Tuesday, December 8, 2015

Snort Subscriber Rule Set Update for 12/08/2015, MSTuesday

Just released:
Snort Subscriber Rule Set Update for 12/08/2015


We welcome the introduction of the newest rule release from Talos. In this release we introduced 100 new rules and made modifications to 9 additional rules.

There were no changes made to the snort.conf in this release.



Talos's rule release:
Microsoft Security Bulletin MS15-124:
Microsoft Internet Explorer suffers from programming errors that may lead to
remote code execution.

Previously released rules will detect attacks targeting this vulnerability and
have been updated with the appropriate reference information. They are included
in this release and are identified with GID 1, SIDs 36673 through 36674.

New rules to detect attacks targeting these vulnerabilities are also included
in this release and are identified with GID 1, SIDs 36917 through 36923, 36926
through 36929, 36934 through 36951, 36954 through 36957, 36962 through 36963,
36968 through 36969, 36978 through 36983, 36986 through 36988, 36991 through
36992, 37003 through 37004, and 37009 through 37010.

Microsoft Security Bulletin MS15-125:
A coding deficiency exists in Microsoft Edge that may lead to remote code
execution.

Previously released rules will detect attacks targeting this vulnerability and
have been updated with the appropriate reference information. They are included
in this release and are identified with GID 1, SIDs 36673 through 36674.

New rules to detect attacks targeting these vulnerabilities are also included
in this release and are identified with GID 1, SIDs 36917, 36932 through 36933,
36942 through 36943, 36950 through 36951, and 36984 through 36985.

Microsoft Security Bulletin MS15-126:
A coding deficiency exists in Microsoft JScript and VBScript that may lead to
remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 36922 through 36923.

Microsoft Security Bulletin MS15-128:
A coding deficiency exists in Microsoft Graphics Component that may lead to
remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 36964 through 36967.

Microsoft Security Bulletin MS15-129:
A coding deficiency exists in Microsoft Silverlight that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 36997 through 36998.

Microsoft Security Bulletin MS15-130:
A coding deficiency exists in Microsoft Uniscribe that may lead to remote code
execution.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 36952 through 36953.

Microsoft Security Bulletin MS15-131:
A coding deficiency exists in Microsoft Office that may lead to remote code
execution.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 36924 through 36925, 36958 through
36961, 36974 through 36975, and 37011 through 37013.

Microsoft Security Bulletin MS15-132:
A coding deficiency exists in Microsoft Windows that may lead to an escalation
of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 36930 through 36931, 36993 through
36996, and 36999 through 37002.

Microsoft Security Bulletin MS15-134:
A coding deficiency exists in Microsoft Media Center that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 36972 through 36973.

Microsoft Security Bulletin MS15-135:
A coding deficiency exists in a Microsoft Kernel mode driver that may lead to
an escalation of privilege.

Previously released rules will detect attacks targeting this vulnerability and
have been updated with the appropriate reference information. They are included
in this release and are identified with GID 1, SIDs 35149 through 35150.

New rules to detect attacks targeting these vulnerabilities are also included
in this release and are identified with GID 1, 36970 through 36971, 36976
through 36977, and 36989 through 36990.

Talos has added and modified multiple rules in the browser-ie, browser-plugins,
deleted, file-office, file-other, malware-cnc and policy-other rule sets to
provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://www.snort.org/products. Make sure and stay up to date to catch the most emerging threats!