Snort Subscriber Rule Set Update for 08/14/2018
We welcome the introduction of the newest rule release from Talos. In this release we introduced 55 new rules of which 6 are Shared Object rules and made modifications to 10 additional rules of which 0 are Shared Object rules.
There were no changes made to the
snort.conf in this release.Talos's rule release:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.
Details:
Microsoft Vulnerability CVE-2018-8266:
A coding deficiency exists in Microsoft Chakra Scripting Engine that
may lead to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47490 through 47491.
Microsoft Vulnerability CVE-2018-8344:
A coding deficiency exists in Microsoft Graphics that may lead to
remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47519 through 47520.
Microsoft Vulnerability CVE-2018-8345:
A coding deficiency exists in Microsoft LNK that may lead to remote
code execution.
Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47476 through 47477.
Microsoft Vulnerability CVE-2018-8353:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.
Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 45877 through 45878.
Microsoft Vulnerability CVE-2018-8355:
A coding deficiency exists in Microsoft Chakra Scripting Engine that
may lead to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47492 through 47493.
Microsoft Vulnerability CVE-2018-8371:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.
Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 46548 through 46549.
Microsoft Vulnerability CVE-2018-8372:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47478 through 47479.
Microsoft Vulnerability CVE-2018-8376:
A coding deficiency exists in Microsoft PowerPoint that may lead to
remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47482 through 47483.
Microsoft Vulnerability CVE-2018-8379:
A coding deficiency exists in Microsoft Excel that may lead to remote
code execution.
Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47495 through 47496.
Microsoft Vulnerability CVE-2018-8383:
A coding deficiency exists in Microsoft Edge that may lead to spoofing.
Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47474 through 47475.
Microsoft Vulnerability CVE-2018-8384:
A coding deficiency exists in Microsoft Chakra Scripting Engine that
may lead to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47480 through 47481.
Microsoft Vulnerability CVE-2018-8387:
A coding deficiency exists in Microsoft Edge that may lead to remote
code execution.
Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47486 through 47487.
Microsoft Vulnerability CVE-2018-8389:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47484 through 47485.
Microsoft Vulnerability CVE-2018-8401:
A coding deficiency exists in DirectX Graphics Kernel that may lead to
an escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47517 through 47518.
Microsoft Vulnerability CVE-2018-8403:
A coding deficiency exists in Microsoft Browser that may lead to remote
code execution.
Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47488 through 47489.
Microsoft Vulnerability CVE-2018-8404:
A coding deficiency exists in Microsoft Win32k that may lead to an
escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47503 through 47504.
Microsoft Vulnerability CVE-2018-8405:
A coding deficiency exists in DirectX Graphics Kernel that may lead to
remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47515 through 47516.
Microsoft Vulnerability CVE-2018-8406:
A coding deficiency exists in DirectX Graphics Kernel that may lead to
an escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47512 through 47513.
Microsoft Vulnerability CVE-2018-8414:
A coding deficiency exists in Microsoft Windows Shell that may lead to
remote code execution.
Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 46999 through 47002.
Talos also has added and modified multiple rules in the browser-ie,
file-executable, file-office, file-other, indicator-compromise,
malware-cnc, os-windows and server-webapp rule sets to provide coverage
for emerging threats from these technologies.
In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!