Sourcefire VRT Certified Snort Rules Update for 01/14/2014
We welcome the introduction of the newest rule release from the VRT. In this release we introduced 46 new rules and made modifications to 37 additional rules.
There were no changes made to the
snort.confin this release.
The VRT would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:
In VRT's rule release:
Microsoft Security Bulletin MS14-002:In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!
A programming error in the Microsoft Windows Kernel-Mode NDProxy Driver
could lead to an escalation of privilege.
Previously released rules will detect attacks targeting this
vulnerability and have been updated with the appropriate reference
information. They are included in this release and are identified with
GID 1, 28867 through 28872.
The Sourcefire VRT has also added and modified multiple rules in the app-detect, blacklist, exploit-kit, file-office, file-pdf, malware-cnc, os-windows, protocol-dns, protocol-imap, protocol-scada, pua-p2p and web-client rule sets to provide coverage for emerging threats from these technologies.