Snort Subscriber Rule Set Update for 07/14/2015
We welcome the introduction of the newest rule release from Talos. In this release we introduced 109 new rules and made modifications to 5 additional rules.
There were no changes made to the
snort.conf in this release.Talos's rule release:
Microsoft Security Bulletin MS15-058:
Microsoft SQL Server suffers from programming errors that may lead to remote
code execution.
A rule to detect attacks targeting this vulnerability is included in this
release and is identified with GID 1, SID 35198.
Microsoft Security Bulletin MS15-065:
Microsoft Internet Explorer suffers from programming errors that may lead to
remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 35116 through 35117, 35119 through
35128, 35133 through 35134, 35139 through 35140, 35145 through 35146, 35152
through 35159, 35164 through 35165, 35170 through 35173, 35178 through 35185,
35192 through 35197, 35199 through 35200, and 35203 through 35214.
Microsoft Security Bulletin MS15-067:
A coding deficiency exists in Microsoft RDP that may lead to remote code
execution.
A rule to detect attacks targeting this vulnerability is included in this
release and is identified with GID 1, SID 35151.
Microsoft Security Bulletin MS15-069:
Microsoft Windows suffers from programming errors that may lead to remote code
execution.
Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 35166 through 35169 and 35215
through 35216.
Microsoft Security Bulletin MS15-070:
Coding deficiencies exist in Microsoft Office that may lead to remote code
execution.
Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 35129 through 35130, 35137 through
35138, 35141 through 35144, 35176 through 35177, 35190 through 35191, and 35201
through 35202.
Microsoft Security Bulletin MS15-072:
A coding deficiency exists in Microsoft Graphics Components that may lead to an
escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 35160 through 35163.
Microsoft Security Bulletin MS15-073:
Coding deficiencies exist in Microsoft Kernel-Mode drivers that may lead to an
escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 35131 through 35132, 35135 through
35136, and 35149 through 35150.
Microsoft Security Bulletin MS15-075:
A coding deficiency exists in Microsoft OLE that may lead to an escalation of
privilege.
Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 35186 through 35189.
Microsoft Security Bulletin MS15-076:
A coding deficiency exists in Microsoft Remote Procedure Call that may lead to
an escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 35174 through 35175.
Talos has also added and modified multiple rules in the browser-ie,
browser-webkit, file-flash, file-office, os-windows, policy-other and
server-other rule sets to provide coverage for emerging threats from these
technologies.
In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://www.snort.org/products. Make sure and stay up to date to catch the most emerging threats!