Snort mailing list archives
Snort Subscriber Rules Update 2017-04-11
From: Research <research () sourcefire com>
Date: Tue, 11 Apr 2017 23:04:32 GMT
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Talos Snort Subscriber Rules Update Synopsis: Talos is aware of vulnerabilities affecting products from Microsoft Corporation. Details: Microsoft Vulnerability CVE-2017-0106: A coding deficiency exists in Microsoft Outlook that may lead to remote code execution. Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 41962 through 41963. Microsoft Vulnerability CVE-2017-0155: A coding deficiency exists in Microsoft Graphics that may lead to an escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 42173 through 42174. Microsoft Vulnerability CVE-2017-0156: A coding deficiency exists in Microsoft Graphics Component that may lead to an escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 42199 through 42200. Microsoft Vulnerability CVE-2017-0158: A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 42156 through 42157. Microsoft Vulnerability CVE-2017-0160: A coding deficiency exists in Microsoft .NET that may lead to remote code execution. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 42185 through 42186. Microsoft Vulnerability CVE-2017-0165: A coding deficiency exists in Microsoft Windows that may lead to an escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 42187 through 42188. Microsoft Vulnerability CVE-2017-0166: A coding deficiency exists in Microsoft LDAP that may lead to an escalation of privilege. A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 1, SID 42160. Microsoft Vulnerability CVE-2017-0167: A coding deficiency exists in Microsoft Windows Kernel that may lead to information disclosure. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 42154 through 42155. Microsoft Vulnerability CVE-2017-0188: A coding deficiency exists in Microsoft Win32k that may lead to information disclosure. Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 41997 through 41998. Microsoft Vulnerability CVE-2017-0189: A coding deficiency exists in Microsoft Win32k that may lead to an escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 42158 through 42159. Microsoft Vulnerability CVE-2017-0192: A coding deficiency exists in Microsoft ATMFD.dll that may lead to information disclosure. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 42148 through 42151. Microsoft Vulnerability CVE-2017-0194: A coding deficiency exists in Microsoft Office that may lead to information disclosure. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 42161 through 42162. Microsoft Vulnerability CVE-2017-0197: A coding deficiency exists in Microsoft Office that may lead to remote code execution. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 42163 through 42164. Microsoft Vulnerability CVE-2017-0199: A coding deficiency exists in Microsoft Outlook that may lead to remote code execution. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 42189 through 42190. Microsoft Vulnerability CVE-2017-0200: Microsoft Edge suffers from programming errors that may lead to remote code execution. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 42210 through 42211. Microsoft Vulnerability CVE-2017-0201: A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 42152 through 42153. Microsoft Vulnerability CVE-2017-0202: Microsoft Internet Explorer suffers from programming errors that may lead to remote code execution. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 42165 through 42166. Microsoft Vulnerability CVE-2017-0204: A coding deficiency exists in Microsoft Office that may lead to a security feature bypass. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 42167 through 42168. Microsoft Vulnerability CVE-2017-0205: Microsoft Edge suffers from programming errors that may lead to remote code execution. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 42183 through 42184. Microsoft Vulnerability CVE-2017-0210: Microsoft Internet Explorer suffers from programming errors that may lead to an escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 42204 through 42205. Microsoft Vulnerability CVE-2017-0211: A coding deficiency exists in Microsoft Windows OLE that may lead to an escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 42208 through 42209. Talos has also added and modified multiple rules in the browser-ie, deleted, file-flash, file-image, file-office, file-other, file-pdf, malware-cnc, os-windows and server-webapp rule sets to provide coverage for emerging threats from these technologies. For a complete list of new and modified rules please see: https://www.snort.org/advisories -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAljtYP8ACgkQs9U0LCYEKaDsgACfcjiRwCRQKpc9OLnYBWk8I6Us qOgAn3ng564E1Sa1sgkD7NJehchWOQq8 =GKvj -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort! Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- Snort Subscriber Rules Update 2017-04-11 Research (Apr 11)