Cisco Talos Update for FireSIGHT Management Center

Date: 2019-08-13

This SRU number: 2019-08-12-001
Previous SRU number: 2019-08-07-001
Corresponding SEU number: 2053

Applies to:

• 3D Sensor versions: 5.x / 6.x
• Cisco FireSIGHT Management Center versions: 5.x / 6.x

SRU Change Summary:

Note: Rule updates are cumulative, so you do not need to install prior updates before installing this one. Also, because SEUs are cumulative, issues identified in previous SEUs can require your attention when you import the current SEU.

To review a cumulative list of recent feature updates and resolved issues since the last SEU you imported, use the link provided from this advisory on the Sourcefire Customer Support Site.

Synopsis:

Talos is aware of vulnerabilities affecting products from Microsoft Corporation.

Details:

Microsoft Vulnerability CVE-2019-1078:
A coding deficiency exists in Microsoft Graphics Component that may lead to information disclosure.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 50969 through 50974.

Microsoft Vulnerability CVE-2019-1139:
A coding deficiency exists in Microsoft Chakra Scripting Engine that may lead to remote code execution.

Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 48051 through 48052.

Microsoft Vulnerability CVE-2019-1140:
A coding deficiency exists in Microsoft Chakra Scripting Engine that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 50938 through 50939.

Microsoft Vulnerability CVE-2019-1141:
A coding deficiency exists in Microsoft Chakra Scripting Engine that may lead to remote code execution.

Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 45142 through 45143.

Microsoft Vulnerability CVE-2019-1159:
A coding deficiency exists in Microsoft Windows Kernel that may lead to escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 50963 through 50964.

Microsoft Vulnerability CVE-2019-1164:
A coding deficiency exists in Microsoft Windows Kernel that may lead to escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 50942 through 50943.

Microsoft Vulnerability CVE-2019-1170:
A coding deficiency exists in Windows NTFS that may lead to security feature bypass.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 50936 through 50937.

Microsoft Vulnerability CVE-2019-1173:
A coding deficiency exists in Microsoft Windows that may lead to escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 51001 through 51014.

Microsoft Vulnerability CVE-2019-1174:
A coding deficiency exists in Microsoft Windows that may lead to escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 50987 through 50988.

Microsoft Vulnerability CVE-2019-1175:
A coding deficiency exists in Microsoft Windows that may lead to escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 51015 through 51016.

Microsoft Vulnerability CVE-2019-1184:
A coding deficiency exists in Microsoft Windows that may lead to escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 50966 through 50967.

Microsoft Vulnerability CVE-2019-1195:
A coding deficiency exists in Microsoft Chakra Scripting Engine that may lead to remote code execution.

Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 45142 through 45143.

Microsoft Vulnerability CVE-2019-1196:
A coding deficiency exists in Microsoft Chakra Scripting Engine that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 50940 through 50941.

Microsoft Vulnerability CVE-2019-1197:
A coding deficiency exists in Microsoft Chakra Scripting Engine that may lead to remote code execution.

Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 48051 through 48052.

Microsoft Vulnerability CVE-2019-1199:
A coding deficiency exists in Microsoft Outlook that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 50998 through 50999.

Microsoft Vulnerability CVE-2019-1201:
A coding deficiency exists in Microsoft Word that may lead to remote code execution.

Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 35190 through 35191.

Talos also has added and modified multiple rules in the browser-ie, file-image, file-multimedia, file-office, file-other, indicator-compromise, malware-cnc, os-windows, policy-other, protocol-dns, protocol-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Rule Update Summary:

For a complete list of new and modified rules use this link.

Importing an update:

You can view instructions for importing rule updates and SEUs on the Sourcefire Customer Support Site and in the user documentation for the Sourcefire 3D System.

Detailed instructions can be found on the Sourcefire Customer Support Site in the downloads section for each product.

For Assistance:

For information on obtaining documentation, using the Cisco Bug Search Tool (BST), submitting a service request, and gathering additional information about Cisco ASA devices, see What's New in Cisco Product Documentation.

Subscribe to What's New in Cisco Product Documentation, which lists all new and revised Cisco technical documentation, as an RSS feed and deliver content directly to your desktop using a reader application. The RSS feeds are a free service. If you have any questions or require assistance with Cisco ASA devices, please contact Cisco Support:

• Note: To open a TAC request, you must first register for a Cisco.com user ID
• Once you have a Cisco.com user ID, you may initiate or check on the status of a service request online or contacting the TAC by phone:
• U.S. - 1-800-553-2447 Toll Free
• International support numbers
• For additional information on obtaining technical support through the TAC, please consult the Technical Support Reference Guide (PDF - 1 MB)

About Talos:

The Talos Security Intelligence and Research Group (Talos) is made up of leading threat researchers supported by sophisticated systems to create threat intelligence for Cisco products that detects, analyzes and protects against both known and emerging threats. Talos maintains the official rule sets of Snort.org, ClamAV, SenderBase.org and SpamCop. The team's expertise spans software development, reverse engineering, vulnerability triage, malware investigation and intelligence gathering.