Thursday, July 16, 2020

Snort rule update on July 16, 2020 — Additional coverage for Windows DNS vulnerability

Cisco Talos released a second rule update for SNORTⓇ on Thursday, providing additional rules to cover a critical vulnerability in Windows DNS.

Microsoft first disclosed CVE-2020-1350 on Tuesday as part of its monthly security update. While there was one Snort rule released Tuesday to defend against the exploitation of this bug, we have since expanded our coverage with three new rules released today. The vulnerability received a severity score of 10 out of the maximum 10. An adversary could exploit this bug to infect Windows servers with malware and create malicious DNS queries.

There were no changes made to the snort.conf in this release.

Talos's rule release:
Talos has added and modified multiple rules in the and server-other rule sets to provide coverage for emerging threats from these technologies.
You can subscribe to Talos' newest rule detection functionality for as low as $29 a year with a personal account. Be sure and see our business pricing as well here. Make sure and stay up to date to catch the most emerging threats.