Cisco Talos Update for FireSIGHT Management Center

Date: 2019-05-14

This SRU number: 2019-05-14-001
Previous SRU number: 2019-05-08-001
Corresponding SEU number: 2012

Applies to:

SRU Change Summary:

Total new rules58
Total rule modifications2
Policy changeNo

Note: Rule updates are cumulative, so you do not need to install prior updates before installing this one. Also, because SEUs are cumulative, issues identified in previous SEUs can require your attention when you import the current SEU.

To review a cumulative list of recent feature updates and resolved issues since the last SEU you imported, use the link provided from this advisory on the Sourcefire Customer Support Site.

Synopsis:

Talos is aware of vulnerabilities affecting products from Microsoft Corporation.

Details:

Microsoft Vulnerability CVE-2019-0707:
A coding deficiency exists in Microsoft Windows NDIS that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 50090 through 50091.

Microsoft Vulnerability CVE-2019-0758:
A coding deficiency exists in Microsoft Windows GDI that may lead to information disclosure.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 50119 through 50120.

Microsoft Vulnerability CVE-2019-0863:
A coding deficiency exists in Microsoft Windows Error Reporting that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 50115 through 50116.

Microsoft Vulnerability CVE-2019-0881:
A coding deficiency exists in DirectX Graphics Kernel that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 50084 through 50085.

Microsoft Vulnerability CVE-2019-0882:
A coding deficiency exists in Microsoft Windows GDI that may lead to information disclosure.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 50086 through 50087.

Microsoft Vulnerability CVE-2019-0884:
A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 50074 through 50075.

Microsoft Vulnerability CVE-2019-0885:
A coding deficiency exists in Micrisoft Windows OLE that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 50088 through 50089.

Microsoft Vulnerability CVE-2019-0903:
A coding deficiency exists in Micrisoft Windows GDI+ that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 50121 through 50122.

Microsoft Vulnerability CVE-2019-0911:
A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 50070 through 50071.

Microsoft Vulnerability CVE-2019-0918:
A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 50072 through 50073.

Microsoft Vulnerability CVE-2019-0926:
A coding deficiency exists in Microsoft Edge that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 50076 through 50077.

Microsoft Vulnerability CVE-2019-0930:
A coding deficiency exists in Microsoft Internet Explorer that may lead to information disclosure.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 50082 through 50083.

Microsoft Vulnerability CVE-2019-0931:
A coding deficiency exists in Microsoft Windows Storage Service that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 50068 through 50069.

Microsoft Vulnerability CVE-2019-0938:
A coding deficiency exists in Microsoft Edge that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 50080 through 50081.

Microsoft Vulnerability CVE-2019-0940:
A coding deficiency exists in Microsoft Browser that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 50078 through 50079.

Talos also has added and modified multiple rules in the browser-ie, file-image, file-office, file-other, indicator-compromise, malware-cnc, malware-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Importing an update:

You can view instructions for importing rule updates and SEUs on the Sourcefire Customer Support Site and in the user documentation for the Sourcefire 3D System.

Detailed instructions can be found on the Sourcefire Customer Support Site in the downloads section for each product.

For Assistance:

For information on obtaining documentation, using the Cisco Bug Search Tool (BST), submitting a service request, and gathering additional information about Cisco ASA devices, see What's New in Cisco Product Documentation.

Subscribe to What's New in Cisco Product Documentation, which lists all new and revised Cisco technical documentation, as an RSS feed and deliver content directly to your desktop using a reader application. The RSS feeds are a free service. If you have any questions or require assistance with Cisco ASA devices, please contact Cisco Support:

About Talos:

The Talos Security Intelligence and Research Group (Talos) is made up of leading threat researchers supported by sophisticated systems to create threat intelligence for Cisco products that detects, analyzes and protects against both known and emerging threats. Talos maintains the official rule sets of Snort.org, ClamAV, SenderBase.org and SpamCop. The team's expertise spans software development, reverse engineering, vulnerability triage, malware investigation and intelligence gathering.