New IPS/IDS signature release

  • 0
  • 1
  • Article
  • Updated 9 months ago

The following NIDS signature updates are available via liveupdate for Dragon versions 7.x/8.x:

 

EDGE:MEMORY-CORRUPTION-RCE-42

UPDATE-TYPE: New Signature

CLASSIFICATION: BETA

DESCRIPTION: A remote code execution vulnerability exists when Microsoft Edge improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Microsoft has released a patch for this vulnerability.

REFERENCE: URLREF

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8731

REFERENCE: CVE

CVE-2017-8731

 

 

EDGE:MEMORY-CORRUPTION-RCE-43

UPDATE-TYPE: New Signature

CLASSIFICATION: BETA

DESCRIPTION: A remote code execution vulnerability exists when Microsoft Edge improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Microsoft has released a patch for this vulnerability.

REFERENCE: URLREF

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8734

REFERENCE: CVE

CVE-2017-8734

 

 

EDGE:MEMORY-CORRUPTION-RCE-44

UPDATE-TYPE: New Signature

CLASSIFICATION: BETA

DESCRIPTION: A remote code execution vulnerability exists when Microsoft Edge renders certain objects in memory. Microsoft has released a patch for this vulnerability.

REFERENCE: URLREF

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8757

REFERENCE: CVE

CVE-2017-8757

 

 

EDGE:SCRIPT-ENG-MEM-CORRUPT-40

UPDATE-TYPE: New Signature

CLASSIFICATION: BETA

DESCRIPTION: A remote code execution vulnerability exists in the way that the Scripting Engine renders when handling objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.  Microsoft has released a patch for this vulnerability.

REFERENCE: URLREF

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8738

REFERENCE: CVE

CVE-2017-8738

 

 

EDGE:SCRIPT-ENG-MEM-CORRUPT-41

UPDATE-TYPE: New Signature

CLASSIFICATION: BETA

DESCRIPTION: A remote code execution vulnerability exists when Microsoft Edge renders certain objects in memory. Microsoft has released a patch for this vulnerability.

REFERENCE: URLREF

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8753

REFERENCE: CVE

CVE-2017-8753

 

 

IE:MEMORY-CORRUPTION-RCE-330

UPDATE-TYPE: New Signature

CLASSIFICATION: BETA

DESCRIPTION: A remote code injection vulnerability exists when Microsoft Internet Explorer incorrectly accesses certain objects in memory. Microsoft has released a patch for this vulnerability.

REFERENCE: URLREF

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2017-8747

REFERENCE: CVE

CVE-2017-8747

 

 

IE:MEMORY-CORRUPTION-RCE-331

UPDATE-TYPE: New Signature

CLASSIFICATION: BETA

DESCRIPTION: A remote code injection vulnerability exists when Microsoft Internet Explorer incorrectly accesses certain objects in memory. Microsoft has released a patch for this vulnerability.

REFERENCE: URLREF

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2017-8749

REFERENCE: CVE

CVE-2017-8749

 

 

IE:MEMORY-CORRUPTION-RCE-332

UPDATE-TYPE: New Signature

CLASSIFICATION: BETA

DESCRIPTION: A remote code injection vulnerability exists when Microsoft browsers incorrectly access certain objects in memory. Microsoft has released a patch for this vulnerability.

REFERENCE: URLREF

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2017-8750

REFERENCE: CVE

CVE-2017-8750

 

 

MS:DOTNET-REMOTE-CODE-VULN

UPDATE-TYPE: New Signature

CLASSIFICATION: BETA

DESCRIPTION: A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input. Microsoft has released a patch for this vulnerability.

REFERENCE: URLREF

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8759

REFERENCE: CVE

CVE-2017-8759

 

 

MS:PDF-LIBRARY-2

UPDATE-TYPE: New Signature

CLASSIFICATION: BETA

DESCRIPTION: A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory. Microsoft has released a patch  for this vulnerability. This signature tests for the "pdf.download" FlowTag being set before generating an event on network traffic. This FlowTag is defined by the HTTP:PDF-FILE-DOWNLOAD signature, which is required for this signature to generate an event.

REFERENCE: URLREF

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8728

REFERENCE: CVE

CVE-2017-8728

 

 

MS:PDF-LIBRARY-3

UPDATE-TYPE: New Signature

CLASSIFICATION: BETA

DESCRIPTION: A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory. Microsoft has released a patch  for this vulnerability. This signature tests for the "pdf.download" FlowTag being set before generating an event on network traffic. This FlowTag is defined by the HTTP:PDF-FILE-DOWNLOAD signature, which is required for this signature to generate an event.

REFERENCE: URLREF

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8737

REFERENCE: CVE

CVE-2017-8737

Photo of Dudley, Jeff

Dudley, Jeff, Employee

  • 914 Points 500 badge 2x thumb

Posted 9 months ago

  • 0
  • 1

Be the first to post a reply!