The latest SNORT® rule release from Cisco Talos has arrived. This new round of rules provides coverage for all of the vulnerabilities covered in Microsoft Patch Tuesday.
For more details on the vulnerabilities Microsoft disclosed this week, head to the Talos blog.
In all, this release includes 22 new rules, four modified rules and one new shared object rule.
For more details on the vulnerabilities Microsoft disclosed this week, head to the Talos blog.
In all, this release includes 22 new rules, four modified rules and one new shared object rule.
There were no changes made to the
snort.conf
in this release.Talos's rule release:
Microsoft Vulnerability CVE-2020-0690: A coding deficiency exists in DirectX Graphics Kernel that may lead to an escalation of privilege.You can subscribe to Talos' newest rule detection functionality for as low as $29 a year with a personal account. Be sure and see our business pricing as well here. Make sure and stay up to date to catch the most emerging threats.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 53414 through 53415.
Microsoft Vulnerability CVE-2020-0788: A coding deficiency exists in Microsoft Win32k that may lead to an escalation of privilege.
Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 52213 through 52214.
Microsoft Vulnerability CVE-2020-0824: A coding deficiency exists in Microsoft Internet Explorer that may lead to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 53419 through 53420.
Microsoft Vulnerability CVE-2020-0832: A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 53402 through 53403.
Microsoft Vulnerability CVE-2020-0833: A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 53404 through 53405.
Microsoft Vulnerability CVE-2020-0847: A coding deficiency exists in Microsoft Windows VBScript Engine that may lead to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 53416 through 53417.
Microsoft Vulnerability CVE-2020-0877: A coding deficiency exists in Microsoft Win32k that may lead to an escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 53421 through 53424.
Microsoft Vulnerability CVE-2020-0887: A coding deficiency exists in Microsoft Win32k that may lead to an escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 53408 through 53409.
Microsoft Vulnerability CVE-2020-0898: A coding deficiency exists in Microsoft Graphics Component that may lead to an escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 53406 through 53407.
Talos also has added and modified multiple rules in the browser-ie, deleted, indicator-scan, os-windows and server-other rule sets to provide coverage for emerging threats from these technologies.