Tuesday, January 12, 2016

Snort Subscriber Rule Set Update for 01/12/2016, MSTuesday

Just released:
Snort Subscriber Rule Set Update for 01/12/2016


We welcome the introduction of the newest rule release from Talos. In this release we introduced 36 new rules and made modifications to 13 additional rules.

There were no changes made to the snort.conf in this release.

Talos's rule release:
Microsoft Security Bulletin MS16-001:
Microsoft Internet Explorer suffers from programming errors that may lead to
remote code execution.

Previously released rules will detect attacks targeting this vulnerability and
have been updated with the appropriate reference information. They are included
in this release and are identified with GID 1, SIDs 33287 through 33288, and
33897 through 33898.

New rules to detect attacks targeting these vulnerabilities are also included
in this release and are identified with GID 1, SIDs 37283 through 37284.

Microsoft Security Bulletin MS16-002:
A coding deficiency exists in Microsoft Edge that may lead to remote code
execution.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 37279 through 37280.

Microsoft Security Bulletin MS16-004:
A coding deficiency exists in Microsoft Office that may lead to remote code
execution.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 37259 through 37260, 37273 through
37274, and 37281 through 37282.

Microsoft Security Bulletin MS16-005:
A coding deficiency exists in Microsoft kernel-mode drivers that may lead to
remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 37265 through 37266.

Microsoft Security Bulletin MS16-006:
A coding deficiency exists in Microsoft Silverlight that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 37267 through 37268.

Microsoft Security Bulletin MS16-007:
A coding deficiency exists in Microsoft Windows that may lead to remote code
execution.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 37257 through 37258, 37261 through
37264, and 37275 through 37278.

Microsoft Security Bulletin MS16-008:
A coding deficiency exists in the Microsoft kernel that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 37269 through 37272.

Talos has added and modified multiple rules in the browser-ie, browser-plugins,
file-office, file-other, malware-cnc and server-other rule sets to provide
coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://www.snort.org/products. Make sure and stay up to date to catch the most emerging threats!