Just released:
Snort Subscriber Rule Set Update for April 9, 2019The newest SNORTⓇ rule set is here from Cisco Talos. In this release, we introduced 80 new rules, eight of which are shared object rules. There are also 10 modified rules.
This release covers Microsoft Patch Tuesday, which included fixes for 74 vulnerabilities. You can read more about the bugs that Microsoft disclosed over at the Talos blog.
There were no changes made to the
snort.conf in this release.Talos's rule release:
Microsoft Vulnerability CVE-2019-0685: A coding deficiency exists in Microsoft Win32k that may lead to an escalation of privilege.You can subscribe to Talos' newest rule detection functionality for as low as $29 a year with a personal account. Be sure and see our business pricing as well here. Make sure and stay up to date to catch the most emerging threats.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49688 through 49689.
Microsoft Vulnerability CVE-2019-0730: A coding deficiency exists in Microsoft Windows that may lead to an escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49692 through 49693.
Microsoft Vulnerability CVE-2019-0731: A coding deficiency exists in Microsoft Windows that may lead to an escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49696 through 49697.
Microsoft Vulnerability CVE-2019-0732: A coding deficiency exists in Microsoft Windows that may lead to a security feature bypass.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49704 through 49705.
Microsoft Vulnerability CVE-2019-0735: A coding deficiency exists in Microsoft Windows CSRSS that may lead to an escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49694 through 49695.
Microsoft Vulnerability CVE-2019-0752: A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49702 through 49703.
Microsoft Vulnerability CVE-2019-0753: A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49708 through 49709.
Microsoft Vulnerability CVE-2019-0793: A coding deficiency exists in MS XML that may lead to remote code execution.
Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 46548 through 46549.
Microsoft Vulnerability CVE-2019-0794: A coding deficiency exists in OLE Automation that may lead to remote code execution.
Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 46548 through 46549.
Microsoft Vulnerability CVE-2019-0796: A coding deficiency exists in Microsoft Windows that may lead to an escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49718 through 49719.
Microsoft Vulnerability CVE-2019-0801: A coding deficiency exists in Microsoft Office that may lead to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49727 through 49745.
Microsoft Vulnerability CVE-2019-0803: A coding deficiency exists in Microsoft Win32k that may lead to an escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49712 through 49713.
Microsoft Vulnerability CVE-2019-0805: A coding deficiency exists in Microsoft Windows that may lead to an escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49748 through 49749.
Microsoft Vulnerability CVE-2019-0806: A coding deficiency exists in Microsoft Chakra Scripting Engine that may lead to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49716 through 49717.
Microsoft Vulnerability CVE-2019-0810: A coding deficiency exists in Microsoft Chakra Scripting Engine that may lead to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49710 through 49711.
Microsoft Vulnerability CVE-2019-0812: A coding deficiency exists in Microsoft Chakra Scripting Engine that may lead to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49698 through 49699.
Microsoft Vulnerability CVE-2019-0814: A coding deficiency exists in Microsoft Win32k that may lead to information disclosure.
Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 45632 and 45635.
Microsoft Vulnerability CVE-2019-0822: A coding deficiency exists in Microsoft Graphics that may lead to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49700 through 49701.
Microsoft Vulnerability CVE-2019-0829: A coding deficiency exists in Microsoft Chakra Scripting Engine that may lead to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49722 through 49723.
Microsoft Vulnerability CVE-2019-0836: A coding deficiency exists in Microsoft Windows that may lead to an escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49720 through 49721.
Microsoft Vulnerability CVE-2019-0840: A coding deficiency exists in Microsoft Windows Kernel that may lead to information disclosure.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49750 through 49751.
Microsoft Vulnerability CVE-2019-0844: A coding deficiency exists in Microsoft Windows Kernel that may lead to information disclosure.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49754 through 49755.
Microsoft Vulnerability CVE-2019-0859: A coding deficiency exists in Microsoft Win32k that may lead to an escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49746 through 49747.
Microsoft Vulnerability CVE-2019-0860: A coding deficiency exists in Microsoft Chakra Scripting Engine that may lead to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49706 through 49707.
Microsoft Vulnerability CVE-2019-0861: A coding deficiency exists in Microsoft Chakra Scripting Engine that may lead to remote code execution.
Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 49380 through 49381.
Microsoft Vulnerability CVE-2019-0862: A coding deficiency exists in Microsoft Windows VBScript Engine that may lead to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49752 through 49753.
Talos also has added and modified multiple rules in the browser-ie, browser-plugins, file-executable, file-office, file-pdf, indicator-shellcode, malware-cnc, os-linux, os-windows and server-webapp rule sets to provide coverage for emerging threats from these technologies.