Tuesday, March 8, 2016

Snort Subscriber Rule Set Update for 03/08/2016, MSTuesday

Just released:
Snort Subscriber Rule Set Update for 03/08/2016


We welcome the introduction of the newest rule release from Talos. In this release we introduced 69 new rules and made modifications to 8 additional rules.

There were no changes made to the snort.conf in this release.

See below for the details of the release:



Talos's rule release:
Microsoft Security Bulletin MS16-023:
Microsoft Internet Explorer suffers from programming errors that may lead to
remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 38065 through 38070, 38081 through
38082, 38085 through 38086, 38088 through 38091, 38094 through 38099, 38108
through 38109, 38112 through 38113, 38117 through 38118, and 38122 through
38123.

Microsoft Security Bulletin MS16-024:
A coding deficiency exists in Microsoft Edge that may lead to remote code
execution.

Previously released rules will detect attacks targeting this vulnerability and
have been updated with the appropriate reference information. They are included
in this release and are identified with GID 1, SIDs 37279 through 37280.

New rules to detect attacks targeting these vulnerabilities are also included
in this release and are identified with GID 1, SIDs 38106 through 38107.

Microsoft Security Bulletin MS16-026:
A coding deficiency exists in Microsoft Graphic Fonts that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 38063 through 38064.

Microsoft Security Bulletin MS16-027:
A coding deficiency exists in Microsoft Windows Media Player that may lead to
remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 38079 through 38080 and 38124
through 38125.

Microsoft Security Bulletin MS16-028:
A coding deficiency exists in Microsoft Windows PDF Library that may lead to
remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 38073 through 38078.

Microsoft Security Bulletin MS16-029:
A coding deficiency exists in Microsoft Office that may lead to remote code
execution.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 38100 through 38101 and 38126
through 38129.

Microsoft Security Bulletin MS16-030:
A coding deficiency exists in Microsoft Windows OLE that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 38110 through 38111.

Microsoft Security Bulletin MS16-031:
A coding deficiency exists in Microsoft Windows that may lead to an escalation
of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 38092 through 38093.

Microsoft Security Bulletin MS16-032:
A coding deficiency exists in Microsoft Secondary Logon that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 38114 through 38115.

Microsoft Security Bulletin MS16-034:
A coding deficiency exists in Microsoft Kernel Mode Drivers that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 38061 through 38062, 38071 through
38072, 38083 through 38084, and 38119 through 38120.

Talos also has added and modified multiple rules in the browser-ie,
exploit-kit, file-multimedia, file-office, file-other, indicator-obfuscation,
malware-cnc and server-webapp rule sets to provide coverage for emerging
threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://www.snort.org/products. Make sure and stay up to date to catch the most emerging threats!