Sourcefire VRT Certified Snort Rules Update for 05/14/2013
We welcome the introduction of the newest rule release for today from the VRT. In this release we introduced 25 new rules and made modifications to 24 additional rules.
Port 8500 was added to the snort.conf for http_inspect, stream5, and HTTP_PORTS. The Example VRT snort.conf's have been updated: https://www.snort.org/configurations
The VRT would like to thank the following contributors for their addition(s):
Nathan Fowler
26618
In VRT's rule release:
Microsoft Security Advisory MS13-037:
Internet Explorer suffers from programming errors that may lead to
information disclosure or remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 26624, 26625, 26629
through 26631, 26633 through 26638, 26641, and 26642.
Microsoft Security Advisory MS13-038:
Internet Explorer suffers from a programming error that may lead to
remote code execution.
Previously released rules will detect attacks targeting this
vulnerability and have been updated with the appropriate reference
information. They are included in this release and are identified with
GID 1, 26569, 26570, 26571, and 26572.
Microsoft Security Advisory MS13-039:
A programming error exists in the Windows 2012 Server HTTP subsystem
that may allow a remote attacker to cause a permanent Denial of Service
(DoS) against an affected system.
A rule to detect attacks targeting this vulnerability is included in
this release and is identified with GID 1, SID 26632.
Microsoft Security Advisory MS13-040:
The .NET Framework suffers from a programming error that may allow an
attacker to bypass XML authentication.
Rules to detect attacks targeting this vulnerability are included in
this release and are identified with GID 1, SIDs 26639 and 26640
Microsoft Security Advisory MS13-044:
Microsoft Visio suffers from a programming error that may expose
affected systems to information disclosure.
Rules to detect attacks targeting this vulnerability are included in
this release and are identified with GID 1, SIDs 26626 through 26628.
Microsoft Security Advisory MS13-045:
Microsoft Windows Live Essentials contains programming errors that may
expose affected systems to information disclosure.
Rules to detect attacks targeting this vulnerability are included in
this release and are identified with GID 1, SIDs 26622 and 26623
Additionally, the Sourcefire VRT has added and modified multiple rules
in the browser-ie, browser-other, browser-plugins, exploit-kit,
file-office, file-other, indicator-obfuscation, malware-cnc,
policy-other and server-webapp rule sets to provide coverage for
emerging threats from these technologies.
In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!