Avatar

Today an out of band advisory was released by Microsoft to address CVE-2015-2502. This vulnerability is addressed by MS15-093.

MS15-093 address a memory corruption vulnerability in Internet Explorer versions 7, 8, 9, 10, and 11. This affects all currently supported versions of Windows, including Windows 10.

This advisory is rated critical. An attacker can craft a web page designed to exploit this vulnerability and lure a user into visiting it.  The compromise will result in remote code execution at the permission level of the affected user. The use of proper user access controls can limit the severity of the compromise.

As with most out of band releases, it has been reported that this attack is being exploited in the wild. Users should patch immediately.

Coverage

In response to this bulletin disclosure, Talos has released the following rules to address this vulnerability. Please note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your Defense Center, FireSIGHT Management Center or Snort.org.

Snort SIDs: 35536-35537

Advanced Malware Protection (AMP) is ideally suited to prevent the execution of the malware used by these threat actors.

CWS and WSA web scanning prevents access to malicious websites, including the downloading of the malware downloaded during these attacks.

The Network Security protection of IPS and NGFW have up-to-date rules to detect malicious network activity by threat actors.