Snort mailing list archives
Snort Subscriber Rules Update 2016-09-13
From: Research <research () sourcefire com>
Date: Tue, 13 Sep 2016 18:23:36 GMT
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Talos Snort Subscriber Rules Update Synopsis: Talos is aware of vulnerabilities affecting products from Microsoft Corporation. Details: Microsoft Security Bulletin MS16-104: Microsoft Internet Explorer suffers from programming errors that may lead to remote code execution. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 40073 through 40074, 40077 through 40078, 40084 through 40095, 40108 through 40109, 40132 through 40133, and 40146. Microsoft Security Bulletin MS16-105: A coding deficiency exists in Microsoft Exchange that may lead to remote code execution. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 40073 through 40074, 40098 through 40101, 40108 through 40109, 40123 through 40124, and 40134 through 40141. Microsoft Security Bulletin MS16-106: A coding deficiency exists in Microsoft Graphics Component that may lead to remove code execution. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 40096 through 40097 and 40112 through 40113. Microsoft Security Bulletin MS16-107: A coding deficiency exists in Microsoft Office that may lead to remote code execution. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 40075 through 40076, 40079 through 40080, 40082 through 40083, 40102 through 40107, 40116 through 40117, 40121 through 40122, 40142 through 40143, and 40147 through 40148. Microsoft Security Bulletin MS16-110: A coding deficiency exists in Microsoft Windows that may lead to remote code execution. A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 1, SID 40129. Microsoft Security Bulletin MS16-111: A coding deficiency exists in Microsoft Windows Kernel that may lead to an escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 40110 through 40111, 40114 through 40115, and 40127 through 40128. Microsoft Security Bulletin MS16-115: A coding deficiency exists in Microsoft Windows PDF library that may lead to remote code execution. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 40144 through 40145. Microsoft Security Bulletin MS16-116: A coding deficiency exists in Microsoft OLE Automation VBScript Scripting Engine that may lead to information disclosure. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 40149 through 40150. Talos has added and modified multiple rules in the blacklist, browser-ie, deleted, file-identify, file-image, file-office, file-other, file-pdf, indicator-compromise, indicator-scan, malware-cnc, os-other, os-windows, policy-other, protocol-voip and server-webapp rule sets to provide coverage for emerging threats from these technologies. For a complete list of new and modified rules please see: https://www.snort.org/advisories -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAlfYRCcACgkQs9U0LCYEKaCk7gCg186ta8cBxbndJchRTgDqrEeT gEgAoNEXgS6jATi5hDW+q6tHW8paTiob =H4h4 -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Snort Subscriber Rules Update 2016-09-13 Research (Sep 13)
- <Possible follow-ups>
- Snort Subscriber Rules Update 2016-09-13 Research (Sep 13)