Tuesday, April 8, 2014

Sourcefire VRT Certified Snort Rules Update for 04/08/2014, MsTuesday, OpenSSL TLS Heartbeat

Just released:
Sourcefire VRT Certified Snort Rules Update for 04/08/2014

We welcome the introduction of the newest rule release from the VRT. In this release we introduced 37 new rules and made modifications to 296 additional rules.

There were no changes made to the snort.conf in this release.

The VRT would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Yaser Mansour
30481
30482
30483
30484

In VRT's rule release:
OpenSSL TLS heartbeat read overrun CVE-2014-0160:
A programming error in the OpenSSL heartbeat extension exists that may
lead to information disclosure.

Rules to detect attacks targeting this vulnerability are included in
this release and are identified with GID 1, SIDs 30510 through 30517.

Microsoft Security Bulletin MS14-018:
Internet Explorer suffers from programming errors that may lead to
remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 30497 through 30502,
and 30508 through 30509.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are included in this release and are identified with
GID 1, SIDs 24974 through 24975.

The Sourcefire VRT has also added and modified multiple rules in the
blacklist, browser-firefox, browser-ie, exploit-kit, file-office and
server-other rule sets to provide coverage for emerging threats from
these technologies.
In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!