft graphics component that lead to information disclosure. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 33771 through 33772. Microsoft Security Bulletin MS15-030: A coding deficiency exists in Microsoft Remote Desktop protocol that may lead to a Denial of Service (DoS). A previously released rule will detect attacks targeting these vulnerabilities and has been updated with the appropriate reference information. It is included in this release and is identified with GID 1, SID 21232. Microsoft Security Bulletin MS15-031: A coding deficiency exists in Microsoft Schannel that may allow a security feature bypass. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 33777 through 33806. Talos has added and modified multiple rules in the blacklist, browser-ie, file-image, file-office, file-other, malware-cnc, malware-other, os-windows, server-mail and server-webapp rule sets to provide coverage for emerging threats from these technologies. For a complete list of new and modified rules please see: https://www.snort.org/advisories -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFU/0YMQLjqI2QiHVMRAmtqAJ9WkrXlgRH16ZvRhk9mEg4ofL+GoQCfZy+c mLobzX1qesJqlX5vUoCfQBs= =zfzK -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Sourcefire VRT Certified Snort Rules Update 2015-03-10 Research (Mar 10)