End of Service Products

New Dragon Signature release 1/9/2019

  • 1.  New Dragon Signature release 1/9/2019

    Posted 01-09-2019 13:12
    The following NIDS signature updates are available via liveupdate for Dragon versions 7.x/8.x:

    EDGE:CHAKRA-SCRIPT12
    UPDATE-TYPE: New Signature
    CLASSIFICATION: BETA
    DESCRIPTION: A remote code execution vulnerability exists when Microsoft Edge improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Microsoft has released a patch for this vulnerability.
    REFERENCE: URLREF
    https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0539
    REFERENCE: CVE
    CVE-2019-0539


    EDGE:CHAKRA-SCRIPT13
    UPDATE-TYPE: New Signature
    CLASSIFICATION: BETA
    DESCRIPTION: A remote code execution vulnerability exists when Microsoft Edge improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Microsoft has released a patch for this vulnerability.
    REFERENCE: URLREF
    https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0567
    REFERENCE: CVE
    CVE-2019-0567


    EDGE:MEMORY-CORRUPTION-RCE-58
    UPDATE-TYPE: New Signature
    CLASSIFICATION: BETA
    DESCRIPTION: A remote code execution vulnerability exists when Microsoft Edge improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Microsoft has released a patch for this vulnerability.
    REFERENCE: URLREF
    https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0565
    REFERENCE: CVE
    CVE-2019-0565


    EDGE:PRIVILEGE-ESCALATION
    UPDATE-TYPE: New Signature
    CLASSIFICATION: BETA
    DESCRIPTION: An elevation of privilege vulnerability exists in Microsoft Edge Browser Broker COM object. An attacker who successfully exploited the vulnerability could use the Browser Broker COM object to elevate privileges on an affected system. This vulnerability by itself does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability (such as a remote code execution vulnerability or another elevation of privilege vulnerability) that is capable of leveraging the elevated privileges when code execution is attempted. Microsoft has released a patch for this vulnerability.
    REFERENCE: URLREF
    https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0566
    REFERENCE: CVE
    CVE-2019-0566


    EDGE:SCRIPT-ENG-MEM-CORRUPT-96
    UPDATE-TYPE: New Signature
    CLASSIFICATION: BETA
    DESCRIPTION: A remote code execution vulnerability exists in the way that the Scripting Engine renders when handling objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Microsoft has released a patch for this vulnerability.
    REFERENCE: URLREF
    https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0568
    REFERENCE: CVE
    CVE-2019-0568


    IE:MSHTML-REMOTE-CODE
    UPDATE-TYPE: New Signature
    CLASSIFICATION: BETA
    DESCRIPTION: A remote code execution vulnerability exists in the way that the MSHTML engine inproperly validates input. An attacker could execute arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Microsoft has released a patch for this vulnerability.
    REFERENCE: URLREF
    https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0541
    REFERENCE: CVE
    CVE-2019-0541