Tuesday, May 12, 2020

Snort rule update for May 12, 2020 — Microsoft Patch Tuesday

The latest SNORT® rule release from Cisco Talos has arrived. This new round of rules provides coverage for all of the vulnerabilities covered in Microsoft Patch Tuesday.

For more details on the vulnerabilities Microsoft disclosed this week, head to the Talos blog.

In all, this release includes 83 new rules, two modified rules and five new shared object rules.
There were no changes made to the snort.conf in this release.

Talos's rule release:
Microsoft Vulnerability CVE-2020-1035: A coding deficiency exists in Microsoft Windows VBScript Engine that may lead to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 53918 through 53919.
Microsoft Vulnerability CVE-2020-1054: A coding deficiency exists in Microsoft Win32k that may lead to an escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 53916 through 53917.
Microsoft Vulnerability CVE-2020-1058: A coding deficiency exists in Microsoft Windows VBScript Engine that may lead to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 53924 through 53925.
Microsoft Vulnerability CVE-2020-1060: A coding deficiency exists in Microsoft Windows VBScript Engine that may lead to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 53926 through 53927.
Microsoft Vulnerability CVE-2020-1062: A coding deficiency exists in Microsoft Internet Explorer that may lead to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 53928 through 53931.
Microsoft Vulnerability CVE-2020-1135: A coding deficiency exists in Microsoft Graphics Component that may lead to an escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 53940 through 53941.
Microsoft Vulnerability CVE-2020-1143: A coding deficiency exists in Microsoft Win32k that may lead to an escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 53932 through 53933.
Microsoft Vulnerability CVE-2020-1153: A coding deficiency exists in Microsoft Graphics Component that may lead to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 53950 through 53951.
Talos has added and modified multiple rules in the browser-chrome, browser-ie, file-other, file-pdf, indicator-obfuscation, malware-cnc, malware-other, malware-tools, os-windows and server-webapp rule sets to provide coverage for emerging threats from these technologies.
You can subscribe to Talos' newest rule detection functionality for as low as $29 a year with a personal account. Be sure and see our business pricing as well here. Make sure and stay up to date to catch the most emerging threats.