Wednesday, February 10, 2016

Snort Subscriber Rule Set Update for 02/09/2016, MSTuesday

Just released:
Snort Subscriber Rule Set Update for 02/09/2016


We welcome the introduction of the newest rule release from Talos. In this release we introduced 73 new rules and made modifications to 7 additional rules.

Talos would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Yaser Mansour
37620
37621
37552

There were no changes made to the snort.conf in this release.

Talos's rule release:
Microsoft Security Bulletin MS16-009:
Microsoft Internet Explorer suffers from programming errors that may lead to
remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 37553 through 37554, 37571 through
37574, 37581 through 37582, 37596 through 37597, 37602 through 37605, and 37616
through 37617.

Microsoft Security Bulletin MS16-011:
A coding deficiency exists in Microsoft Edge that may lead to remote code
execution.

Previously released rules will detect attacks targeting this vulnerability and
have been updated with the appropriate reference information. They are included
in this release and are identified with GID 1, SIDs 36986 through 36987.

New rules to detect attacks targeting these vulnerabilities are also included
in this release and are identified with GID 1, SIDs 37575 through 37576, and
37608 through 37615.

Microsoft Security Bulletin MS16-012:
A coding deficiency exists in the Microsoft Windows PDF library that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 37565 through 37566 and 37594
through 37595.

Microsoft Security Bulletin MS16-013:
A coding deficiency exists in Microsoft Windows Journal that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 37577 through 37578.

Microsoft Security Bulletin MS16-014:
A coding deficiency exists in Microsoft Windows that may lead to remote code
execution.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 37555 through 37558, 37567 through
37570, and 37588 through 37591.

Microsoft Security Bulletin MS16-015:
A coding deficiency exists in Microsoft Office that may lead to remote code
execution.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 37559 through 37564, 37579 through
37580, 37592 through 37593, 37598 through 37601, and 37606 through 37607.

Microsoft Security Bulletin MS16-016:
A coding deficiency exists in Microsoft WebDAV that may lead to an escalation
of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 37586 through 37587.

Microsoft Security Bulletin MS16-018:
A coding deficiency exists in a Microsoft Windows kernel-mode driver that may
lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 37584 through 37585.

Talos has added and modified multiple rules in the browser-ie, file-identify,
file-image, file-office, file-other, file-pdf, indicator-shellcode,
malware-cnc, os-windows, pua-adware and server-webapp rule sets to provide
coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://www.snort.org/products. Make sure and stay up to date to catch the most emerging threats!