Snort Subscriber Rules Update 2022-09-13

[Research <research () sourcefire com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Talos Snort Subscriber Rules Update

Synopsis:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Vulnerability CVE-2022-34725:
A coding deficiency exists in Microsoft Windows ALPC that may lead to
an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort2: GID 1, SIDs 60553 through 60554,
Snort3: GID 1, SID 300268.

Microsoft Vulnerability CVE-2022-34729:
A coding deficiency exists in Microsoft Windows GDI that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort2: GID 1, SIDs 60549 through 60550,
Snort3: GID 1, SID 300266.

Microsoft Vulnerability CVE-2022-35803:
A coding deficiency exists in Microsoft Windows Common Log File System
driver that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort2: GID 1, SIDs 60555 through 60558,
Snort3: GID 1, SIDs 300269 through 300270.

Microsoft Vulnerability CVE-2022-37954:
A coding deficiency exists in DirectX Graphics Kernel that may lead to
an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort2: GID 1, SIDs 60551 through 60552,
Snort3: GID 1, SID 300267.

Microsoft Vulnerability CVE-2022-37957:
A coding deficiency exists in Microsoft Windows Kernel that may lead to
an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort2: GID 1, SIDs 60546 through 60547,
Snort3: GID 1, SID 300265.

Talos also has added and modified multiple rules in the  and
server-webapp rule sets to provide coverage for emerging threats from
these technologies.


For a complete list of new and modified rules please see:

https://www.snort.org/advisories
-----BEGIN PGP SIGNATURE-----

iQIbBAEBAgAGBQJjIL5cAAoJEGCbAk8rPt0H+iwP+MEock0u1Xh66rWUPpoAQRPB
666VZ431Twe4ImAdNXwl6Xd0VRyKp8tlbI7i9c//cWYuXByoPGraDGN25lNEPo44
CJOqRD8dYOqsfw86Eu43judVX6tXfUjG7kNHZwWNbE10arRfptzmELEURVoe/64X
MhsWvrht+yu2taXs6QIak3on/s0oDkpUWJmRyBAytgUMlgsalAj20OiP4WmnEI/d
SfirU7D4CV9mU0Bh8/SkXrEhkEqD/phR9jHyGme3X3qLpymA7WrDKaeCE1CrkwSt
FKzNL2rBIGLRlNjrpskP2XJ4+EPIzA7qf9E+QjyI3x/ffWFCIbyov2pxuPx+ihFa
q7ES/vQgw5XAoAYqadVv9uaHhUikOdKwclryL8sWzYRgF0V4nv9j6x1reH2jpJpH
B62wn73rUEb34oHqLmdSrNLgpMZEL7/26onPjRuRTZnXy2vrZet4+z18GoYQsECG
ZibR3U2BmHvKp9pDrGMzogXqxMnjGU3/a4iMaJ3yOEQyUefms+F5QNpT3k/Qis7Y
pXyTO3Pq3C/oIZ85lGDuBLPFY3vZYYy/khzs0gWUg6nZLumkXtTuxqEtcwHIhSP0
XSf2kWwQTVU2h9k45/fZcvn6UtMtu5tzvCyie8V4ynPfuGAXByL98ky8NVC6dOYj
cm+WUqE0MrJTwRABAw4=
=RnuH
-----END PGP SIGNATURE-----

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!