Just released:
Snort Subscriber Rule Set Update for May 14, 2019The newest SNORTⓇ rule set is here from Cisco Talos. In this release, we introduced 53 new rules, five of which are shared object rules. There are also two modified rules.
This release covers Microsoft Patch Tuesday, which included fixes for 79 vulnerabilities. You can read more about the bugs that Microsoft disclosed over at the Talos blog.
There were no changes made to the
snort.conf
in this release.Talos's rule release:
Microsoft Vulnerability CVE-2019-0707: A coding deficiency exists in Microsoft Windows NDIS that may lead to an escalation of privilege.You can subscribe to Talos' newest rule detection functionality for as low as $29 a year with a personal account. Be sure and see our business pricing as well here. Make sure and stay up to date to catch the most emerging threats.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 50090 through 50091.
Microsoft Vulnerability CVE-2019-0758: A coding deficiency exists in Microsoft Windows GDI that may lead to information disclosure.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 50119 through 50120.
Microsoft Vulnerability CVE-2019-0863: A coding deficiency exists in Microsoft Windows Error Reporting that may lead to an escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 50115 through 50116.
Microsoft Vulnerability CVE-2019-0881: A coding deficiency exists in DirectX Graphics Kernel that may lead to an escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 50084 through 50085.
Microsoft Vulnerability CVE-2019-0882: A coding deficiency exists in Microsoft Windows GDI that may lead to information disclosure.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 50086 through 50087.
Microsoft Vulnerability CVE-2019-0884: A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 50074 through 50075.
Microsoft Vulnerability CVE-2019-0885: A coding deficiency exists in Micrisoft Windows OLE that may lead to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 50088 through 50089.
Microsoft Vulnerability CVE-2019-0903: A coding deficiency exists in Micrisoft Windows GDI+ that may lead to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 50121 through 50122.
Microsoft Vulnerability CVE-2019-0911: A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 50070 through 50071.
Microsoft Vulnerability CVE-2019-0918: A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 50072 through 50073.
Microsoft Vulnerability CVE-2019-0926: A coding deficiency exists in Microsoft Edge that may lead to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 50076 through 50077.
Microsoft Vulnerability CVE-2019-0930: A coding deficiency exists in Microsoft Internet Explorer that may lead to information disclosure.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 50082 through 50083.
Microsoft Vulnerability CVE-2019-0931: A coding deficiency exists in Microsoft Windows Storage Service that may lead to an escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 50068 through 50069.
Microsoft Vulnerability CVE-2019-0938: A coding deficiency exists in Microsoft Edge that may lead to an escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 50080 through 50081.
Microsoft Vulnerability CVE-2019-0940: A coding deficiency exists in Microsoft Browser that may lead to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 50078 through 50079.
Talos also has added and modified multiple rules in the browser-ie, file-image, file-office, file-other, indicator-compromise, malware-cnc, malware-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.