Snort mailing list archives
Snort Subscriber Rules Update 2017-03-14
From: Research <research () sourcefire com>
Date: Tue, 14 Mar 2017 20:16:31 GMT
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Talos Snort Subscriber Rules Update Synopsis: Talos is aware of vulnerabilities affecting products from Microsoft Corporation. Details: Microsoft Security Bulletin MS17-006: Microsoft Internet Explorer suffers from programming errors that may lead to remote code execution. Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 41575 through 41576, 41585 through 41590, and 41625 through 41626. New rules to detect attacks targeting these vulnerabilities are also included in this release and are identified with GID 1, SIDs 41954 through 41957. Microsoft Security Bulletin MS17-007: Microsoft Edge suffers from programming errors that may lead to remote code execution. Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 41553 through 41554, 41557 through 41562, 41573 through 41574, 41583 through 41584, 41593 through 41594, 41605 through 41606, and 41625 through 41626. New rules to detect attacks targeting these vulnerabilities are also included in this release and are identified with GID 1, SIDs 41936 through 41939, 41942 through 41945, 41948 through 41953, 41958 through 41959, 41968 through 41969, and 41987 through 41988. Microsoft Security Bulletin MS17-009: A coding deficiency exists in Microsoft Windows PDF Library that may lead to remote code execution. Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 41601 through 41602. Microsoft Security Bulletin MS17-010: A coding deficiency exists in Microsoft Windows SMB Server that may lead to remote code execution. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 41978 and 41983 through 41984. Microsoft Security Bulletin MS17-011: A coding deficiency exists in Microsoft Uniscribe that may lead to remote code execution. Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 41597 through 41598. New rules to detect attacks targeting these vulnerabilities are also included in this release and are identified with GID 1, SIDs 41934 through 41935, 41940 through 41941, 41960 through 41961, 41966 through 41967, 41972 through 41975, 41985 through 41986, and 41991 through 41992. Microsoft Security Bulletin MS17-012: A coding deficiency exists in Microsoft Windows that may lead to remote code execution. Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 41563 through 41564 and 41567 through 41572. New rules to detect attacks targeting these vulnerabilities are also included in this release and are identified with GID 1, SIDs 41989 through 41990. Microsoft Security Bulletin MS17-013: A coding deficiency exists in Microsoft Graphics Component that may lead to remote code execution. Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 41591 through 41592. New rules to detect attacks targeting these vulnerabilities are also included in this release and are identified with GID 1, SIDs 41932 through 41933, 41946 through 41947, 41970 through 41971, and 41993 through 41994. Microsoft Security Bulletin MS17-014: A coding deficiency exists in Microsoft Office that may lead to remote code execution. Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 41565 through 41566, 41577 through 41578, 41581 through 41582, 41597 through 41598, and 41797 through 41798. New rules to detect attacks targeting these vulnerabilities are also included in this release and are identified with GID 1, SIDs 41962 through 41965, 41976 through 41977, and 41979 through 41982. Microsoft Security Bulletin MS17-017: A coding deficiency exists in Microsoft Windows Kernel that may lead to an escalation of privilege. Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 40394 through 40395 and 41607 through 41610. Microsoft Security Bulletin MS17-018: A coding deficiency exists in Microsoft Windows Kernel-Mode Drivers that may lead to an escalation of privilege. Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 41579 through 41580. New rules to detect attacks targeting these vulnerabilities are also included in this release and are identified with GID 1, SIDs 41926 through 41931 and 41995 through 41998. Microsoft Security Bulletin MS17-021: A coding deficiency exists in Microsoft DirectShow that may lead to information disclosure. Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 41633 through 41634. Microsoft Security Bulletin MS17-022: A coding deficiency exists in Microsoft XML Core Services that may lead to information disclosure. Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 40364 through 40365. Talos also has added and modified multiple rules in the browser-ie, file-executable, file-flash, file-image, file-office, file-other, file-pdf, os-other, os-windows and server-samba rule sets to provide coverage for emerging threats from these technologies. For a complete list of new and modified rules please see: https://www.snort.org/advisories -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAljIT54ACgkQs9U0LCYEKaBRkACgrFxZPaJVCHNaCvIh4MZffGVK 1NQAnicfFpcJWfkDvpZZkMgISpWR/aKK =P2N6 -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort! Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- Snort Subscriber Rules Update 2017-03-14 Research (Mar 14)