Tuesday, September 8, 2015

Snort Subscriber Rule Set Update for 09/08/2015, MSTuesday

Just released:
Snort Subscriber Rule Set Update for 09/08/2015

We welcome the introduction of the newest rule release from Talos. In this release we introduced 80 new rules and made modifications to 7 additional rules.

There were no changes made to the snort.conf in this release.

Talos's rule release:
Microsoft Security Bulletin MS15-094:
Microsoft Internet Explorer suffers from programming errors that may lead to
remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 35955 through 35960, 35963 through
35972, 35975 through 35976, 35990 through 35993, 35998 through 35999, 36004
through 36009, and 36018 through 36021.

Microsoft Security Bulletin MS15-095:
A coding deficiency exists in Microsoft Edge that may lead to remote code
execution.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 35963 through 35966.

Microsoft Security Bulletin MS15-097:
A coding deficiency exists in a Microsoft Graphics Component that may lead to
remote code execution.

Previously released rules will detect attacks targeting this vulnerability and
have been updated with the appropriate reference information. They are included
in this release and are identified with GID 1, SIDs 33765 through 33766 and
35719 through 35720.

New rules to detect attacks targeting these vulnerabilities are also included
in this release and are identified with GID 1, SIDs 35973 through 35974, 35984
through 35989, 35994 through 35995, and 36016 through 36017.

Microsoft Security Bulletin MS15-098:
A coding deficiency exists in Microsoft Windows Journal that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 35961 through 35962.

Microsoft Security Bulletin MS15-099:
A coding deficiency exists in Microsoft Office that may lead to remote code
execution.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 35996 through 35997 and 36000
through 36003.

Microsoft Security Bulletin MS15-100:
A coding deficiency exists in Microsoft Windows Media Center that may lead to
remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 35982 through 35983.

Microsoft Security Bulletin MS15-101:
A coding deficiency exists in the Microsoft .NET Framework that may lead to
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 36014 through 36015.

Microsoft Security Bulletin MS15-102:
A coding deficiency exists in Microsoft Task Management that may lead to
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 35977 through 35978 and 36010
through 36013.

Talos has also added and modified multiple rules in the app-detect, browser-ie,
file-executable, file-flash, file-identify, file-office, file-other,
malware-other and server-mail rule sets to provide coverage for emerging
threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://www.snort.org/products. Make sure and stay up to date to catch the most emerging threats!