Header Only - DO NOT REMOVE - Extreme Networks

New Dragon signatures released 3/13/2019

  • 13 March 2019
  • 0 replies
  • 323 views

Userlevel 3
The following NIDS signature updates are available via liveupdate for Dragon versions 7.x/8.x:

EDGE:CHAKRA-SCRIPT-CORRUPT-11
UPDATE-TYPE: New Signature
CLASSIFICATION: BETA
DESCRIPTION: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Microsoft has released a patch for this vulnerability.
REFERENCE: URLREF
https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fportal.msrc.microsoft.com%2Fen-US%2Fsecurity-guidance%2Fadvisory%2FCVE-2019-0592&data=02%7C01%7Cjdudley%40extremenetworks.com%7C53c98c3047694e904a9108d6a76872dc%7Cfc8c2bf6914d4c1fb35246a9adb87030%7C0%7C0%7C636880464388078110&sdata=M3dQx74RvQ1tmErbQepGaXb0r%2BtRcVBe%2F4YPxILHZl8%3D&reserved=0
REFERENCE: CVE
CVE-2019-0592


EDGE:CHAKRA-SCRIPT14
UPDATE-TYPE: New Signature
CLASSIFICATION: BETA
DESCRIPTION: A remote code execution vulnerability exists in the way that the Scripting Engine renders when handling objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Microsoft has released a patch for this vulnerability.
REFERENCE: URLREF
https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fportal.msrc.microsoft.com%2Fen-US%2Fsecurity-guidance%2Fadvisory%2FCVE-2019-0639&data=02%7C01%7Cjdudley%40extremenetworks.com%7C53c98c3047694e904a9108d6a76872dc%7Cfc8c2bf6914d4c1fb35246a9adb87030%7C0%7C0%7C636880464388078110&sdata=S9K76TYeq2cx4ugL2D6JyY26y%2FtCb64Wy88tsBbSpqs%3D&reserved=0
REFERENCE: CVE
CVE-2019-0639


EDGE:SCRIPT-ENG-MEM-CORRUPT-109
UPDATE-TYPE: New Signature
CLASSIFICATION: BETA
DESCRIPTION: A remote code execution vulnerability exists in the way that the Scripting Engine renders when handling objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Microsoft has released a patch for this vulnerability.
REFERENCE: URLREF
https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fportal.msrc.microsoft.com%2Fen-US%2Fsecurity-guidance%2Fadvisory%2FCVE-2019-0769&data=02%7C01%7Cjdudley%40extremenetworks.com%7C53c98c3047694e904a9108d6a76872dc%7Cfc8c2bf6914d4c1fb35246a9adb87030%7C0%7C0%7C636880464388078110&sdata=VrmGCkTH549b6KSBakAFIoSMnrqF7Y2Y20ZbTMumUk0%3D&reserved=0
REFERENCE: CVE
CVE-2019-0769


EDGE:SCRIPT-ENG-MEM-CORRUPT-110
UPDATE-TYPE: New Signature
CLASSIFICATION: BETA
DESCRIPTION: A remote code execution vulnerability exists in the way that the Scripting Engine renders when handling objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Microsoft has released a patch for this vulnerability.
REFERENCE: URLREF
https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fportal.msrc.microsoft.com%2Fen-US%2Fsecurity-guidance%2Fadvisory%2FCVE-2019-0770&data=02%7C01%7Cjdudley%40extremenetworks.com%7C53c98c3047694e904a9108d6a76872dc%7Cfc8c2bf6914d4c1fb35246a9adb87030%7C0%7C0%7C636880464388078110&sdata=6HW8edr3%2FWKDP1oQOdUCURr7gOgZIUpuyBlMknWNvjk%3D&reserved=0
REFERENCE: CVE
CVE-2019-0770


EDGE:SCRIPT-ENG-MEM-CORRUPT-111
UPDATE-TYPE: New Signature
CLASSIFICATION: BETA
DESCRIPTION: A remote code execution vulnerability exists in the way that the Scripting Engine renders when handling objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Microsoft has released a patch for this vulnerability.
REFERENCE: URLREF
https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fportal.msrc.microsoft.com%2Fen-US%2Fsecurity-guidance%2Fadvisory%2FCVE-2019-0771&data=02%7C01%7Cjdudley%40extremenetworks.com%7C53c98c3047694e904a9108d6a76872dc%7Cfc8c2bf6914d4c1fb35246a9adb87030%7C0%7C0%7C636880464388078110&sdata=SgRSt9Eo10bvf%2BOZhxtxFNrT0%2B0Eb9u1z5%2B8ahVRl7Q%3D&reserved=0
REFERENCE: CVE
CVE-2019-0771


EDGE:SCRIPT-ENG-MEM-CORRUPT-112
UPDATE-TYPE: New Signature
CLASSIFICATION: BETA
DESCRIPTION: A remote code execution vulnerability exists in the way that the Scripting Engine renders when handling objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Microsoft has released a patch for this vulnerability.
REFERENCE: URLREF
https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fportal.msrc.microsoft.com%2Fen-US%2Fsecurity-guidance%2Fadvisory%2FCVE-2019-0773&data=02%7C01%7Cjdudley%40extremenetworks.com%7C53c98c3047694e904a9108d6a76872dc%7Cfc8c2bf6914d4c1fb35246a9adb87030%7C0%7C0%7C636880464388078110&sdata=3mimDL5QV8w%2Ftg%2BFsKIPtBmR%2BEwMcjuuHqdBL79%2BEO8%3D&reserved=0
REFERENCE: CVE
CVE-2019-0773


EDGE:SCRIPT-ENG-MEM-CORRUPT-113
UPDATE-TYPE: New Signature
CLASSIFICATION: BETA
DESCRIPTION: A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Microsoft has released a patch for this vulnerability.
REFERENCE: URLREF
https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fportal.msrc.microsoft.com%2Fen-US%2Fsecurity-guidance%2Fadvisory%2FCVE-2019-0609&data=02%7C01%7Cjdudley%40extremenetworks.com%7C53c98c3047694e904a9108d6a76872dc%7Cfc8c2bf6914d4c1fb35246a9adb87030%7C0%7C0%7C636880464388088115&sdata=cyfO7Tti9B3JrwYkloZGyLNxVwHUrdTFDh0in6k19bI%3D&reserved=0
REFERENCE: CVE
CVE-2019-0609


EDGE:SECURITY-FEATURE-BYPASS-3
UPDATE-TYPE: New Signature
CLASSIFICATION: BETA
DESCRIPTION: A security feature bypass exists when Click2Play protection in Microsoft Edge improperly handles flash objects. By itself, this bypass vulnerability does not allow arbitrary code execution. However, an attacker could use the bypass vulnerability in conjunction with another vulnerability, such as a remote code execution vulnerability, to run arbitrary code on a target system.
REFERENCE: URLREF
https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fportal.msrc.microsoft.com%2Fen-US%2Fsecurity-guidance%2Fadvisory%2FCVE-2019-0612&data=02%7C01%7Cjdudley%40extremenetworks.com%7C53c98c3047694e904a9108d6a76872dc%7Cfc8c2bf6914d4c1fb35246a9adb87030%7C0%7C0%7C636880464388088115&sdata=PdwnMj8Gfw8BQ1bVboh7xxa38R2QzrNvF5y4bCxJIjc%3D&reserved=0
REFERENCE: CVE
CVE-2019-0612


IE:MEMORY-CORRUPTION-RCE-345
UPDATE-TYPE: New Signature
CLASSIFICATION: BETA
DESCRIPTION: A remote code execution vulnerability exists when Microsoft Internet Explorer renders certain objects in memory. Microsoft has released a patch for this vulnerability.
REFERENCE: URLREF
https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fportal.msrc.microsoft.com%2Fen-US%2Fsecurity-guidance%2Fadvisory%2FCVE-2019-0763&data=02%7C01%7Cjdudley%40extremenetworks.com%7C53c98c3047694e904a9108d6a76872dc%7Cfc8c2bf6914d4c1fb35246a9adb87030%7C0%7C0%7C636880464388088115&sdata=Cd2wp5MMqAvXHaSHpBBN9WadLTov5vwF9AnXhYD2JLI%3D&reserved=0
REFERENCE: CVE
CVE-2019-0763


IE:SCRIPTING-ENGINE-RCE-62
UPDATE-TYPE: New Signature
CLASSIFICATION: BETA
DESCRIPTION: A remote code execution vulnerability exists in the way that the Scripting Engine renders when handling objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Microsoft has released a patch for this vulnerability.
REFERENCE: URLREF
https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fportal.msrc.microsoft.com%2Fen-US%2Fsecurity-guidance%2Fadvisory%2FCVE-2019-0666&data=02%7C01%7Cjdudley%40extremenetworks.com%7C53c98c3047694e904a9108d6a76872dc%7Cfc8c2bf6914d4c1fb35246a9adb87030%7C0%7C0%7C636880464388088115&sdata=lpnzt2sGwtbX5%2BXepnUlUBJro8AVCe%2BVJOVr3ACl4Ps%3D&reserved=0
REFERENCE: CVE
CVE-2019-0666


IE:SCRIPTING-ENGINE-RCE-63
UPDATE-TYPE: New Signature
CLASSIFICATION: BETA
DESCRIPTION: A remote code execution vulnerability exists in the way that the Scripting Engine renders when handling objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Microsoft has released a patch for this vulnerability.
REFERENCE: URLREF
https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fportal.msrc.microsoft.com%2Fen-US%2Fsecurity-guidance%2Fadvisory%2FCVE-2019-0667&data=02%7C01%7Cjdudley%40extremenetworks.com%7C53c98c3047694e904a9108d6a76872dc%7Cfc8c2bf6914d4c1fb35246a9adb87030%7C0%7C0%7C636880464388088115&sdata=ofkSuzDIeg09%2B5Dq9FUdtleVImILD6EWdwjFhkD4bYw%3D&reserved=0
REFERENCE: CVE
CVE-2019-0667


IE:SCRIPTING-ENGINE-RCE-64
UPDATE-TYPE: New Signature
CLASSIFICATION: BETA
DESCRIPTION: A remote code execution vulnerability exists in the way that the Scripting Engine renders when handling objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Microsoft has released a patch for this vulnerability.
REFERENCE: URLREF
https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fportal.msrc.microsoft.com%2Fen-US%2Fsecurity-guidance%2Fadvisory%2FCVE-2019-0680&data=02%7C01%7Cjdudley%40extremenetworks.com%7C53c98c3047694e904a9108d6a76872dc%7Cfc8c2bf6914d4c1fb35246a9adb87030%7C0%7C0%7C636880464388088115&sdata=woJ1yQg7REE4g13%2B67wlgjUSqat9Sxdm4TuW7oIPfbY%3D&reserved=0
REFERENCE: CVE
CVE-2019-0680


IE:VBSCRIPT-SECURITY-BYPASS
UPDATE-TYPE: New Signature
CLASSIFICATION: BETA
DESCRIPTION: A security feature bypass vulnerability exists when Internet Explorer VBScript execution policy does not properly restrict VBScript under specific conditions, and to allow requests that should otherwise be ignored. An attacker who successfully exploited the vulnerability could force the browser to send data that would otherwise be restricted. Microsoft has released a patch for this vulnerability.
REFERENCE: URLREF
https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fportal.msrc.microsoft.com%2Fen-US%2Fsecurity-guidance%2Fadvisory%2FCVE-2019-0768&data=02%7C01%7Cjdudley%40extremenetworks.com%7C53c98c3047694e904a9108d6a76872dc%7Cfc8c2bf6914d4c1fb35246a9adb87030%7C0%7C0%7C636880464388088115&sdata=XASsxK2KW%2FdqaObum0ICl1KnLHNwupC4ixYloB2ECp0%3D&reserved=0
REFERENCE: CVE
CVE-2019-0768


MS:SMB2-INFO-DISCLOSURE
UPDATE-TYPE: New Signature
CLASSIFICATION: BETA
DESCRIPTION: An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests. An authenticated attacker who successfully exploited this vulnerability could craft a special packet, which could lead to information disclosure from the server. To exploit the vulnerability, an attacker would have to be able to authenticate and send SMB messages to an impacted Windows SMB Server The security update addresses the vulnerability by correcting how Windows SMB Server handles authenticated requests. Microsoft has released a patch for this vulnerability.
REFERENCE: URLREF
https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fportal.msrc.microsoft.com%2Fen-US%2Fsecurity-guidance%2Fadvisory%2FCVE-2019-0703&data=02%7C01%7Cjdudley%40extremenetworks.com%7C53c98c3047694e904a9108d6a76872dc%7Cfc8c2bf6914d4c1fb35246a9adb87030%7C0%7C0%7C636880464388088115&sdata=zsNmoeD1f1coW7BIzXEONDrVSxJ%2FkN58kTni%2B%2BFa2RY%3D&reserved=0
REFERENCE: CVE
CVE-2019-0703


MS:VBSCRIPT-ENGINE-RCE-5
UPDATE-TYPE: New Signature
CLASSIFICATION: BETA
DESCRIPTION: A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Microsoft has released a patch for this vulnerability.
REFERENCE: URLREF
https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fportal.msrc.microsoft.com%2Fen-US%2Fsecurity-guidance%2Fadvisory%2FCVE-2019-0665&data=02%7C01%7Cjdudley%40extremenetworks.com%7C53c98c3047694e904a9108d6a76872dc%7Cfc8c2bf6914d4c1fb35246a9adb87030%7C0%7C0%7C636880464388088115&sdata=rn76Iud6h%2BcdQbwVasBjpcB1jDDkHftltNu1HZfQ5Uk%3D&reserved=0
REFERENCE: CVE
CVE-2019-0665

0 replies

Be the first to reply!

Reply