Thursday, March 22, 2012

VRT Rule Release for 03/22/2012, MS12-020

Join us as we welcome the introduction of the newest rule release for today from the VRT. In this release we introduced 9 new rules and made modifications to 218 additional rules.

There were no changes made to the snort.conf in this release.

 In VRT's rule release:
Synopsis:This release adds and modifies rules in several categories. 
Details:Microsoft Security Advisory MS12-020:Microsoft Windows Remote Desktop suffers from programming errors thatmay allow a remote attacker to execute code on a vulnerable system.A rule identified with GID 3, SID 21619 has been added in this releasein order to improve detection of attacks and to improve performance. 
This rule replaces the rules identified with GID 1, SIDs 21571, 21572and 21592. These rules have been deleted in this release. 
Additionally, the Sourcefire VRT has added and modified multiple rulesin the backdoor, chat, dns, dos, exploit, file-identify, imap, misc,netbios, policy, pop3, scada, shellcode, smtp, specific-threats, sql,web-activex, web-client and web-php rule sets to provide coverage foremerging threats from these technologies.
In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at Make sure and stay up to date to catch the most emerging threats!