Tuesday, February 12, 2019

Snort rule update for Feb. 12, 2019 — Microsoft Patch Tuesday

Just released:
Snort Subscriber Rule Set Update for Feb. 12, 2019

The newest SNORTⓇ rule set is here from Cisco Talos. In this release, we introduced 50 new rules, none of which are shared object rules. There are also eight modified rules, including two that are shared object rules.

This release covers Microsoft Patch Tuesday, which included fixes for 49 vulnerabilities. You can read more about the bugs that Microsoft disclosed over at the Talos blog.
There were no changes made to the snort.conf in this release.

Talos's rule release:

Microsoft Vulnerability CVE-2019-0590: A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49128 through 49129.

Microsoft Vulnerability CVE-2019-0591: A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49134 through 49135.

Microsoft Vulnerability CVE-2019-0593: A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49130 through 49131.

Microsoft Vulnerability CVE-2019-0606: A coding deficiency exists in Microsoft Internet Explorer that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49144 through 49145.

Microsoft Vulnerability CVE-2019-0607: A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49149 through 49150.

Microsoft Vulnerability CVE-2019-0610: A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49140 through 49141.

Microsoft Vulnerability CVE-2019-0621: A coding deficiency exists in Microsoft Windows Kernel that may lead to information disclosure.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49172 through 49173.

Microsoft Vulnerability CVE-2019-0628: A coding deficiency exists in Microsoft Win32k that may lead to information disclosure.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49180 through 49181.

Microsoft Vulnerability CVE-2019-0630: A coding deficiency exists in Microsoft SMB that may lead to remote code execution.

A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 1, SID 49146.

Microsoft Vulnerability CVE-2019-0633: A coding deficiency exists in Microsoft SMB that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49174 through 49177.

Microsoft Vulnerability CVE-2019-0636: A coding deficiency exists in Microsoft Windows that may lead to information disclosure.

Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 48799 through 48800.

Microsoft Vulnerability CVE-2019-0640: A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49153 through 49154.

Microsoft Vulnerability CVE-2019-0642: A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49169 through 49170.

Microsoft Vulnerability CVE-2019-0644: A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49151 through 49152.

Microsoft Vulnerability CVE-2019-0645: A coding deficiency exists in Microsoft Edge that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49142 through 49143.

Microsoft Vulnerability CVE-2019-0648: A coding deficiency exists in Microsoft Scripting Engine that may lead to information disclosure.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49157 through 49158.

Microsoft Vulnerability CVE-2019-0650: A coding deficiency exists in Microsoft Edge that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49147 through 49148.

Microsoft Vulnerability CVE-2019-0651: A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49138 through 49139.

Microsoft Vulnerability CVE-2019-0652: A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49136 through 49137.

Microsoft Vulnerability CVE-2019-0655: A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49167 through 49168.

Microsoft Vulnerability CVE-2019-0656: A coding deficiency exists in Microsoft Windows Kernel that may lead to elevation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49159 through 49160.

Microsoft Vulnerability CVE-2019-0658: A coding deficiency exists in Microsoft Scripting Engine that may lead to information disclosure.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49165 through 49166.

Microsoft Vulnerability CVE-2019-0661: A coding deficiency exists in Microsoft Windows Kernel that may lead to information disclosure.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49161 through 49162.

Microsoft Vulnerability CVE-2019-0669: A coding deficiency exists in Microsoft Excel that may lead to information disclosure.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49132 through 49133.

Microsoft Vulnerability CVE-2019-0676: A coding deficiency exists in Microsoft Internet Explorer that may lead to information disclosure.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49155 through 49156.

Talos also has added and modified multiple rules in the browser-ie, file-office, file-other, file-pdf, indicator-compromise, malware-cnc and server-webapp rule sets to provide coverage for emerging threats from these technologies.
You can subscribe to Talos' newest rule detection functionality for as low as $29 a year with a personal account. Be sure and see our business pricing as well here. Make sure and stay up to date to catch the most emerging threats

No comments:

Post a Comment