This SEU number: 1668
Previous SEU number: 1666
Corresponding SRU number: 2017-05-09-001
Applies to:
| Component | Change |
|---|---|
| Total new rules | 73 |
| Total rule modifications | 5 |
| Policy change | Yes |
| Online help change | No |
| Detection Engine change | No |
| User Interface change | No |
Note: SEU packages are cumulative. The installation of prior SEU packages is not required before installing the current package.
WARNING: The time taken to install the latest SEU will depend on the last time the 3D System was updated with an SEU. Installing SEUs weekly can help lessen the installation time. Additionally, SEUs require 50 Megabytes of free space in /tmp and 250 Megabytes of free space in /var to install successfully.
Talos is aware of vulnerabilities affecting products from Microsoft Corporation.
Microsoft Vulnerability CVE-2017-0290:
Microsoft Malware Protection Engine suffers from a programming error that may lead to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 42820 through 42821.
Microsoft Vulnerability CVE-2017-0077:
A coding deficiency exists in Microsoft Win32k that may lead to information disclosure.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 42757 through 42758.
Microsoft Vulnerability CVE-2017-0171:
A coding deficiency exists in Microsoft Windows DNS that may lead to a Denial of Service (DoS).
A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 1, SID 42785.
Microsoft Vulnerability CVE-2017-0213:
A coding deficiency exists in Microsoft Windows COM that may lead to an escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 42773 through 42774.
Microsoft Vulnerability CVE-2017-0214:
A coding deficiency exists in Microsoft Windows COM that may lead to an escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 42759 through 42760.
Microsoft Vulnerability CVE-2017-0220:
A coding deficiency exists in Microsoft Windows Kernel that may lead to information disclosure.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 42751 through 42752.
Microsoft Vulnerability CVE-2017-0221:
Microsoft Edge suffers from programming errors that may lead to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 42798 through 42799.
Microsoft Vulnerability CVE-2017-0227:
Microsoft Edge suffers from programming errors that may lead to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 42779 through 42780.
Microsoft Vulnerability CVE-2017-0228:
A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 42811 through 42812.
Microsoft Vulnerability CVE-2017-0234:
A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 42775 through 42776.
Microsoft Vulnerability CVE-2017-0236:
A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 42749 through 42750.
Microsoft Vulnerability CVE-2017-0238:
A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 42761 through 42762.
Microsoft Vulnerability CVE-2017-0240:
Microsoft Edge suffers from programming errors that may lead to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 42781 through 42782.
Microsoft Vulnerability CVE-2017-0243:
A coding deficiency exists in Microsoft Office that may lead to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 42755 through 42756.
Microsoft Vulnerability CVE-2017-0245:
A coding deficiency exists in Microsoft Win32k that may lead to information disclosure.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 42769 through 42770.
Microsoft Vulnerability CVE-2017-0246:
A coding deficiency exists in Microsoft Win32k that may lead to an escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 42771 through 42772.
Microsoft Vulnerability CVE-2017-0258:
A coding deficiency exists in Microsoft Windows Kernel that may lead to information disclosure.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 42783 through 42784.
Microsoft Vulnerability CVE-2017-0259:
A coding deficiency exists in Microsoft Windows Kernel that may lead to information disclosure.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 42763 through 42764.
Microsoft Vulnerability CVE-2017-0263:
A coding deficiency exists in Microsoft Win32k that may lead to an escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 42765 through 42766.
Microsoft Vulnerability CVE-2017-0266:
Microsoft Edge suffers from programming errors that may lead to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 42753 through 42754.
Talos also has added and modified multiple rules in the browser-ie, exploit-kit, file-flash, file-image, file-office, file-pdf, indicator-scan, os-windows, policy-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.
SEU packages are cumulative. The installation of prior SEU packages is not required before installing the current package. However, because SEUs are cumulative, issues identified in previous SEUs can require your attention when you import the current SEU. To review a cumulative list of recent feature updates and resolved issues since the last SEU you imported, view the Cumulative SEU Release Notes here.
SEU installation instructions can be found in the Cumulative SEU Release Notes on the Sourcefire Customer Support Site and in your Sourcefire 3D System user guide.
For information on obtaining documentation, using the Cisco Bug Search Tool (BST), submitting a service request, and gathering additional information about Cisco ASA devices, see What's New in Cisco Product Documentation.
Subscribe to What's New in Cisco Product Documentation, which lists all new and revised Cisco technical documentation, as an RSS feed and deliver content directly to your desktop using a reader application. The RSS feeds are a free service. If you have any questions or require assistance with Cisco ASA devices, please contact Cisco Support:
The Talos Security Intelligence and Research Group (Talos) is made up of leading threat researchers supported by sophisticated systems to create threat intelligence for Cisco products that detects, analyzes and protects against both known and emerging threats. Talos maintains the official rule sets of Snort.org, ClamAV, SenderBase.org and SpamCop. The team's expertise spans software development, reverse engineering, vulnerability triage, malware investigation and intelligence gathering.