Tuesday, December 11, 2018

Snort rule update for Dec. 11, 2018 — Microsoft Patch Tuesday

Just released:
Snort Subscriber Rule Set Update for Dec. 11, 2018

The newest SNORTⓇ rule set is here from Cisco Talos. In this release, we introduced 55 new rules, including 10 that are shared object rules. There are also three modified rules, none of which are shared object rules.

This release covers Microsoft Patch Tuesday, which included fixes for 38 vulnerabilities. You can read more about the bugs that Microsoft disclosed over at the Talos blog.

There were no changes made to the snort.conf in this release.

Talos's rule release:
Microsoft Vulnerability CVE-2018-8583: A coding deficiency exists in Microsoft Chakra Scripting Engine that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 48515 through 48516.

Microsoft Vulnerability CVE-2018-8617: A coding deficiency exists in Microsoft Chakra Scripting Engine that may lead to remote code execution.

Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 45142 through 45143.

Microsoft Vulnerability CVE-2018-8618: A coding deficiency exists in Microsoft Chakra Scripting Engine that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 48509 through 48510.

Microsoft Vulnerability CVE-2018-8619: A coding deficiency exists in Microsoft Internet Explorer that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 48531 through 48532.

Microsoft Vulnerability CVE-2018-8624: A coding deficiency exists in Microsoft Chakra Scripting Engine that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 48517 through 48518.

Microsoft Vulnerability CVE-2018-8629: A coding deficiency exists in Microsoft Chakra Scripting Engine that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 48513 through 48514.

Microsoft Vulnerability CVE-2018-8631: A coding deficiency exists in Microsoft Internet Explorer that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 48533 through 48534.

Microsoft Vulnerability CVE-2018-8634: A coding deficiency exists in Microsoft Edge that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 48519 through 48520.

Cisco Talos would like to thank Symantec and the Cyber Threat Alliance for working with us to protect our users from Seedworm, rules are identified with GID 1, SIDs 48559 through 48562.

Talos also has added and modified multiple rules in the browser-firefox, browser-ie, browser-other, browser-plugins, browser-webkit, file-flash, file-identify, file-other, file-pdf, malware-cnc, protocol-scada and server-webapp rule sets to provide coverage for emerging threats from these technologies.
You can subscribe to Talos' newest rule detection functionality for as low as $29 a year with a personal account. Be sure and see our business pricing as well here. Make sure and stay up to date to catch the most emerging threats.

No comments:

Post a Comment