Snort Subscriber Rule Set Update for 07/11/2017
We welcome the introduction of the newest rule release from Talos. In this release we introduced 74 new rules of which 8 are Shared Object rules and made modifications to 7 additional rules of which 0 are Shared Object rules.
There were no changes made to the
snort.conf
in this release.Talos's rule release:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.
Details:
Microsoft Vulnerability CVE-2017-0243:
A coding deficiency exists in Microsoft Office that may lead to remote
code execution.
Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 42755 through 42756.
Microsoft Vulnerability CVE-2017-8577:
A coding deficiency exists in Microsoft Win32k that may lead to an
escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 43490 through 43491.
Microsoft Vulnerability CVE-2017-8578:
A coding deficiency exists in Microsoft Win32k that may lead to an
escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 43473 through 43474.
Microsoft Vulnerability CVE-2017-8594:
Microsoft Internet Explorer suffers from programming errors that may
lead to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 43521 through 43522.
Microsoft Vulnerability CVE-2017-8598:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 43469 through 43470.
Microsoft Vulnerability CVE-2017-8601:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 43465 through 43466.
Microsoft Vulnerability CVE-2017-8605:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.
Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 42753 through 42754.
Microsoft Vulnerability CVE-2017-8617:
Microsoft Edge suffers from programming errors that may lead to remote
code execution.
Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 43460 through 43463.
Microsoft Vulnerability CVE-2017-8618:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 43471 through 43472.
Microsoft Vulnerability CVE-2017-8619:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 43492 through 43493.
Talos also has added and modified multiple rules in the browser-ie,
browser-other, browser-plugins, file-flash, file-other,
indicator-compromise, malware-cnc, os-windows, server-apache and
server-webapp rule sets to provide coverage for emerging threats from
these technologies.
In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!