Snort Subscriber Rules Update 2020-10-13

[Research <research () sourcefire com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Talos Snort Subscriber Rules Update

Synopsis:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Vulnerability CVE-2020-16896:
A coding deficiency exists in Remote Desktop Protocol (RDP) that may
lead to information disclosure.

A rule to detect attacks targeting this vulnerability is included in
this release and is identified with GID 1, SID 55994.

Microsoft Vulnerability CVE-2020-16898:
A coding deficiency exists in Microsoft Windows TCP/IP that may lead to
remote code execution.

A rule to detect attacks targeting this vulnerability is included in
this release and is identified with GID 1, SID 55984.

Microsoft Vulnerability CVE-2020-16899:
A coding deficiency exists in Microsoft Windows TCP/IP that may lead to
denial of service.

A rule to detect attacks targeting this vulnerability is included in
this release and is identified with GID 1, SID 55993.

Microsoft Vulnerability CVE-2020-16907:
A coding deficiency exists in Microsoft Win32k that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 55942 through 55943.

Microsoft Vulnerability CVE-2020-16913:
A coding deficiency exists in Microsoft Win32k that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 55989 through 55990.

Microsoft Vulnerability CVE-2020-16915:
A coding deficiency exists in Microsoft Media Foundation that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 55979 through 55980.

Microsoft Vulnerability CVE-2020-16922:
A coding deficiency exists in Microsoft Windows that may lead to
spoofing.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 55982 through 55983.


Talos also has added and modified multiple rules in the
file-multimedia, file-other, malware-cnc, malware-other, os-windows,
protocol-icmp and server-webapp rule sets to provide coverage for
emerging threats from these technologies.


For a complete list of new and modified rules please see:

https://www.snort.org/advisories
-----BEGIN PGP SIGNATURE-----

iQIcBAEBAgAGBQJfhfXzAAoJEPE/nha8pb+tLjQQAK8ehteywLl4HFbKUH5tqaAu
wusbnhqJKfGxX0ui+dlnlW1P5BtEQe/SfTn0iDAecpPwMe+fmck3rxdEXZrjvwme
CitMwDK1ZFVjGcATZsg7MklFIjmB1PYkoRLZpaC1phG5eNGen/NvY/BQc3xcMDgK
cA5HQAyf0Yu6GkahWNFk78SpytZXXVc3J+3DjkyYJS0umb8rnn6VCE0r48IzSIZx
dZVF1bPaBg3O+t7Hz2B9Vf/VjuahX88gkSkmI0cJMnQYLZr6O4vWrowGk/x9qgEb
poGsOoTmHsRxcNNWEtGD/jWKsUwo0BRJHKuPc4lvhS6CDbkw+VFFcdL2dEsVEZBh
gmM1ikvgV99g/KYIKb7Qui1swLL0Y7MPAbR5QtFgStGcV2EVnKDDKpxeC49PpF74
lfuqw5+l5bLwjctnEvMH+aIb28bO8gg4fybD9zHStWS91NhuDbkrrJ5nGKMswZah
ED55zr29FAnoLmpD3iMkHb0OakAX0hjG/1ku0co/XYar9bgYaYpcl4m3v2CWlbwH
FoyoTRKJlci3OiXdmUhG+WGDb3KTREmtAdfvmhHHj8Y9TXk//uBKypINgEHnEPgo
UkGDvGjetVZ/XCmMA2WsR3fO4aHmTq3F1L0B6cb6iyVmAwUotYeFlrkzvNre3XkG
+ctAHliXfnIQUfyo98FP
=kAsd
-----END PGP SIGNATURE-----

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!