Tuesday, February 13, 2018

Snort Subscriber Rule Set Update for 02/13/2018, Snort 3 official ruleset!

Just released:
Snort Subscriber Rule Set Update for 02/13/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 51 new rules of which 2 are Shared Object rules and made modifications to 7 additional rules of which 1 are Shared Object rules.

This release also marks the first official release of the registered and subscriber rulesets for Snort 3.0

There were no changes made to the snort.conf in this release.



Talos's rule release:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Vulnerability CVE-2018-0742:
A coding deficiency exists in Microsoft Windows Kernel that may lead to
elevation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 45649 through 45650.

Microsoft Vulnerability CVE-2018-0756:
A coding deficiency exists in Microsoft Windows Kernel that may lead to
elevation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 45632 through 45635.

Microsoft Vulnerability CVE-2018-0825:
A coding deficiency exists in Microsoft StructuredQuery that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 45624 through 45625.

Microsoft Vulnerability CVE-2018-0834:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 45626 through 45629.

Microsoft Vulnerability CVE-2018-0835:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 45628 through 45629.

Microsoft Vulnerability CVE-2018-0837:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 45628 through 45629.

Microsoft Vulnerability CVE-2018-0838:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 45628 through 45629.

Microsoft Vulnerability CVE-2018-0840:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 45628 through 45629.

Microsoft Vulnerability CVE-2018-0841:
A coding deficiency exists in Microsoft Excel that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 45654 through 45655.

Microsoft Vulnerability CVE-2018-0842:
A coding deficiency exists in Microsoft Windows that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 45656 through 45657.

Microsoft Vulnerability CVE-2018-0844:
A coding deficiency exists in Microsoft Windows Common Log File System
(CLFS) driver that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 45630 through 45631.

Microsoft Vulnerability CVE-2018-0846:
A coding deficiency exists in Microsoft Windows Common Log File System
(CLFS) driver that may lead to an escalation of privilege.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 40691 through 40692.

Microsoft Vulnerability CVE-2018-0858:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 45659 through 45660.

Microsoft Vulnerability CVE-2018-0860:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 45628 through 45629
and 45636 through 45637.

Microsoft Vulnerability CVE-2018-0866:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 45673 through 45674.

Talos also has added and modified multiple rules in the browser-ie,
exploit-kit, file-office, file-other, file-pdf, malware-cnc,
os-windows, policy-other and server-webapp rule sets to provide
coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!