Cisco Talos Update for FireSIGHT Management Center

Date: 2019-06-11

This SRU number: 2019-06-10-001
Previous SRU number: 2019-06-05-003
Corresponding SEU number: 2031

Applies to:

SRU Change Summary:

Total new rules68
Total rule modifications15
Policy changeNo

Note: Rule updates are cumulative, so you do not need to install prior updates before installing this one. Also, because SEUs are cumulative, issues identified in previous SEUs can require your attention when you import the current SEU.

To review a cumulative list of recent feature updates and resolved issues since the last SEU you imported, use the link provided from this advisory on the Sourcefire Customer Support Site.

Synopsis:

Talos is aware of vulnerabilities affecting products from Microsoft Corporation.

Details:

Microsoft Vulnerability CVE-2019-0920:
A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 50373 through 50374.

Microsoft Vulnerability CVE-2019-0943:
A coding deficiency exists in Microsoft Windows ALPC that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 50413 through 50414.

Microsoft Vulnerability CVE-2019-0959:
A coding deficiency exists in Microsoft Windows Common Log File System Driver that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 50371 through 50372.

Microsoft Vulnerability CVE-2019-0984:
A coding deficiency exists in Microsoft Windows Common Log File System Driver that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 50411 through 50412.

Microsoft Vulnerability CVE-2019-0985:
A coding deficiency exists in Microsoft Speech API that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 50393 through 50394.

Microsoft Vulnerability CVE-2019-0986:
A coding deficiency exists in Microsoft Windows User Profile Service that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 50369 through 50370.

Microsoft Vulnerability CVE-2019-0988:
A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 50405 through 50406.

Microsoft Vulnerability CVE-2019-0989:
A coding deficiency exists in Microsoft Chakra Scripting Engine that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 50407 through 50408.

Microsoft Vulnerability CVE-2019-0990:
A coding deficiency exists in Microsoft Scripting Engine that may lead to information disclosure.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 50357 through 50358.

Microsoft Vulnerability CVE-2019-0991:
A coding deficiency exists in Microsoft Chakra Scripting Engine that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 50403 through 50404.

Microsoft Vulnerability CVE-2019-0992:
A coding deficiency exists in Microsoft Chakra Scripting Engine that may lead to remote code execution.

Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 49380 through 49381.

Microsoft Vulnerability CVE-2019-0993:
A coding deficiency exists in Microsoft Chakra Scripting Engine that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 50401 through 50402.

Microsoft Vulnerability CVE-2019-1002:
A coding deficiency exists in Microsoft Chakra Scripting Engine that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 50399 through 50400.

Microsoft Vulnerability CVE-2019-1003:
A coding deficiency exists in Microsoft Chakra Scripting Engine that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 50395 through 50396.

Microsoft Vulnerability CVE-2019-1005:
A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 50397 through 50398.

Microsoft Vulnerability CVE-2019-1017:
A coding deficiency exists in Microsoft Win32k that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 50363 through 50364.

Microsoft Vulnerability CVE-2019-1023:
A coding deficiency exists in Microsoft Scripting Engine that may lead to information disclosure.

Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 44813 through 44814.

Microsoft Vulnerability CVE-2019-1024:
A coding deficiency exists in Microsoft Chakra Scripting Engine that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 50361 through 50362.

Microsoft Vulnerability CVE-2019-1041:
A coding deficiency exists in Microsoft Windows Kernel that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 50365 through 50366.

Microsoft Vulnerability CVE-2019-1051:
A coding deficiency exists in Microsoft Chakra Scripting Engine that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 50359 through 50360.

Microsoft Vulnerability CVE-2019-1052:
A coding deficiency exists in Microsoft Chakra Scripting Engine that may lead to remote code execution.

Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 48051 through 48052.

Microsoft Vulnerability CVE-2019-1053:
A coding deficiency exists in Microsoft Windows Shell that may lead to an escalation of privilege.

Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 50183 through 50184.

Microsoft Vulnerability CVE-2019-1055:
A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 50367 through 50368.

Microsoft Vulnerability CVE-2019-1064:
A coding deficiency exists in Microsoft Windows that may lead to an escalation of privilege.

Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 50198 through 50199.

Microsoft Vulnerability CVE-2019-1065:
A coding deficiency exists in Microsoft Windows Kernel that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 50375 through 50376.

Microsoft Vulnerability CVE-2019-1069:
A coding deficiency exists in Microsoft Windows Task Scheduler that may lead to an escalation of privilege.

Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 50162 through 50163.

Talos also has added and modified multiple rules in the browser-ie, file-pdf, indicator-compromise, malware-cnc, malware-other, malware-tools, os-windows, policy-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Importing an update:

You can view instructions for importing rule updates and SEUs on the Sourcefire Customer Support Site and in the user documentation for the Sourcefire 3D System.

Detailed instructions can be found on the Sourcefire Customer Support Site in the downloads section for each product.

For Assistance:

For information on obtaining documentation, using the Cisco Bug Search Tool (BST), submitting a service request, and gathering additional information about Cisco ASA devices, see What's New in Cisco Product Documentation.

Subscribe to What's New in Cisco Product Documentation, which lists all new and revised Cisco technical documentation, as an RSS feed and deliver content directly to your desktop using a reader application. The RSS feeds are a free service. If you have any questions or require assistance with Cisco ASA devices, please contact Cisco Support:

About Talos:

The Talos Security Intelligence and Research Group (Talos) is made up of leading threat researchers supported by sophisticated systems to create threat intelligence for Cisco products that detects, analyzes and protects against both known and emerging threats. Talos maintains the official rule sets of Snort.org, ClamAV, SenderBase.org and SpamCop. The team's expertise spans software development, reverse engineering, vulnerability triage, malware investigation and intelligence gathering.