Wednesday, April 13, 2016

Snort Subscriber Rule Set Update for 04/12/2016, MsTuesday

Just released:
Snort Subscriber Rule Set Update for 04/12/2016


We welcome the introduction of the newest rule release from Talos. In this release we introduced 51 new rules and made modifications to 5 additional rules.

There were no changes made to the snort.conf in this release.

Talos would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Rmkml
38457


Talos's rule release:
Microsoft Security Bulletin MS16-037:
Microsoft Internet Explorer suffers from programming errors that may lead to
remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 38465 through 38470, 38491 through
38492, and 38503 through 38508.

Microsoft Security Bulletin MS16-038:
A coding deficiency exists in Microsoft Edge that may lead to remote code
execution.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 38473 through 38474, 38479 through
38480, and 38483 through 38486.

Microsoft Security Bulletin MS16-039:
A coding deficiency exists in Microsoft Graphics Component that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 38459 through 38460, 38487 through
38488, and 38493 through 38494.

Microsoft Security Bulletin MS16-040:
A coding deficiency exists in Microsoft XML Core Service that may lead to
remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 38463 through 38464.

Microsoft Security Bulletin MS16-041:
A coding deficiency exists in the Microsoft .NET Framework that may lead to
remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 38469 through 38470.

Microsoft Security Bulletin MS16-042:
A coding deficiency exists in Microsoft Office that may lead to remote code
execution.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 36751 through 36752, 38471 through
38472, 38481 through 38482, and 38495 through 38496.

Microsoft Security Bulletin MS16-044:
A coding deficiency exists in Microsoft Windows OLE that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 38489 through 38490.

Microsoft Security Bulletin MS16-046:
A coding deficiency exists in Microsoft Secondary Logon that may lead to an
escalation of privilege.

A rule to detect attacks targeting this vulnerability is included in this
release and is identified with GID 1, SID 38458.

Microsoft Security Bulletin MS16-047:
A coding deficiency exists in Microsoft SAM and LSAD Remote Protocols that may
lead to a downgrade attack.

A rule to detect attacks targeting this vulnerability is included in this
release and is identified with GID 1, SID 38462.

Microsoft Security Bulletin MS16-048:
A coding deficiency exists in Microsoft CRSS that may lead to a security
feature bypass.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 38475 through 38476.

Talos has added and modified multiple rules in the browser-ie, browser-plugins,
exploit-kit, file-office, file-other and os-windows rule sets to provide
coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://www.snort.org/products. Make sure and stay up to date to catch the most emerging threats!