Sourcefire VRT Certified Snort Rules Update for 10/09/2012
We welcome the introduction of the newest rule release for today from the VRT. In this release we introduced 12 new rules and made modifications to 16 additional rules.
The following changes were made to the snort.conf:
portvar HTTP_PORTS [80,81,311,591,593,901,1220,1414,1741,1830,2301,2381,2809,3128,3702,4343,4848,5250,7001,7145,7510,7777,7779,8000,8008,8014,8028,8080,8088,8090,8118,8123,8180,8181,8243,8280,8800,8888,8899,9000,9080,9090,9091,9443,9999,11371,55555]
now reads:
portvar HTTP_PORTS [80,81,311,591,593,901,1220,1414,1741,1830,2301,2381,2809,3128,3702,4343,4848,5250,7001,7145,7510,7777,7779,8000,8008,8014,8028,8080,8088,8090,8118,8123,8180,8181,8243,8280,8800,8888,8899,9000,9060,9080,9090,9091,9443,9999,11371,55555]
(Addition of 9060)
The port was also added to stream5 and http_inspect's configuration lines.
I have updated the example snort.conf's, they can be found here: https://www.snort.org/configurations
In VRT's rule release:
Synopsis: The Sourcefire VRT is aware of multiple vulnerabilities affecting products from Microsoft Corporation.
Details: Microsoft Security Bulletin MS12-064: Microsoft Word contains programming errors that may allow a remote attacker to execute code on an affected system. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 24353, 24354, 24357 and 24358.
Microsoft Security Bulletin MS12-065: Microsoft Works contains programming errors that may allow a remote attacker to execute code on an affected system. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 24351 and 24352.
Microsoft Security Bulletin MS12-066: A vulnerability in the Microsoft HTML sanitization component may allow an attacker to elevate privileges. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 23136 and 23137.
Microsoft Security Bulletin MS12-069: The Microsoft implementation of Kerberos may allow a remote attacker to cause a Denial of Service (DoS) against an affected system. A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 1, SID 24360.
Microsoft Security Bulletin MS12-070: A vulnerability in Microsoft SQL Server may allow a remote attacker to elevate privileges. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 24355 and 24356.
In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!