Tuesday, August 11, 2020

Snort rule update for Aug. 11, 2020 — Microsoft Patch Tuesday

 The latest SNORT® rule release from Cisco Talos has arrived. This new round of rules provides coverage for all of the vulnerabilities covered in Microsoft Patch Tuesday.

For more details on the vulnerabilities Microsoft disclosed this week, head to the Talos blog.

In all, this release includes 55 new rules, 76 modified rules and seven new shared object rules.
There were no changes made to the snort.conf in this release.

Talos's rule release:
Microsoft Vulnerability CVE-2020-1380: A coding deficiency exists in Microsoft Windows Scripting Engine that may lead to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 54743 through 54744.
Microsoft Vulnerability CVE-2020-1480: A coding deficiency exists in Microsoft Windows GDI that may lead to an escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 54745 through 54746.
Microsoft Vulnerability CVE-2020-1529: A coding deficiency exists in Microsoft Windows GDI that may lead to an escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 54737 through 54738.
Microsoft Vulnerability CVE-2020-1566: A coding deficiency exists in Microsoft Windows Kernel that may lead to an escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 54765 through 54766.
Microsoft Vulnerability CVE-2020-1567: A coding deficiency exists in Microsoft Windows MSHTML Engine that may lead to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 54741 through 54742.
Microsoft Vulnerability CVE-2020-1570: A coding deficiency exists in Microsoft Windows Scripting Engine that may lead to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 54739 through 54740.
Microsoft Vulnerability CVE-2020-1578: A coding deficiency exists in Microsoft Windows Kernel that may lead to information disclosure.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 54753 through 54754.
Microsoft Vulnerability CVE-2020-1584: A coding deficiency exists in Microsoft Windows dnsrslvr.dll that may lead to an escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 54735 through 54736.
Microsoft Vulnerability CVE-2020-1587: A coding deficiency exists in Microsoft Windows Ancillary Function Driver for WinSock that may lead to an escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 54733 through 54734.
Talos also has added and modified multiple rules in the browser-ie, file-flash, file-image, file-office, file-other, file-pdf, indicator-compromise, malware-backdoor, malware-cnc, malware-other, os-other, os-windows, policy-other, protocol-scada, server-oracle and server-webapp rule sets to provide coverage for emerging threats from these technologies.
You can subscribe to Talos' newest rule detection functionality for as low as $29 a year with a personal account. Be sure and see our business pricing as well here. Make sure and stay up to date to catch the most emerging threats.