Tuesday, October 9, 2018

Snort rule update for Oct. 9 — Microsoft Patch Tuesday

Just released:
Snort Subscriber Rule Set Update for Oct. 9, 2018

The newest SNORTⓇ rule set from Cisco Talos is here, covering the numerous vulnerabilities disclosed as part of Microsoft Patch Tuesday.

In this release, we introduced 29 new rules, of which four are shared object rules. There are no modified rules.

If you would like to know more about the monthly security update from Microsoft, visit the Talos blog here.

There were no changes made to the snort.conf in this release.

Talos's rule release:
Microsoft Vulnerability CVE-2010-3190: A coding deficiency exists in MFC that may lead to remote code execution.

Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 18619 through 18623 and 18625 through 18629.

Microsoft Vulnerability CVE-2018-8333: A coding deficiency exists in Microsoft Filter Manager that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 48055 through 48056.

Microsoft Vulnerability CVE-2018-8411: A coding deficiency exists in NTFS that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 48057 through 48058.

Microsoft Vulnerability CVE-2018-8413: A coding deficiency exists in Microsoft Windows Theme API that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 48059 through 48060.

Microsoft Vulnerability CVE-2018-8423: A coding deficiency exists in Microsoft JET Database Engine that may lead to remote code execution.

Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 47885 through 47888.

Microsoft Vulnerability CVE-2018-8453: A coding deficiency exists in Microsoft Win32k that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 48072 through 48073.

Microsoft Vulnerability CVE-2018-8460: Microsoft Internet Explorer suffers from programming errors that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 48045 through 48046.

Microsoft Vulnerability CVE-2018-8486: A coding deficiency exists in DirectX Graphics Kernel that may lead to information disclosure.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 48047 through 48048.

Microsoft Vulnerability CVE-2018-8491: Microsoft Internet Explorer suffers from programming errors that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 48049 through 48050.

Microsoft Vulnerability CVE-2018-8492: A coding deficiency exists in Microsoft Device Guard that may lead to a security feature bypass.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 48062 through 48063.

Microsoft Vulnerability CVE-2018-8495: A coding deficiency exists in Microsoft Windows Shell that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 48053 through 48054.

Microsoft Vulnerability CVE-2018-8505: A coding deficiency exists in Microsoft Chakra Scripting Engine that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 48051 through 48052.

Talos also has added and modified multiple rules in the browser-ie, file-executable, file-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.
In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 U.S. a year for personal users. Be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats.

No comments:

Post a Comment