Talos Rules 2018-12-12
Talos is aware of vulnerabilities affecting products from Microsoft Corporation.

Microsoft Vulnerability CVE-2018-8583: A coding deficiency exists in Microsoft Chakra Scripting Engine that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 48515 through 48516.

Microsoft Vulnerability CVE-2018-8617: A coding deficiency exists in Microsoft Chakra Scripting Engine that may lead to remote code execution.

Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 45142 through 45143.

Microsoft Vulnerability CVE-2018-8618: A coding deficiency exists in Microsoft Chakra Scripting Engine that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 48509 through 48510.

Microsoft Vulnerability CVE-2018-8619: A coding deficiency exists in Microsoft Internet Explorer that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 48531 through 48532.

Microsoft Vulnerability CVE-2018-8624: A coding deficiency exists in Microsoft Chakra Scripting Engine that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 48517 through 48518.

Microsoft Vulnerability CVE-2018-8629: A coding deficiency exists in Microsoft Chakra Scripting Engine that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 48513 through 48514.

Microsoft Vulnerability CVE-2018-8631: A coding deficiency exists in Microsoft Internet Explorer that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 48533 through 48534.

Microsoft Vulnerability CVE-2018-8634: A coding deficiency exists in Microsoft Edge that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 48519 through 48520.

Cisco Talos would like to thank Symantec and the Cyber Threat Alliance for working with us to protect our users from Seedworm, rules are identified with GID 1, SIDs 48559 through 48562.

Talos also has added and modified multiple rules in the and rule sets to provide coverage for emerging threats from these technologies.

Change logs

2018-12-12 17:56:25 UTC

Snort Subscriber Rules Update

Date: 2018-12-12

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091200.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


Modified Rules:



2018-12-12 17:56:25 UTC

Snort Subscriber Rules Update

Date: 2018-12-12

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


Modified Rules:



2018-12-12 17:56:25 UTC

Snort Subscriber Rules Update

Date: 2018-12-12

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091100.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


Modified Rules:



2018-12-12 17:56:25 UTC

Snort Subscriber Rules Update

Date: 2018-12-12

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


Modified Rules:



2018-12-12 17:56:25 UTC

Snort Subscriber Rules Update

Date: 2018-12-12

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


Modified Rules:



2018-12-12 17:56:25 UTC

Snort Subscriber Rules Update

Date: 2018-12-12

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


Modified Rules: