Tuesday, June 14, 2016

Snort Subscriber Rule Set Update for 06/14/2016, MsTuesday

Just released:
Snort Subscriber Rule Set Update for 06/14/2016


We welcome the introduction of the newest rule release from Talos. In this release we introduced 79 new rules and made modifications to 18 additional rules.

There were no changes made to the snort.conf in this release.



Talos's rule release:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Security Bulletin MS16-063:
Microsoft Internet Explorer suffers from programming errors that may
lead to remote code execution.

A previously released rule will detect attacks targeting these
vulnerabilities and has been updated with the appropriate reference
information. It is included in this release and is identified with GID
1, SID 20258.

New rules to detect attacks targeting these vulnerabilities are also
included in this release and are identified with GID 1, SIDs 20258,
39207 through 39208, 39227, 39230 through 39231, 39234 through 39235,
and 39242 through 39259.

Microsoft Security Bulletin MS16-068:
A coding deficiency exists in Microsoft Edge that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 39199 through 39200,
39205 through 39206, 39219 through 39220, 39228 through 39229, 39232
through 39233, and 39238 through 39239.

Microsoft Security Bulletin MS16-069:
A coding deficiency exists in Microsoft Jscript and VBScript that may
lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 39211 through 39212
and 39236 through 39237.

Microsoft Security Bulletin MS16-070:
A coding deficiency exists in Microsoft Office that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 39203 through 39204
and 39221 through 39224.

Microsoft Security Bulletin MS16-073:
A coding deficiency exists in Microsoft Kernel Mode Drivers that may
lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 39193 through 39196
and 39217 through 39218.

Microsoft Security Bulletin MS16-074:
A coding deficiency exists in Microsoft Graphics Component that may
lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 39209 through 39210,
39260 through 39261, and 39266 through 39267.

Microsoft Security Bulletin MS16-075:
A coding deficiency exists in Microsoft Windows SMB Server that may
lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 39213 through 39216.

Microsoft Security Bulletin MS16-077:
A coding deficiency exists in Microsoft Web Proxy Autodiscovery (WPAD)
that may lead to an escalation of privilege.

A rule to detect attacks targeting this vulnerability is included in
this release and is identified with GID 1, SID 39227.

Microsoft Security Bulletin MS16-078:
A coding deficiency exists in Microsoft Windows Diagnostic Hub that may
lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 39225 through 39226.

Talos has added and modified multiple rules in the browser-ie,
file-flash, file-image, file-office, file-other, malware-cnc,
os-windows, pua-toolbars and server-webapp rule sets to provide
coverage for emerging threats from these technologies.



In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://www.snort.org/products. Make sure and stay up to date to catch the most emerging threats!