Snort Subscriber Rule Set Update for 07/10/2018, Microsoft
We welcome the introduction of the newest rule release from Talos. In this release we introduced 26 new rules of which 1 are Shared Object rules and made modifications to 13 additional rules of which 0 are Shared Object rules.
There were no changes made to the
snort.conf
in this release.
Talos would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:
Yaser Mansour
47093
47094
47095
Talos's rule release:
Details:
Microsoft Vulnerability CVE-2018-0949:
Microsoft Internet Explorer suffers from programming errors that may
lead to a security feature bypass.
Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47091 through 47092.
Microsoft Vulnerability CVE-2018-8125:
A coding deficiency exists in Microsoft Chakra Scripting Engine that
may lead to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47117 through 47118.
Microsoft Vulnerability CVE-2018-8242:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.
Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 46548 through 46549.
Microsoft Vulnerability CVE-2018-8262:
A coding deficiency exists in Microsoft Edge that may lead to remote
code execution.
Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47113 through 47114.
Microsoft Vulnerability CVE-2018-8274:
A coding deficiency exists in Microsoft Edge that may lead to remote
code execution.
Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47107 through 47108.
Microsoft Vulnerability CVE-2018-8275:
A coding deficiency exists in Microsoft Edge that may lead to remote
code execution.
Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47100 through 47101.
Microsoft Vulnerability CVE-2018-8278:
A coding deficiency exists in Microsoft Edge that may lead to spoofing.
Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47119 through 47120.
Microsoft Vulnerability CVE-2018-8279:
A coding deficiency exists in Microsoft Edge that may lead to remote
code execution.
Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47098 through 47099.
Microsoft Vulnerability CVE-2018-8282:
A coding deficiency exists in Microsoft Win32k that may lead to an
escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47096 through 47097.
Microsoft Vulnerability CVE-2018-8283:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47121 through 47122.
Microsoft Vulnerability CVE-2018-8288:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.
Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 45628 through 45629.
Microsoft Vulnerability CVE-2018-8289:
Microsoft Edge suffers from programming errors that may lead to
information disclosure.
Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47111 through 47112.
Microsoft Vulnerability CVE-2018-8291:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47109 through 47110.
Microsoft Vulnerability CVE-2018-8296:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.
Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 45628 through 45629.
Microsoft Vulnerability CVE-2018-8297:
Microsoft Edge suffers from programming errors that may lead to
information disclosure.
Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 45121 through 45122.
Microsoft Vulnerability CVE-2018-8298:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47102 through 47103.
Microsoft Vulnerability CVE-2018-8324:
Microsoft Edge suffers from programming errors that may lead to
information disclosure.
Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47141 through 47142.
In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!