Tuesday, October 13, 2015

Snort Subscriber Rule Set Update for 10/13/2015, MSTuesday

Just released:
Snort Subscriber Rule Set Update for 10/13/2015

We welcome the introduction of the newest rule release from Talos. In this release we introduced 60 new rules and made modifications to 13 additional rules.

There were no changes made to the snort.conf in this release.

Talos's rule release:
Microsoft Security Bulletin MS15-106:
Microsoft Internet Explorer suffers from programming errors that may lead to
remote code execution.

Previously released rules will detect attacks targeting these vulnerabilities
and have been updated with the appropriate reference information. They are
included in this release and are identified with GID 1, SIDs 34393 through
34394.

New rules to detect attacks targeting these vulnerabilities are also included
in this release and are identified with GID 1, SIDs 36407 through 36414, 36417
through 36422, 36431 through 36432, 36437 through 36444, 36447 through 36448,
36450 through 36451, and 36458 through 36459.

Microsoft Security Bulletin MS15-107:
A coding deficiency exists in Microsoft Edge that may lead to information
disclosure.

A rule to detect attacks targeting this vulnerability is included in this
release and is identified with GID 1, SID 36452.

Microsoft Security Bulletin MS15-108:
A coding deficiency exists in Microsoft JScript and VBScript that may lead to
remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 36419 through 36422.

Microsoft Security Bulletin MS15-109:
A coding deficiency exists in Microsoft Windows Shell that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 36401 through 36402 and 36423
through 36424.

Microsoft Security Bulletin MS15-110:
A coding deficiency exists in Microsoft Office that may lead to remote code
execution.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 36425 through 36430.

Microsoft Security Bulletin MS15-111:
A coding deficiency exists in the Microsoft Windows Kernel that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 36403 through 36406, 36415 through
36416, and 36445 through 36446.

Talos has also added and modified multiple rules in the browser-ie, browser-plugins, exploit-kit, file-flash, file-multimedia, file-office, file-other, os-windows, policy-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://www.snort.org/products. Make sure and stay up to date to catch the most emerging threats!