Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Snort Subscriber Rules Update 2018-08-14

From: Research <research () sourcefire com>
Date: Tue, 14 Aug 2018 18:04:04 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Talos Snort Subscriber Rules Update

Synopsis:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Vulnerability CVE-2018-8266:
A coding deficiency exists in Microsoft Chakra Scripting Engine that
may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47490 through 47491.

Microsoft Vulnerability CVE-2018-8344:
A coding deficiency exists in Microsoft Graphics that may lead to
remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47519 through 47520.

Microsoft Vulnerability CVE-2018-8345:
A coding deficiency exists in Microsoft LNK that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47476 through 47477.

Microsoft Vulnerability CVE-2018-8353:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 45877 through 45878.

Microsoft Vulnerability CVE-2018-8355:
A coding deficiency exists in Microsoft Chakra Scripting Engine that
may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47492 through 47493.

Microsoft Vulnerability CVE-2018-8371:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 46548 through 46549.

Microsoft Vulnerability CVE-2018-8372:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47478 through 47479.

Microsoft Vulnerability CVE-2018-8376:
A coding deficiency exists in Microsoft PowerPoint that may lead to
remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47482 through 47483.

Microsoft Vulnerability CVE-2018-8379:
A coding deficiency exists in Microsoft Excel that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47495 through 47496.

Microsoft Vulnerability CVE-2018-8383:
A coding deficiency exists in Microsoft Edge that may lead to spoofing.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47474 through 47475.

Microsoft Vulnerability CVE-2018-8384:
A coding deficiency exists in Microsoft Chakra Scripting Engine that
may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47480 through 47481.

Microsoft Vulnerability CVE-2018-8387:
A coding deficiency exists in Microsoft Edge that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47486 through 47487.

Microsoft Vulnerability CVE-2018-8389:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47484 through 47485.

Microsoft Vulnerability CVE-2018-8401:
A coding deficiency exists in DirectX Graphics Kernel that may lead to
an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47517 through 47518.

Microsoft Vulnerability CVE-2018-8403:
A coding deficiency exists in Microsoft Browser that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47488 through 47489.

Microsoft Vulnerability CVE-2018-8404:
A coding deficiency exists in Microsoft Win32k that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47503 through 47504.

Microsoft Vulnerability CVE-2018-8405:
A coding deficiency exists in DirectX Graphics Kernel that may lead to
remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47515 through 47516.

Microsoft Vulnerability CVE-2018-8406:
A coding deficiency exists in DirectX Graphics Kernel that may lead to
an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47512 through 47513.

Microsoft Vulnerability CVE-2018-8414:
A coding deficiency exists in Microsoft Windows Shell that may lead to
remote code execution.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 46999 through 47002.

Talos also has added and modified multiple rules in the browser-ie,
file-executable, file-office, file-other, indicator-compromise,
malware-cnc, os-windows and server-webapp rule sets to provide coverage
for emerging threats from these technologies.


For a complete list of new and modified rules please see:

https://www.snort.org/advisories
-----BEGIN PGP SIGNATURE-----

iQIcBAEBAgAGBQJbcxmTAAoJEPE/nha8pb+tRqQP/jbNOMMe5VwWLH2H1bh9D5Lm
QgZOSuEK/mCYok86KCJEih3iLowzSmp9YL09Cg96W5YhUM9boueMc/9PB1ph/KD2
jS4IJPwIWUo13wxC1NonqEBTbsoiLon54kL4LsQKAaLh0jkwSAPn/a5/DWqjoPzt
pQpXTnkHV8QrvrScC63k/Ft5OGFR9EmZbbhwq/Jg61PemwSJFUIHXYyl1vC9MD3u
8rxRYACETOK3TrgL9ZN7cG5uHzB5OTwY+fC3uOv6RK9pXhD6795Du6vA8l83Blw/
PfLf1n4REUSoNyJWxXGtLnXPtF+8uRj+Vg+h9txI1+f7jercgwYIvpCPvl/yZa4B
KBnfj9g6dY4opte95QM7BxOMLJlWFqM44yo3oa4zX0AKkU4wkZtSqvIdv/OYSdqE
Ck7KbEBAJsh6ZdjiT1/nMB1SOrI4lH1sSRTPjUU01ns1PEwuKSA8neLMEH7MRlR2
P46oki0oyhMialRrySwrXbjs5kgRrQPb62WJstDc+rrVtGKER14f4k4sDDVdznDt
X86DjWI/txRShhS+jt1OteufImyyK8ZHg/zUjKRWolV9E6XHr9Ihf+yQpkk8gGLc
SLl/CSYR11nOD7K0VvQwjC3nT0lP8/bn7D7W49oRyiWBDOB2McMqPXbnHGicaK6t
ExSDqavRmm/fRSHRcPlN
=4pAA
-----END PGP SIGNATURE-----

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!
Previous By Date Next
Previous By Thread Next

Current thread: