Snort Subscriber Rule Set Update for 11/10/2015
We welcome the introduction of the newest rule release from Talos. In this release we introduced 113 new rules and made modifications to 16 additional rules.
There were no changes made to the
snort.conf in this release.
Talos's rule release:
Microsoft Security Bulletin MS15-112:
Microsoft Internet Explorer suffers from programming errors that may lead to
remote code execution.
Previously released rules will detect attacks targeting this vulnerability and
have been updated with the appropriate reference information. They are included
in this release and are identified with GID 1, SIDs 35199 through 35200, 35956,
and 35958.
New rules to detect attacks targeting these vulnerabilities are also included
in this release and are identified with GID 1, SIDs 36671 through 36696, 36699
through 36702, 36738 through 36739, 36742 through 36743, 36746 through 36747,
36753 through 36754, and 36759 through 36760.
Microsoft Security Bulletin MS15-114:
A coding deficiency exists in Microsoft Windows Journal that may lead to remote
code execution.
Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 36697 through 36698.
Microsoft Security Bulletin MS15-115:
A coding deficiency exists in Microsoft Windows that may lead to remote code
execution.
Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 36703 through 36704, 36709 through
36710, 36718 through 36719, 36722 through 36723, 36736 through 36737, 36749
through 36750, and 36761 through 36762.
Microsoft Security Bulletin MS15-116:
A coding deficiency exists in Microsoft Office that may lead to remote code
execution.
Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 36707 through 36708, 36714 through
36717, 36720 through 36721, 36740 through 36741, and 36751 through 36752.
Microsoft Security Bulletin MS15-117:
A coding deficiency exists in Microsoft Windows NDIS that may lead to an
escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 36744 through 36745.
Microsoft Security Bulletin MS15-118:
A coding deficiency exists in the Microsoft .NET Framework that may lead to an
escalation of privilege.
A previously released rule will detect attacks targeting these vulnerabilities
and has been updated with the appropriate reference information. It is included
in this release and is identified with GID 1, SID 20258.
New rules to detect attacks targeting these vulnerabilities are also included
in this release and are identified with GID 1, SIDs 36712 through 36713.
Microsoft Security Bulletin MS15-119:
A coding deficiency exists in Microsoft Winsock that may lead to an escalation
of privilege.
Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 36705 through 36706.
Microsoft Security Bulletin MS15-123:
A coding deficiency exists in Skype for Business and Microsoft Lync that may
lead to information disclosure.
Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 36733 through 36735.
Talos has added and modified multiple rules in the blacklist, browser-ie,
browser-plugins, file-flash, file-identify, file-office, file-other,
indicator-compromise, malware-cnc, os-windows and server-webapp rule sets to
provide coverage for emerging threats from these technologies.
In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://www.snort.org/products. Make sure and stay up to date to catch the most emerging threats!