Tuesday, January 8, 2019

Snort rule update for Jan. 8, 2019 — Microsoft Patch Tuesday

Just released:
Snort Subscriber Rule Set Update for Jan. 8, 2019

The newest SNORTⓇ rule set is here from Cisco Talos. In this release, we introduced 50 new rules, none of which are shared object rules. There are also eight modified rules, including two that are shared object rules.

This release covers Microsoft Patch Tuesday, which included fixes for 49 vulnerabilities. You can read more about the bugs that Microsoft disclosed over at the Talos blog.
There were no changes made to the snort.conf in this release.

Talos's rule release:

Microsoft Vulnerability CVE-2019-0539: A coding deficiency exists in Microsoft Chakra Scripting Engine that may lead to remote code execution. 
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 48772 through 48773. 
Microsoft Vulnerability CVE-2019-0541: A coding deficiency exists in Microsoft Internet Explorer that may lead to remote code execution. 
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 48782 through 48783. 
Microsoft Vulnerability CVE-2019-0543: A coding deficiency exists in Microsoft Windows that may lead to elevation of privilege. 
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 48807 through 48808. 
Microsoft Vulnerability CVE-2019-0552: A coding deficiency exists in Microsoft Windows COM that may lead to elevation of privilege. 
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 48787 through 48788. 
Microsoft Vulnerability CVE-2019-0555: A coding deficiency exists in Microsoft XmlDocument that may lead to elevation of privilege. 
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 48795 through 48798. 
Microsoft Vulnerability CVE-2019-0565: A coding deficiency exists in Microsoft Edge that may lead to remote code execution. 
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 48770 through 48771. 
Microsoft Vulnerability CVE-2019-0566: A coding deficiency exists in Microsoft Edge that may lead to elevation of privilege. 
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 48809 through 48810. 
Microsoft Vulnerability CVE-2019-0567: A coding deficiency exists in Microsoft Chakra Scripting Engine that may lead to remote code execution. 
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 48780 through 48781. 
Microsoft Vulnerability CVE-2019-0568: A coding deficiency exists in Microsoft Chakra Scripting Engine that may lead to remote code execution. 
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 48778 through 48779. 
Microsoft Vulnerability CVE-2019-0569: A coding deficiency exists in Microsoft Windows Kernel that may lead to information disclosure. 
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 48789 through 48790. 
Microsoft Vulnerability CVE-2019-0572: A coding deficiency exists in Microsoft Windows Data Sharing Service that may lead to elevation of privilege. 
A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 1, SID 48776 and 48777. 
Microsoft Vulnerability CVE-2019-0573: A coding deficiency exists in Microsoft Windows Data Sharing Service that may lead to elevation of privilege. 
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 48793 through 48794. 
Microsoft Vulnerability CVE-2019-0574: A coding deficiency exists in Microsoft Windows Data Sharing Service that may lead to elevation of privilege. 
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 48768 through 48769. 
Talos also has added and modified multiple rules in the browser-ie, file-executable, file-other, file-pdf, malware-cnc, malware-other, os-windows and server-webapp rule sets to provide coverage for emerging threats from these technologies.
You can subscribe to Talos' newest rule detection functionality for as low as $29 a year with a personal account. Be sure and see our business pricing as well here. Make sure and stay up to date to catch the most emerging threats

No comments:

Post a Comment