Rule release for today - March 17th 2009
We've been busy updating some rules and adding extras, lots of changes to a lot of rules. Mostly a maintenance release with some new scada rules. The scada rule set now includes support for OMRON FINS. Additionally, multiple rules in the specific-threats and content-replace
Microsoft Tuesday Coverage for March MS09-006, MS09-008
Microsoft Security Bulletin MS09-006: A programming error in the Microsoft Windows kernel may allow a remote attacker to execute code with system level privileges. This may be exploited when specially crafted EMF files are viewed using Microsoft Internet Explorer. A rule to dete
Rule release for today - March 3rd 2009
Specific threats, ActiveX and web-client have new rules. Major rule updates to other, older rules. Details: http://www.snort.org/vrt/advisories/vrt-rules-2009-03-03.html
Rule release for today - February 27th 2009
We've been busy again... Microsoft Excel Code Execution (CVE-2009-0238): Microsoft Excel contains a programming error that may allow a remote attacker to execute code on a vulnerable system. The problem occurs when Excel attempts to process a specially crafted document with
Conficker variant B - Still detected
As with all malware, variants eventually float to the surface of the threat landscape. Conficker is no different. The latest variant imaginatively named Conficker B, still uses the same propagation methods the original used. That is, it still attempts to exploit the vulnerability
Adobe Acrobat and Reader Buffer Overflow Snort Rules
As promised earlier this evening we are releasing rules to detect attacks targeting this vulnerability. More rule details are available at http://www.snort.org/vrt/advisories/vrt-rules-2009-02-20.html Ur welcom.
Dcerpc2 Ruleset Now Available
Now that the Snort 2.8.4 RC-1 has been released, we at the VRT have been busy putting together a special rules file for use with this version of Snort and the new dcerpc pre-processor. We would like your assistance in testing this ruleset, the new version of Snort and the dcerpc
Microsoft Tuesday Coverage for February MS09-002, MS09-003, MS09-004, MS09-005
Four Microsoft Advisories to cover this month, fortunately, one of them was released in December so that left three... Microsoft Security Advisory MS09-002: Microsoft Internet Explorer contains programming errors that may allow a remote attacker to execute code on a vulnerable s
Important Snort rule changes and the new dcerpc preprocessor
In the very near future, the release of Snort 2.8.4 is going to bring about some major changes to the way that NetBIOS traffic is handled. This is because of the new dcerpc preprocessor. This preprocessor handles all the decoding functions that were previously taken care of usin