Cisco Rules Update for Sourcefire 3D System

Date: 2018-07-10

This SRU number: 2018-07-10-001
Previous SRU number: 2018-07-05-002
Corresponding SEU number: 1880

Applies to:

SRU Change Summary:

Total new rules54
Total rule modifications11
Policy changeNo

Note: Rule updates are cumulative, so you do not need to install prior updates before installing this one. Also, because SEUs are cumulative, issues identified in previous SEUs can require your attention when you import the current SEU.

To review a cumulative list of recent feature updates and resolved issues since the last SEU you imported, use the link provided from this advisory on the Sourcefire Customer Support Site.

Synopsis:

Talos is aware of vulnerabilities affecting products from Microsoft Corporation.

Details:

Microsoft Vulnerability CVE-2018-0949:
Microsoft Internet Explorer suffers from programming errors that may lead to a security feature bypass.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 47091 through 47092.

Microsoft Vulnerability CVE-2018-8125:
A coding deficiency exists in Microsoft Chakra Scripting Engine that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 47117 through 47118.

Microsoft Vulnerability CVE-2018-8242:
A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution.

Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 46548 through 46549.

Microsoft Vulnerability CVE-2018-8262:
A coding deficiency exists in Microsoft Edge that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 47113 through 47114.

Microsoft Vulnerability CVE-2018-8274:
A coding deficiency exists in Microsoft Edge that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 47107 through 47108.

Microsoft Vulnerability CVE-2018-8275:
A coding deficiency exists in Microsoft Edge that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 47100 through 47101.

Microsoft Vulnerability CVE-2018-8278:
A coding deficiency exists in Microsoft Edge that may lead to spoofing.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 47119 through 47120.

Microsoft Vulnerability CVE-2018-8279:
A coding deficiency exists in Microsoft Edge that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 47098 through 47099.

Microsoft Vulnerability CVE-2018-8282:
A coding deficiency exists in Microsoft Win32k that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 47096 through 47097.

Microsoft Vulnerability CVE-2018-8283:
A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 47121 through 47122.

Microsoft Vulnerability CVE-2018-8288:
A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution.

Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 45628 through 45629.

Microsoft Vulnerability CVE-2018-8289:
Microsoft Edge suffers from programming errors that may lead to information disclosure.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 47111 through 47112.

Microsoft Vulnerability CVE-2018-8291:
A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 47109 through 47110.

Microsoft Vulnerability CVE-2018-8296:
A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution.

Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 45628 through 45629.

Microsoft Vulnerability CVE-2018-8297:
Microsoft Edge suffers from programming errors that may lead to information disclosure.

Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 45121 through 45122.

Microsoft Vulnerability CVE-2018-8298:
A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 47102 through 47103.

Microsoft Vulnerability CVE-2018-8324:
Microsoft Edge suffers from programming errors that may lead to information disclosure.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 47141 through 47142.

Importing an update:

You can view instructions for importing rule updates and SEUs on the Sourcefire Customer Support Site and in the user documentation for the Sourcefire 3D System.

Detailed instructions can be found on the Sourcefire Customer Support Site in the downloads section for each product.

For Assistance:

For information on obtaining documentation, using the Cisco Bug Search Tool (BST), submitting a service request, and gathering additional information about Cisco ASA devices, see What's New in Cisco Product Documentation.

Subscribe to What's New in Cisco Product Documentation, which lists all new and revised Cisco technical documentation, as an RSS feed and deliver content directly to your desktop using a reader application. The RSS feeds are a free service. If you have any questions or require assistance with Cisco ASA devices, please contact Cisco Support:

About Talos:

The Talos Security Intelligence and Research Group (Talos) is made up of leading threat researchers supported by sophisticated systems to create threat intelligence for Cisco products that detects, analyzes and protects against both known and emerging threats. Talos maintains the official rule sets of Snort.org, ClamAV, SenderBase.org and SpamCop. The team's expertise spans software development, reverse engineering, vulnerability triage, malware investigation and intelligence gathering.