Snort mailing list archives
Snort Subscriber Rules Update 2018-05-08
From: Research <research () sourcefire com>
Date: Tue, 8 May 2018 18:36:45 GMT
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Talos Snort Subscriber Rules Update Synopsis: Talos is aware of vulnerabilities affecting products from Microsoft Corporation. Details: Microsoft Vulnerability CVE-2018-0946: A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 46544 through 46545. Microsoft Vulnerability CVE-2018-0951: A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution. Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 45628 through 45629. Microsoft Vulnerability CVE-2018-0953: A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution. Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 45628 through 45629. Microsoft Vulnerability CVE-2018-0954: A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution. Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 45628 through 45629. Microsoft Vulnerability CVE-2018-0955: A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 46554 through 46555. Microsoft Vulnerability CVE-2018-8120: A coding deficiency exists in Microsoft Win32k that may lead to an escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 46546 through 46547. Microsoft Vulnerability CVE-2018-8122: A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 46594 through 46595. Microsoft Vulnerability CVE-2018-8123: A coding deficiency exists in Microsoft Edge that may lead to remote code execution. Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 45121 through 45122. Microsoft Vulnerability CVE-2018-8124: A coding deficiency exists in Microsoft Win32k that may lead to an escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 46538 through 46539. Microsoft Vulnerability CVE-2018-8133: A coding deficiency exists in Microsoft Chakra Scripting Engine that may lead to remote code execution. Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 45628 through 45629. Microsoft Vulnerability CVE-2018-8137: A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 46606 through 46607. Microsoft Vulnerability CVE-2018-8147: A coding deficiency exists in Microsoft Excel that may lead to remote code execution. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 46552 through 46553. Microsoft Vulnerability CVE-2018-8148: A coding deficiency exists in Microsoft Excel that may lead to remote code execution. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 46556 through 46557. Microsoft Vulnerability CVE-2018-8157: A coding deficiency exists in Microsoft Office that may lead to remote code execution. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 46558 through 46559. Microsoft Vulnerability CVE-2018-8158: A coding deficiency exists in Microsoft Office that may lead to remote code execution. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 46560 through 46561. Microsoft Vulnerability CVE-2018-8161: A coding deficiency exists in Microsoft Office that may lead to remote code execution. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 46601 through 46602. Microsoft Vulnerability CVE-2018-8162: A coding deficiency exists in Microsoft Excel that may lead to remote code execution. Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 38785 through 38786. Microsoft Vulnerability CVE-2018-8164: A coding deficiency exists in Microsoft Win32k that may lead to an escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 46562 through 46563. Microsoft Vulnerability CVE-2018-8165: A coding deficiency exists in DirectX Graphics Kernel that may lead to an escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 46596 through 46597. Microsoft Vulnerability CVE-2018-8166: A coding deficiency exists in Microsoft Win32k that may lead to an escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 46564 through 46565. Microsoft Vulnerability CVE-2018-8167: A coding deficiency exists in Microsoft Windows Common Log File System Driver that may lead to an escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 46603 through 46604. Microsoft Vulnerability CVE-2018-8174: A coding deficiency exists in Microsoft Windows VBScript Engine that may lead to remote code execution. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 46548 through 46549. Talos also has added and modified multiple rules in the browser-ie, file-flash, file-office, file-other, file-pdf, malware-cnc, os-windows, server-oracle and server-webapp rule sets to provide coverage for emerging threats from these technologies. For a complete list of new and modified rules please see: https://www.snort.org/advisories -----BEGIN PGP SIGNATURE----- iQIcBAEBAgAGBQJa8e47AAoJEPE/nha8pb+tAFkP/jCkVMDnVShcAdk/DfqwQze3 +73XGI4yEn1pMLBloiKFPbgFDYOck5CWSpRDWbzBCaQJS85NPHzhM8xySfdmKSgu O0hnVqoKFUKOykeYUdTEdLvjEYxcZJ0pYLHi+xQVn6MDee55s9kaxwInW362tVL0 o/F7tFtv3CRKlKhvHRQxA7slgey0mvwA8g0G+Wn7MjcwkUySUHbFiOb/tXGXQ4ey ylzf/p0Wmnh/oiqWN7QPr+bc6et3qlPa8/fMSLFIQylhIFh/47c0+AeWqAJcYB0A b4F3VG7X4xuNBW1NNwxKKZ+q37LqjGt/eLYeYegrZSkWD6Sxuj/IM286Mh+SYGKu WppL6TlsmmuNjTOA8t65Gc8S3xvuOdPF14EtTVDLOSJizpy7galobg0wFFL/At7M mc2b1Dc/GXLH+PIBkQBZO8X7rG/g2L/ePJzK2O22qp/DQGU+Vzfk3+ci0k8imqnq EG13UIXbHiTuuIm5BJBepRNT95hT9nJ/Uq7fbRdXBI0lsHVHqywvJsSGdDjO8f68 ovmNA30x2aDOHBTNNRd1qwIgipLXc+tUUGRiniwVqJsI6fI2VfPb+Sp/4TTB6wIq A4wmzb7SR9KAcECsSvjumyOMfvKUk0F9ReRBqz8SVg7YweeVCHi6JKBjcVYqXooU Aybz46S5B173C9BYQS0t =Hno1 -----END PGP SIGNATURE----- _______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- Snort Subscriber Rules Update 2018-05-08 Research (May 08)