Snort Subscriber Rules Update 2022-05-10

[Research <research () sourcefire com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Talos Snort Subscriber Rules Update

Synopsis:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Vulnerability CVE-2022-23270:
A coding deficiency exists in Point-to-Point Tunneling Protocol that
may lead to remote code execution.

A rule to detect attacks targeting this vulnerability is included in
this release and is identified with GID 1, SID 59726 for Snort2, and
GID 1, SID 300125 for Snort3.

Microsoft Vulnerability CVE-2022-23279:
A coding deficiency exists in Microsoft Windows ALPC that may lead to
an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 59727 through 59728
for Snort2, and GID 1, SID 300126 for Snort3.

Microsoft Vulnerability CVE-2022-26925:
A coding deficiency exists in Microsoft Windows LSA that may lead to
spoofing.

A rule to detect attacks targeting this vulnerability is included in
this release and is identified with GID 1, SID 59737 for Snort2, and
GID 1, SID 300133 for Snort3.

Microsoft Vulnerability CVE-2022-26937:
A coding deficiency exists in Microsoft Windows Network File System
that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 59738 through 59741
for Snort2, and GID 1, SIDs 300134 through 300137 for Snort3.

Microsoft Vulnerability CVE-2022-29104:
A coding deficiency exists in Microsoft Windows Print Spooler that may
lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 59730 through 59731
for Snort2 and GID 1, SID 300128 for Snort3..

Microsoft Vulnerability CVE-2022-29142:
A coding deficiency exists in Microsoft Windows Kernel that may lead to
an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 59733 through 59734
for Snort2, and GID 1, SIDs 300129 through 300130 for Snort3.

Talos also has added and modified multiple rules in the file-image,
file-java, malware-cnc, os-windows, policy-other, protocol-dns,
protocol-rpc, protocol-voip and server-webapp rule sets to provide
coverage for emerging threats from these technologies.


For a complete list of new and modified rules please see:

https://www.snort.org/advisories
-----BEGIN PGP SIGNATURE-----

iQIcBAEBAgAGBQJierrNAAoJEGCbAk8rPt0Hs3EQAIYtXUFYf/C7/HIgFtRsewQ3
03hNJ1PrLooTZtG+jZwFG7vbo9rR08rO48Cwb6MpwWz89wVR3wyL+W5grVI7d4ci
ElEpYocPhmNuCnpF62cvsVAfaaushj59EQpirrXbph6Vm43wKHxmqp0+wEVfQq1V
N4yNJ7sleDe5twbLwgMYyLu0XFmroZK9sfijXdw7UYl+1Z/6uuZkAe/BdRO4VGpN
nIQ5hLDhJvei9WfyQq5jmh5J2Ak9+2w9lITQHYR3fUafTHfo4qR6Vi7cL23VX95/
msbmSHqm60hh0BOYtotCiKWDP8RbfJMRtLRUJAG7/68nPe6tniXYS65YOMPyG8rL
TezySc0JPunJdJ1LkFzl7dWMjDC0wzc1Dc5MPzNt8fnBIfOjvbKRnt81xHweaA0B
XUE58ThKb93Rj17kz2vdgES8xnfWdWD7BFueKahFbDRu3+E/g5Vvn+bdYBX8Gi+p
D2y04UgA0v1fomZGD9/ABmEy5Z8PDrZ2uVP54Rb99MFUrcL5fVq5imp9+DMVlC8w
bi49VklH40qFboO/K27XIJEobE0g+Hr5e0KC+ZxEHjsy4sL+pl6MFFQ/9/soAuHd
zEo6W0wKfxyJBOjisl/dfcIPXGB6p6RjoQ7QMJ1JcQH19Gkvk6MoQxz88mVtbCb6
0O4GKsoEN3Rft8TDTQT1
=Q/YM
-----END PGP SIGNATURE-----

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!