Snort mailing list archives
Snort Subscriber Rules Update 2023-04-11
From: Research <research () sourcefire com>
Date: Tue, 11 Apr 2023 19:14:22 GMT
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Talos Snort Subscriber Rules Update Synopsis: Talos is aware of vulnerabilities affecting products from Microsoft Corporation. Details: Microsoft Vulnerability CVE-2023-21554: A coding deficiency exists in Microsoft Message Queuing that may lead to remote code execution. A rule to detect attacks targeting this vulnerability is included in this release and is identified with: Snort 2: GID 1, SID 61619, Snort 3: GID 1, SID 61619. Microsoft Vulnerability CVE-2023-24912: A coding deficiency exists in Microsoft Windows Graphics Component that may lead to an escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 61617 through 61618, Snort 3: GID 1, SID 300500. Microsoft Vulnerability CVE-2023-28218: A coding deficiency exists in Microsoft Windows Ancillary Function Driver for WinSock that may lead to an escalation of privilege. A rule to detect attacks targeting this vulnerability is included in this release and is identified with: Snort 2: GID 1, SIDs 61615 through 61616, Snort 3: GID 1, SID 300499. Microsoft Vulnerability CVE-2023-28219: A coding deficiency exists in Layer 2 Tunneling Protocol that may lead to remote code execution. A rule to detect attacks targeting this vulnerability is included in this release and is identified with: Snort 2: GID 1, SID 61614, Snort 3: GID 1, SID 61614. Microsoft Vulnerability CVE-2023-28220: A coding deficiency exists in Layer 2 Tunneling Protocol that may lead to remote code execution. A rule to detect attacks targeting this vulnerability is included in this release and is identified with: Snort 2: GID 1, SID 61613, Snort 3: GID 1, SID 61613. Microsoft Vulnerability CVE-2023-28231: A coding deficiency exists in Microsoft DHCP Server Service that may lead to remote code execution. A rule to detect attacks targeting this vulnerability is included in this release and is identified with: Snort 2: GID 1, SID 61620, Snort 3: GID 1, SID 61620. Microsoft Vulnerability CVE-2023-28274: A coding deficiency exists in Microsoft Win32k that may lead to an escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 61606 through 61607, Snort 3: GID 1, SID 300496. Talos also has added and modified multiple rules in the browser-chrome, malware-cnc and server-webapp rule sets to provide coverage for emerging threats from these technologies. For a complete list of new and modified rules please see: https://www.snort.org/advisories -----BEGIN PGP SIGNATURE----- iQIcBAEBAgAGBQJkNbGMAAoJEMzg39Iewam/WvQP/i0IaMNtItNkQRZNXOxhQeKO 8j2N0/8L3LFsOYAUluLptDatSO5byw7LuQSKYUd7+A302QXS0ufa21A5DQrb/ULx K2+6dafbuSKv/pksr+XNjG/WoeFAgDxucXwGUY+0hRFUd0lnDB2BxY/sbbyNYXOx Jwh3KQQ8sXcczS91OlLgdSBpWF7cFwal93O5/iWhwWqkfjM5SHBT1WGvVs336zDZ 2S/hWvuR1p5e8ZXdtCkmdtjpWei+l1efEBWVOmhMCRattScR0m2Q1BwbULWLUImj HCDEA/Z9HFsaKQaFn3UumvE66t7mrr4G/zMLwE6zpr5tawMMjr9fhzJ6Y53yh9EU OlgbEZrpbSZnlVf5NjZh0abw1yzTBiqzqPKCBvx0oez5w0WLAk7ofOO4MDHRu0S8 ljx2NypiB85ouJtOEJi7upCeCGysJQ6FSwz3usV1ZRw2zmpfTUgzM3a+zSWRjmN9 lY11pN5U8Emy/Dwpd5yC5TuO7vgz8DMs2riHGMKdYdpUCXTsE5QP0h9RaLHpXCKV 9guZltnhkjRuOT7K6iGZlTjGWy41sF33VeBLoKU32yffuKQxxIBP+vWEcPn8CsMr 1slcnWzyBxdMsQ32eGx7nDZ6dwGb8E+O3faa+kdLOjSWkRFqUMgemNA+p0tqEm63 Cq97MmuV3bYQ6f20TS6C =nvan -----END PGP SIGNATURE----- _______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- Snort Subscriber Rules Update 2023-04-11 Research (Apr 11)