Snort Rule Coverage for MS08-078
A critical vulnerability in Microsoft Internet Explorer outlined in Microsoft Security Bulletin MS08-078, is covered by a previously released rule. The rule to detect attacks targeting this vulnerability was included in the release on 2008-12-11 and is identified with GID 1, SID
Rootkit takes advantage of MS08-078 vulnerability
On December 17 2008, Microsoft released security update MS08-078 to patch a vulnerability found in several versions of Microsoft Internet Explorer. The root cause for this vulnerability was found to be the incorrect handling of certain XML tags in Internet Explorer that reference
SPAN, The Heap, and esoteric memory buggery…
Have you ever heard someone say they needed a pointer that pointed to itself and was also a nop? Maybe one they could write to? No? Where are you hanging out? For the rest of you, I'll explain why this set of properties can be useful, and when you might want to make use of
Rule release for today
Today's VRT Certified Rule release has coverage for a vulnerability in Oracle Internet Directory and CUPS. There are also a few new rules added in chat.rules and others. Oracle Internet Directory Denial of Service (CVE-2008-2595): Oracle Internet Directory contains a program
Out of band Microsoft Security Advisory for Internet Explorer CVE-2008-4844 and SQL Server vulnerability CVE-2008-5416
Today, Microsoft released a security advisory for Internet Explorer. Microsoft SQL server also has a problem with a stored procedure. In response, we released some new rules to detect attacks against these two products. Details on the rules are here http://www.snort.org/vrt/advis
MS08-067 In The Wild
While sifting through my e-mail this morning, I saw a note from one of Sourcefire's European employees, asking if the VRT could take a look at some PCAPs pulled from a customer sensor - they'd triggered the rules for MS08-067, and our guy didn't think that they were f
OfficeCat Update
New advisories from Microsoft concerning Word. We've updated OfficeCat to provide coverage, more information on OfficeCat here: http://www.snort.org/vrt/tools/officecat.html
Microsoft Tuesday Coverage for December
Today was a busy day, lots of new rules and coverage for the following MS advisories: MS08-070 MS08-071 MS08-072 MS08-073 MS08-074 MS08-075 MS08-076 MS08-077 We have released rules for attack coverage and you can find details at vrt-rules-2008-12-09.html
Twitter Feed Available
We now have a twitter account where we are going to be micro-blogging our rule updates and blog posts. The feed can be found here: http://twitter.com/VRT_Sourcefire.