Tuesday, March 12, 2019

Snort rule update for March 12, 2019 — Microsoft Patch Tuesday

Just released:
Snort Subscriber Rule Set Update for Feb. 12, 2019

The newest SNORTⓇ rule set is here from Cisco Talos. In this release, we introduced 38 new rules and four shared object rules. There are also 16 modified rules, none of which are shared object rules.

This release covers Microsoft Patch Tuesday, which included fixes for 64 vulnerabilities. You can read more about the bugs that Microsoft disclosed over at the Talos blog.
There were no changes made to the snort.conf in this release.

Talos's rule release:
Microsoft Vulnerability CVE-2019-0592: A coding deficiency exists in Microsoft Chakra Scripting Engine that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49368 through 49369.

Microsoft Vulnerability CVE-2019-0609: A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49394 through 49395.

Microsoft Vulnerability CVE-2019-0612: Microsoft Edge suffers from programming errors that may lead to a security feature bypass.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49371 through 49372.

Microsoft Vulnerability CVE-2019-0639: A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49382 through 49383.

Microsoft Vulnerability CVE-2019-0665: A coding deficiency exists in Microsoft Windows VBScript Engine that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49364 through 49365.

Microsoft Vulnerability CVE-2019-0666: A coding deficiency exists in Microsoft Windows VBScript Engine that may lead to remote code execution.

Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 46554 through 46555.

Microsoft Vulnerability CVE-2019-0667: A coding deficiency exists in Microsoft Windows VBScript Engine that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49386 through 49387.

Microsoft Vulnerability CVE-2019-0680: A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49388 through 49389.

Microsoft Vulnerability CVE-2019-0703: A coding deficiency exists in Microsoft SMB that may lead to information disclosure.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49366 through 49367.

Microsoft Vulnerability CVE-2019-0755: A coding deficiency exists in Microsoft Windows Kernel that may lead to information disclosure.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49392 through 49393.

Microsoft Vulnerability CVE-2019-0763: Microsoft Internet Explorer suffers from programming errors that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49384 through 49385.

Microsoft Vulnerability CVE-2019-0767: A coding deficiency exists in Microsoft Windows Kernel that may lead to information disclosure.

Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 49172 through 49173.

Microsoft Vulnerability CVE-2019-0768: Microsoft Internet Explorer suffers from programming errors that may lead to a security feature bypass.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49378 through 49379.

Microsoft Vulnerability CVE-2019-0769: A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution.

Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 45142 through 45143.

Microsoft Vulnerability CVE-2019-0770: A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49388 through 49389.

Microsoft Vulnerability CVE-2019-0771: A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution.

Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 48051 through 48052.

Microsoft Vulnerability CVE-2019-0773: A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49380 through 49381.

Microsoft Vulnerability CVE-2019-0775: A coding deficiency exists in Microsoft Windows Kernel that may lead to information disclosure.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49390 through 49391.

Microsoft Vulnerability CVE-2019-0797: A coding deficiency exists in Microsoft Win32k that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49400 through 49401.

Microsoft Vulnerability CVE-2019-0808: A coding deficiency exists in Microsoft Win32k that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49402 through 49403.

Talos also has added and modified multiple rules in the browser-ie, file-office, indicator-compromise, malware-cnc, os-windows, policy-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.
You can subscribe to Talos' newest rule detection functionality for as low as $29 a year with a personal account. Be sure and see our business pricing as well here. Make sure and stay up to date to catch the most emerging threats

No comments:

Post a Comment