Tuesday, May 12, 2015

Snort Subscriber Rule Set Update for 05/12/2015, MSTuesday

Just released:
Snort Subscriber Rule Set Update for 05/12/2015


We welcome the introduction of the newest rule release from Talos. In this release we introduced 97 new rules and made modifications to 31 additional rules.

There were no changes made to the snort.conf in this release.

Talos would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

James Lay
34365

Yaser Mansour
34366
34370

Avery Tarasov
34367
34368

Talos's rule release:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Security Bulletin MS15-043:
Microsoft Internet Explorer suffers from programming errors that may lead to
remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 34379 through 34384, 34391 through
34392, 34405 through 34412, 34415, 34417 through 34425, 34430 through 34433,
34436 through 34437, and 34444 through 34445.

Microsoft Security Bulletin MS15-044:
A coding deficiency exists in Microsoft GDI+ that may lead to remote code
execution.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 34440 through 34441.

Microsoft Security Bulletin MS15-045:
A coding deficiency exists in Microsoft Windows Journal that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 34371 through 34372, 34385 through
34390, 34399 through 34400, and 34403 through 34404.

Microsoft Security Bulletin MS15-046:
A coding deficiency exists in Microsoft Office that may lead to remote code
execution.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 34428 through 34429.

Microsoft Security Bulletin MS15-048:
A coding deficiency exists in the Microsoft .NET Framework that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 34401 through 34402 and 34434
through 34435.

Microsoft Security Bulletin MS15-051:
A coding deficiency exists in Microsoft Kernel-Mode drivers that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 34377 through 34378, 34413 through
34414, and 34442 through 34443.

Microsoft Security Bulletin MS15-052:
A coding deficiency exists in the Microsoft Kernel that may lead to a security
feature bypass.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 34426 through 34427.

Microsoft Security Bulletin MS15-053:
A coding deficiency exists in the Microsoft JScript and VBScript scripting
engines that may lead to a security feature bypass.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 34393 through 34394.

Microsoft Security Bulletin MS15-054:
A coding deficiency exists in Microsoft Management Console that may lead to a
Denial of Service (DoS).

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 34438 through 34439.


Talos has also added and modified multiple rules in the blacklist, browser-ie,
file-flash, file-identify, file-office, file-other, malware-cnc, malware-other,
malware-tools, os-windows and server-webapp rule sets to provide coverage for
emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://www.snort.org/products. Make sure and stay up to date to catch the most emerging threats!