Snort Subscriber Rule Set Update for 12/12/2017
We welcome the introduction of the newest rule release from Talos. In this release we introduced 51 new rules of which 3 are Shared Object rules and made modifications to 34 additional rules of which 4 are Shared Object rules.
There were no changes made to the
snort.conf in this release.Talos's rule release:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.
Details:
Microsoft Vulnerability CVE-2017-11885:
A coding deficiency exists in Windows RRAS Service that may lead to
remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 45130 through 45131.
Microsoft Vulnerability CVE-2017-11886:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.
Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 37283 through 37284.
Microsoft Vulnerability CVE-2017-11888:
A coding deficiency exists in Microsoft Edge that may lead to remote
code execution.
Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 45121 through 45122.
Microsoft Vulnerability CVE-2017-11889:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.
Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 42749 through 42750.
Microsoft Vulnerability CVE-2017-11890:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 45138 through 45139.
Microsoft Vulnerability CVE-2017-11893:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 45162 through 45163.
Microsoft Vulnerability CVE-2017-11894:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 45140 through 45141.
Microsoft Vulnerability CVE-2017-11895:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 45142 through 45143.
Microsoft Vulnerability CVE-2017-11901:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 45144 through 45145.
Microsoft Vulnerability CVE-2017-11903:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 45146 through 45147.
Microsoft Vulnerability CVE-2017-11907:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 45148 through 45149.
Microsoft Vulnerability CVE-2017-11909:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 45150 through 45151.
Microsoft Vulnerability CVE-2017-11911:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 45155 through 45156.
Microsoft Vulnerability CVE-2017-11913:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.
Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 40132 through 40133.
Microsoft Vulnerability CVE-2017-11914:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 45128 through 45129.
Microsoft Vulnerability CVE-2017-11916:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 45169 through 45170.
Microsoft Vulnerability CVE-2017-11918:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 45160 through 45161.
Microsoft Vulnerability CVE-2017-11930:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 45167 through 45168.
Microsoft Vulnerability CVE-2017-11935:
A coding deficiency exists in Microsoft Excel that may lead to remote
code execution.
Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 45123 through 45124.
Microsoft Vulnerability CVE-2017-11937:
A coding deficiency exists in Microsoft Malware Protection Engine that
may lead to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 45152 through 45153.
Talos also has added and modified multiple rules in the
browser-firefox, browser-ie, browser-plugins, file-multimedia,
file-office, file-other, file-pdf, indicator-compromise, os-windows,
policy-other, protocol-snmp and server-webapp rule sets to provide
coverage for emerging threats from these technologies.
In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!