The following NIDS signature updates are available via liveupdate for Dragon versions 7.x/8.x:
EDGE:CHAKRA-SCRIPT-CORRUPT-18
UPDATE-TYPE: New Signature
CLASSIFICATION: BETA
DESCRIPTION: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Microsoft has released a patch for this vulnerability.
REFERENCE: URLREF
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0992
REFERENCE: CVE
CVE-2019-0992
EDGE:CHAKRA-SCRIPT-CORRUPT-19
UPDATE-TYPE: New Signature
CLASSIFICATION: BETA
DESCRIPTION: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Microsoft has released a patch for this vulnerability.
REFERENCE: URLREF
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0993
REFERENCE: CVE
CVE-2019-0993
EDGE:CHAKRA-SCRIPT-CORRUPT-20
UPDATE-TYPE: New Signature
CLASSIFICATION: BETA
DESCRIPTION: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Microsoft has released a patch for this vulnerability.
REFERENCE: URLREF
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-1002
REFERENCE: CVE
CVE-2019-1002
EDGE:CHAKRA-SCRIPT-CORRUPT-21
UPDATE-TYPE: New Signature
CLASSIFICATION: BETA
DESCRIPTION: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Microsoft has released a patch for this vulnerability.
REFERENCE: URLREF
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-1003
REFERENCE: CVE
CVE-2019-1003
EDGE:CHAKRA-SCRIPT-CORRUPT-22
UPDATE-TYPE: New Signature
CLASSIFICATION: BETA
DESCRIPTION: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Microsoft has released a patch for this vulnerability.
REFERENCE: URLREF
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1024
REFERENCE: CVE
CVE-2019-1024
EDGE:CHAKRA-SCRIPT-CORRUPT-23
UPDATE-TYPE: New Signature
CLASSIFICATION: BETA
DESCRIPTION: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Microsoft has released a patch for this vulnerability.
REFERENCE: URLREF
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1051
REFERENCE: CVE
CVE-2019-1051
EDGE:CHAKRA-SCRIPT-CORRUPT-24
UPDATE-TYPE: New Signature
CLASSIFICATION: BETA
DESCRIPTION: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Microsoft has released a patch for this vulnerability.
REFERENCE: URLREF
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1052
REFERENCE: CVE
CVE-2019-1052
EDGE:INFO-DISCLOSURE14
UPDATE-TYPE: New Signature
CLASSIFICATION: BETA
DESCRIPTION: An information disclosure vulnerability exists when a Microsoft browser incorrectly handles objects in memory. Microsoft has released a patch for this vulnerability.
REFERENCE: URLREF
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0990
REFERENCE: CVE
CVE-2019-0990
EDGE:INFO-DISCLOSURE15
UPDATE-TYPE: New Signature
CLASSIFICATION: BETA
DESCRIPTION: An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. Microsoft has released a patch for this vulnerability.
REFERENCE: URLREF
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1023
REFERENCE: CVE
CVE-2019-1023
EDGE:SCRIPT-ENG-MEM-CORRUPT-114
UPDATE-TYPE: New Signature
CLASSIFICATION: BETA
DESCRIPTION: A remote code execution vulnerability exists in the way that the Scripting Engine renders when handling objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Microsoft has released a patch for this vulnerability.
REFERENCE: URLREF
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0989
REFERENCE: CVE
CVE-2019-0989
EDGE:SCRIPT-ENG-MEM-CORRUPT-115
UPDATE-TYPE: New Signature
CLASSIFICATION: BETA
DESCRIPTION: A remote code execution vulnerability exists in the way that the Scripting Engine renders when handling objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Microsoft has released a patch for this vulnerability.
REFERENCE: URLREF
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0991
REFERENCE: CVE
CVE-2019-0991
IE:SCRIPTING-ENGINE-RCE-66
UPDATE-TYPE: Modified Signature
CLASSIFICATION: BETA
DESCRIPTION: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. Microsoft has released a patch for this vulnerability.
REFERENCE: URLREF
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0752
REFERENCE: CVE
CVE-2019-0752
IE:SCRIPTING-ENGINE-RCE-71
UPDATE-TYPE: New Signature
CLASSIFICATION: BETA
DESCRIPTION: A remote code execution vulnerability exists in the way that the Scripting Engine renders when handling objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Microsoft has released a patch for this vulnerability.
REFERENCE: URLREF
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0988
REFERENCE: CVE
CVE-2019-0988
IE:SCRIPTING-ENGINE-RCE-72
UPDATE-TYPE: New Signature
CLASSIFICATION: BETA
DESCRIPTION: A remote code execution vulnerability exists in the way that the Scripting Engine renders when handling objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Microsoft has released a patch for this vulnerability.
REFERENCE: URLREF
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-1005
REFERENCE: CVE
CVE-2019-1005
IE:SCRIPTING-ENGINE-RCE-73
UPDATE-TYPE: New Signature
CLASSIFICATION: BETA
DESCRIPTION: A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Microsoft has released a patch for this vulnerability.
REFERENCE: URLREF
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0920
REFERENCE: CVE
CVE-2019-0920
IE:SCRIPTING-ENGINE-RCE-74
UPDATE-TYPE: New Signature
CLASSIFICATION: BETA
DESCRIPTION: A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Microsoft has released a patch for this vulnerability.
REFERENCE: URLREF
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1055
REFERENCE: CVE
CVE-2019-1055
MS:RDP-EXPLOIT-ATTEMPT5
UPDATE-TYPE: New Signature
CLASSIFICATION: BETA
DESCRIPTION: A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Microsoft has released a patch for this vulnerability. The vulnerability affects Windows 7 and Windows Server 2008. An exploit PoC exists for this vulnerability, with the potential to be wormable.
REFERENCE: URLREF
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708
REFERENCE: CVE
CVE-2019-0708
MS:SPEECHAPI-RCE
UPDATE-TYPE: New Signature
CLASSIFICATION: BETA
DESCRIPTION: A remote code execution vulnerability exists when the Microsoft Speech API (SAPI) improperly handles text-to-speech (TTS) input. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. This signature requires the HTTP:PDF-FILE-DOWNLOAD signature to be enabled to work. Microsoft has released a patch for this vulnerability.
REFERENCE: URLREF
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0985
REFERENCE: CVE
CVE-2019-0985