Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Snort Subscriber Rules Update 2015-12-08

From: Research <research () sourcefire com>
Date: Tue, 8 Dec 2015 22:07:17 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Talos Snort Subscriber Rules Update

Synopsis:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Security Bulletin MS15-124:
Microsoft Internet Explorer suffers from programming errors that may
lead to remote code execution.

Previously released rules will detect attacks targeting this
vulnerability and have been updated with the appropriate reference
information. They are included in this release and are identified with
GID 1, SIDs 36673 through 36674.

New rules to detect attacks targeting these vulnerabilities are also
included in this release and are identified with GID 1, SIDs 36917
through 36923, 36926 through 36929, 36934 through 36951, 36954 through
36957, 36962 through 36963, 36968 through 36969, 36978 through 36983,
36986 through 36988, 36991 through 36992, 37003 through 37004, and
37009 through 37010.

Microsoft Security Bulletin MS15-125:
A coding deficiency exists in Microsoft Edge that may lead to remote
code execution.

Previously released rules will detect attacks targeting this
vulnerability and have been updated with the appropriate reference
information. They are included in this release and are identified with
GID 1, SIDs 36673 through 36674.

New rules to detect attacks targeting these vulnerabilities are also
included in this release and are identified with GID 1, SIDs 36917,
36932 through 36933, 36942 through 36943, 36950 through 36951, and
36984 through 36985.

Microsoft Security Bulletin MS15-126:
A coding deficiency exists in Microsoft JScript and VBScript that may
lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 36922 through 36923.

Microsoft Security Bulletin MS15-128:
A coding deficiency exists in Microsoft Graphics Component that may
lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 36964 through 36967.

Microsoft Security Bulletin MS15-129:
A coding deficiency exists in Microsoft Silverlight that may lead to
remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 36997 through 36998.

Microsoft Security Bulletin MS15-130:
A coding deficiency exists in Microsoft Uniscribe that may lead to
remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 36952 through 36953.

Microsoft Security Bulletin MS15-131:
A coding deficiency exists in Microsoft Office that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 36924 through 36925,
36958 through 36961, 36974 through 36975, and 37011 through 37013.

Microsoft Security Bulletin MS15-132:
A coding deficiency exists in Microsoft Windows that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 36930 through 36931,
36993 through 36996, and 36999 through 37002.

Microsoft Security Bulletin MS15-134:
A coding deficiency exists in Microsoft Media Center that may lead to
remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 36972 through 36973.

Microsoft Security Bulletin MS15-135:
A coding deficiency exists in a Microsoft Kernel mode driver that may
lead to an escalation of privilege.

Previously released rules will detect attacks targeting this
vulnerability and have been updated with the appropriate reference
information. They are included in this release and are identified with
GID 1, SIDs 35149 through 35150,

New rules to detect attacks targeting these vulnerabilities are also
included in this release and are identified with GID 1, 36970 through
36971, 36976 through 36977, and 36989 through 36990.

Talos has added and modified multiple rules in the browser-ie,
browser-plugins, deleted, file-office, file-other, malware-cnc and
policy-other rule sets to provide coverage for emerging threats from
these technologies.


For a complete list of new and modified rules please see:

https://www.snort.org/advisories
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFWZ1SVs9U0LCYEKaARAsNcAJ9b3jHDoHQlMyJ9dQd6Saufc0tByACfW+dI
Z+oUcgG901miJNu7wluG9so=
=OI07
-----END PGP SIGNATURE-----


------------------------------------------------------------------------------
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: