Snort Subscriber Rules Update 2022-10-11

[Research <research () sourcefire com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Talos Snort Subscriber Rules Update

Synopsis:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Vulnerability CVE-2022-37970:
A coding deficiency exists in Microsoft DWM Core Library that may lead
to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 60698 through 60699,
Snort 3: GID 1, SID 300292.

Microsoft Vulnerability CVE-2022-37974:
A coding deficiency exists in Microsoft Windows Mixed Reality Developer
Tools that may lead to information disclosure.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 60700 through 60701,
Snort 3: GID 1, SID 300293.

Microsoft Vulnerability CVE-2022-37987:
A coding deficiency exists in Microsoft Windows Active Directory
Certificate Services that may lead to security feature bypass.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 60706 through 60707,
Snort 3: GID 1, SID 300297.

Microsoft Vulnerability CVE-2022-37989:
A coding deficiency exists in Microsoft Windows Client Server Run-time
Subsystem (CSRSS) that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 60704 through 60705,
Snort 3: GID 1, SID 300296.

Microsoft Vulnerability CVE-2022-38050:
A coding deficiency exists in Microsoft Win32k that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 60693 through 60696,
Snort 3: GID 1, SIDs 300290 through 300291.

Microsoft Vulnerability CVE-2022-38051:
A coding deficiency exists in Microsoft Graphics Component that may
lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 60708 through 60709,
Snort 3: GID 1, SID 300298.

Talos also has added and modified multiple rules in the browser-ie,
file-identify and server-webapp rule sets to provide coverage for
emerging threats from these technologies.


For a complete list of new and modified rules please see:

https://www.snort.org/advisories
-----BEGIN PGP SIGNATURE-----

iQIcBAEBAgAGBQJjRavOAAoJEGCbAk8rPt0HOO8QALAOcG4wAJukRF2IF6Obz7Rl
EmxN7nzIH44wXMJXTenXId4naM8E1ZI7GmBBDXIGedDrkyh54eC8BI2FJKEvrIWu
BPl1XkFyugj+xkmuRw7A97gll12oW+x2hR2AAFymV/Wzhot9gQ5R+RVXkF3BE2Ze
w4Co/i1UQBxKLs5/jCgDEvw3O7dTCpZ3+3xfET03l3fDmJm7oyWuTHBRbKjdH0FS
rS9riOLXD7FNxfmA/Q1On90EpH8nmaUxu2InMnoLdF5bNCOgKb5h4VlldUcdo09m
CajfGIa/8nQFWXwa9j6eqsRy8wtcI/XXkEps2BN3+OaUPMx4fFZ/t6PmBS5F78C9
pC9bFQ+i3Gp2RSeKBCB0pKUtdCVGkGh3TFf9K06bQNxYTBOBL7mN+0MmHxXEG7Sn
jX+kj/O2DkC++09MpoE4FnU90hJwoDQ3Of6fnfnuheDmEtFRuEKecFQk8YHD2mJl
BaVsTqV1wlLNglLF6AknS5zSYV314swTqyHcLbdVQoaM0D5bUgPThkysKQZ1kb7R
ce5xTWkV01zUYLra7ZRKoB9JZUXwBw9K2TYfAykeFEghGHXGUq+Pcv5rfvNDX41G
UostpEZudC7Cd1tzocfwb3VHgNuh/5OuMFJB16pojz8GtaOhJ8jpqFRraO8lZZFr
hPHUwr5J1rpiYOdbhVwK
=qUug
-----END PGP SIGNATURE-----

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!