Tuesday, August 18, 2015

Snort Subscriber Rule Set Update for 08/18/2015, 2.9.7.2 EOL

Just released:
Snort Subscriber Rule Set Update for 08/18/2015

We welcome the introduction of the newest rule release from Talos. In this release we introduced 55 new rules and made modifications to 17 additional rules.

Talos's rule release:
Microsoft Internet Explorer Vulnerability CVE-2015-2502: Microsoft Internet Explorer suffers from programming errors that may lead to remote code execution. 
Previously released rules will detect attacks targeting this vulnerability and have been updated with the appropriate reference information. They are included in this release and are identified with GID 1, SIDs 35536 through 35537. 
Talos has added and modified multiple rules in the blacklist, browser-plugins, file-flash, file-multimedia, file-pdf, indicator-compromise, malware-cnc, policy-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://www.snort.org/products. Make sure and stay up to date to catch the most emerging threats!

3 comments:

  1. Joel,

    It looks like SIDs 35536 and 35537 are GID 3 (SO rules) and not GID 1 as you mention in the blog:

    3:35536 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer arbitrary code execution attempt (browser-ie.rules)

    ReplyDelete
    Replies
    1. In the most recent update it is a GID 1. Rev:2.

      Delete
  2. Joel,

    I checked the subscription rule sets (2962,2973,2975) from 18-08-2015 (confirmed I have the latest with the md5 sums posted on the subscription page) and all have these SIDs in so_rules: "sid:35537; gid:3; rev:1".

    ReplyDelete