Overview
On December 19th, 2019 Microsoft released an out-of-band (OOB) patch related to a vulnerability in the scripting engine of Internet Explorer. This particular vulnerability is believed to be actively exploited in the wild and should be patched immediately.This remote code execution bug lies in the way that Internet Explorer's scripting engine handles objects in memory. Triggering this vulnerability can corrupt memory in such a way to allow arbitrary code execution using the current users rights. This vulnerability can be triggered in a variety of ways including via a specially crafted web-page that a user visits and is compromised. The full details of the vulnerability can be found here.
Coverage
In response to these vulnerability disclosures, Talos is releasing the following SNORTⓇ rules that detect attempts to exploit them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Firepower customers should use the latest update to their ruleset by updating their SRU. Open Source Snort Subscriber Rule Set customers can stay up-to-date by downloading the latest rule pack available for purchase on Snort.org.Snort rules: 48693-48698