Tuesday, March 10, 2015

Snort Subscriber Rule Set Update for 03/10/2015, MSTuesday

Just released:
Snort Subscriber Rule Set Update for 03/10/2015

We welcome the introduction of the newest rule release from Talos. In this release we introduced 107 new rules and made modifications to 30 additional rules.

There were no changes made to the snort.conf in this release.

Talos's rule release:
Microsoft Security Bulletin MS15-018:
Microsoft Internet Explorer suffers from programming errors that may lead to
remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 33287 through 33288, 33707 through
33710, 33718 through 33721, 33726 through 33727, 33730 through 33731, 33736
through 33739, 33741 through 33744, and 33763 through 33764.

Microsoft Security Bulletin MS15-020:
A coding deficiency exists in Microsoft Windows Shell that may lead to remote
code execution.

A previously released rule will detect attacks targeting these vulnerabilities
and has been updated with the appropriate reference information. It is included
in this release and is identified with GID 1, SID 17042.

New rules to detect attacks targeting these vulnerabilities are also included
in this release and are identified with GID 1, SIDs 33775 through 33776.

Microsoft Security Bulletin MS15-021:
A coding deficiency exists in the Adobe Font Driver that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 33711 through 33714, 33722 through
33725, 33728 through 33729, and 33732 through 33733.

Microsoft Security Bulletin MS15-022:
A coding deficiency exists in Microsoft Office that may lead to an escalation
of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 33705 through 33706, 33715 through
33716, 33734 through 33735, and 33808 through 33809.

Microsoft Security Bulletin MS15-023:
A coding deficiency exists in a Microsoft Kernel Mode driver that may lead to
an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 33765 through 33770.

Microsoft Security Bulletin MS15-024:
A coding deficiency exists in Microsoft PNG image processing that may lead to
information disclosure.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 33760 through 33761.

Microsoft Security Bulletin MS15-025:
A coding deficiency exists in the Microsoft Windows Kernel that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 33773 through 33774.

Microsoft Security Bulletin MS15-026:
A coding deficiency exists in Microsoft Exchange Server that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 33762, 33807, and 33810 through
33811.

Microsoft Security Bulletin MS15-027:
A coding deficiency exists in Microsoft Netlogon that may allow spoofing
attacks.

A previously released rule will detect attacks targeting this vulnerability and
has been updated with the appropriate reference information. It is included in
this release and is identified with GID 3, SID 15453.

Microsoft Security Bulletin MS15-028:
A coding deficiency exists in the Microsoft Task Scheduler that may allow a
security feature bypass.

A rule to detect attacks targeting this vulnerability is included in this
release and is identified with GID 1, SID 33717.

Microsoft Security Bulletin MS15-029:
A coding deficiency exists in a Microsoft graphics component that lead to
information disclosure.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 33771 through 33772.

Microsoft Security Bulletin MS15-030:
A coding deficiency exists in Microsoft Remote Desktop protocol that may lead
to a Denial of Service (DoS).

A previously released rule will detect attacks targeting these vulnerabilities
and has been updated with the appropriate reference information. It is included
in this release and is identified with GID 1, SID 21232.

Microsoft Security Bulletin MS15-031:
A coding deficiency exists in Microsoft Schannel that may allow a security
feature bypass.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 33777 through 33806.

Talos has added and modified multiple rules in the blacklist, browser-ie,
file-image, file-office, file-other, malware-cnc, malware-other, os-windows,
server-mail and server-webapp rule sets to provide coverage for emerging
threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://www.snort.org/products. Make sure and stay up to date to catch the most emerging threats!