Snort Subscriber Rules Update 2023-11-14

[Research <research () sourcefire com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Talos Snort Subscriber Rules Update

Synopsis:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Vulnerability CVE-2023-36033:
A coding deficiency exists in Microsoft Windows DWM Core Library that
may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 62632 through 62633,
Snort 3: GID 1, SID 300753.

Microsoft Vulnerability CVE-2023-36036:
A coding deficiency exists in Microsoft Windows Cloud Files Mini Filter
Driver that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 62630 through 62631,
Snort 3: GID 1, SID 300752.

Microsoft Vulnerability CVE-2023-36394:
A coding deficiency exists in Microsoft Windows Search Service that may
lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 62641 through 62642,
Snort 3: GID 1, SID 300757.

Microsoft Vulnerability CVE-2023-36399:
A coding deficiency exists in Microsoft Windows Storage that may lead
to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 62627 through 62628,
Snort 3: GID 1, SID 300751.

Microsoft Vulnerability CVE-2023-36413:
A coding deficiency exists in Microsoft Office that may lead to
security feature bypass.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 62643 through 62644,
Snort 3: GID 1, SID 300758.

Talos also has added and modified multiple rules in the file-office,
malware-cnc, os-windows and server-webapp rule sets to provide coverage
for emerging threats from these technologies.


For a complete list of new and modified rules please see:

https://www.snort.org/advisories
-----BEGIN PGP SIGNATURE-----

iQIcBAEBAgAGBQJlU8iBAAoJEMzg39Iewam/jTcP/1z4OgH6zFcqyxqDV88LoLmE
S6vzSXLNvFd3QD3dWcNZM+m1JaFHNZcX7A9TkDfqJQ+cZrljwTukKrEVvJGFkzc6
ZID4YDqbGmpnUCj5ZoYBhTLMXEcqUfbMU399Yoo1Az7egDwdckQKlsJOAw5pg6ab
pTkog2Ul6NDH9VATI51asxSQQ57SeaTSFkL265q/Nl16CieFcYqKwSK2fww8ZfMt
SHHJ7vUSbtglb29IZT1pmuKid3uG2evb48Qnqsy7DuipM91J179zPOBc+Z9k1Ia4
4HDljKad/CSCOFMOHK6ZuiJuuv/yBRgGgeOCDBq7xAOkw4u5RukkU45YPyg19Z3q
HkeB7sce9lY3PWvXDfVbdv+cxSFrOwxEknPa95B1NdmqsH15jDIjdJNLBg5AN7ph
E557zwGQNIxliGRg9Ao7xOCXsXvW89yCrVWRX4miqc17x1lSuYB079sA4IgWGZsq
QdmVQTuBBt0p7iurXw/GyzRq4yNinhKHSNeesb3gnrmqifGtkV2Q85CQ5m5JLDVI
UE3x9NTa6+7odUaYZ9o11E9g9eufNW4639Y7chEnKajKE2Dvl95OBW98u2LMPfO8
jAN3ljtsmgLJQgCY9yPfN9u+KXECVYE/PKxpwnLBNOW2j+X7aJ4znSmGBI91M/ai
ZGAovYKXn4ujk+0oZqjx
=iWtz
-----END PGP SIGNATURE-----

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!