The latest SNORT® rule release from Cisco Talos has arrived. This new round of rules provides coverage for all of the vulnerabilities covered in Microsoft Patch Tuesday.
For more details on the vulnerabilities Microsoft disclosed this week, head to the Talos blog.
In all, this release includes 22 new rules, four modified rules and one new shared object rule.
For more details on the vulnerabilities Microsoft disclosed this week, head to the Talos blog.
In all, this release includes 22 new rules, four modified rules and one new shared object rule.
There were no changes made to the
snort.conf
in this release.Talos's rule release:
Microsoft Vulnerability CVE-2020-0784: A coding deficiency exists in DirectX Graphics Kernel that may lead to an escalation of privilege.You can subscribe to Talos' newest rule detection functionality for as low as $29 a year with a personal account. Be sure and see our business pricing as well here. Make sure and stay up to date to catch the most emerging threats.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 53621 through 53622.
Microsoft Vulnerability CVE-2020-0888: A coding deficiency exists in DirectX Graphics Kernel that may lead to an escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 53625 through 53626.
Microsoft Vulnerability CVE-2020-0938: A coding deficiency exists in OpenType Font Parsing that may lead to remote code execution.
Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 53489 through 53490.
Microsoft Vulnerability CVE-2020-0956: A coding deficiency exists in Microsoft Win32k that may lead to an escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 53652 through 53653.
Microsoft Vulnerability CVE-2020-0957: A coding deficiency exists in Microsoft Win32k that may lead to an escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 53654 through 53655.
Microsoft Vulnerability CVE-2020-0958: A coding deficiency exists in Microsoft Win32k that may lead to an escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 53627 through 53628.
Microsoft Vulnerability CVE-2020-0968: A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 53623 through 53624.
Microsoft Vulnerability CVE-2020-1004: A coding deficiency exists in Microsoft Graphics Component that may lead to an escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 53619 through 53620.
Microsoft Vulnerability CVE-2020-1020: A coding deficiency exists in Adobe Font Manager Library that may lead to remote code execution.
Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 53491 through 53492.
Microsoft Vulnerability CVE-2020-1027: A coding deficiency exists in Microsoft Windows Kernel that may lead to elevation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 53629 through 53630.
Talos also has added and modified multiple rules in the browser-ie, deleted, file-flash, file-image, file-multimedia, file-office, file-other, indicator-compromise, malware-cnc, malware-other, malware-tools, os-linux, os-other, os-windows, protocol-dns, protocol-other and server-samba rule sets to provide coverage for emerging threats from these technologies.