Snort Subscriber Rule Set Update for 08/09/2016
We welcome the introduction of the newest rule release from Talos. In this release we introduced 38 new rules and made modifications to 4 additional rules.
There were no changes made to the
snort.conf in this release.Talos's rule release:
Synopsis:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.
Details:
Microsoft Security Bulletin MS16-095:
Microsoft Internet Explorer suffers from programming errors that may
lead to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 39810 through 39813,
39820 through 39823, 39826 through 39829, 39833 through 39834, and
39839 through 39840.
Microsoft Security Bulletin MS16-096:
A coding deficiency exists in Microsoft Edge that may lead to remove
code execution.
Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 25459 through 25460.
New rules to detect attacks targeting these vulnerabilities are also
included in this release and are identified with GID 1, SIDs 39810
through 39811, 39822 through 39823, and 39833 through 39834.
Microsoft Security Bulletin MS16-097:
A coding deficiency exists in Microsoft Graphics Component that may
lead to remove code execution.
Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 39824 through 39825
and 39843 through 39844.
Microsoft Security Bulletin MS16-098:
A coding deficiency exists in Microsoft Kernel-Mode drivers that may
lead to an escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 39808 through 39809,
39814 through 39815, and 39841 through 39842.
Microsoft Security Bulletin MS16-099:
A coding deficiency exists in Microsoft Office that may lead to remove
code execution.
Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 39816 through 39817,
39831 through 39832, and 39835 through 39838.
Microsoft Security Bulletin MS16-102:
A coding deficiency exists in Microsoft Windows PDF library that may
lead to remove code execution.
Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 25459 through 25460.
Talos has added and modified multiple rules in the browser-ie,
file-office, file-pdf and os-windows rule sets to provide coverage for
emerging threats from these technologies.
In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://www.snort.org/products. Make sure and stay up to date to catch the most emerging threats!