Wednesday, October 12, 2016

Snort Subscriber Rule Set Update for 10/11/2016, MSTuesday

Just released:
Snort Subscriber Rule Set Update for 10/11/2016


We welcome the introduction of the newest rule release from Talos. In this release we introduced 86 new rules and made modifications to 18 additional rules.

There were no changes made to the snort.conf in this release.



Talos's rule release:
Microsoft Security Bulletin MS16-118: Microsoft Internet Explorer suffers from programming errors that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 40364 through 40365, 40372 through 40375, 40378 through 40379, 40385 through 40386, 40396 through 40397, and 40420 through 40421.

Microsoft Security Bulletin MS16-119: A coding deficiency exists in Microsoft Edge that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 40366 through 40367, 40370 through 40371, 40383 through 40384, 40404 through 40405, 40420 through 40421, and 40423 through 40424.

Microsoft Security Bulletin MS16-120: A coding deficiency exists in Microsoft Graphics Component that may lead to remote code execution.

Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 39824 through 39825.

New rules to detect attacks targeting these vulnerabilities are also included in this release and are identified with GID 1, SIDs 40408 through 40411 and 40425 through 40428.

Microsoft Security Bulletin MS16-121: A coding deficiency exists in Microsoft Office that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 40368 through 40369.

Microsoft Security Bulletin MS16-123: A coding deficiency exists in a Microsoft Kernel mode driver that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 40376 through 40377, 40380 through 40381, 40392 through 40393, and 40418 through 40419.

Microsoft Security Bulletin MS16-124: A coding deficiency exists in a Microsoft Windows Registry that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 40394 through 40395, 40400 through 40403, and 40412 through 40413.

Microsoft Security Bulletin MS16-125: A coding deficiency exists in a Microsoft Diagnostic Hub that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 40398 through 40399.

Microsoft Security Bulletin MS16-126: Microsoft Internet Explorer suffers from programming errors that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 40364 through 40365.

Talos also has added and modified multiple rules in the browser-firefox, browser-ie, browser-other, browser-plugins, deleted, exploit-kit, file-flash, file-identify, file-office, file-other, file-pdf, indicator-compromise, malware-cnc, os-windows, protocol-dns, protocol-ftp, server-apache and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://www.snort.org/products. Make sure and stay up to date to catch the most emerging threats!