Snort mailing list archives
Snort Subscriber Rules Update 2024-05-14
From: Research via Snort-sigs <snort-sigs () lists snort org>
Date: Tue, 14 May 2024 17:40:09 GMT
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Talos Snort Subscriber Rules Update Synopsis: Talos is aware of vulnerabilities affecting products from Microsoft Corporation. Details: Microsoft Vulnerability CVE-2024-29996: A coding deficiency exists in Microsoft Windows Common Log File System Driver that may lead to an escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 63427 through 63428, Snort 3: GID 1, SID 300909. Microsoft Vulnerability CVE-2024-30025: A coding deficiency exists in Microsoft Windows Common Log File System Driver that may lead to an escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 63419 through 63420, Snort 3: GID 1, SID 300906. Microsoft Vulnerability CVE-2024-30032: A coding deficiency exists in Microsoft Windows DWM Core Library that may lead to an escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 63425 through 63426, Snort 3: GID 1, SID 300908. Microsoft Vulnerability CVE-2024-30034: A coding deficiency exists in Microsoft Windows Cloud Files Mini Filter Driver that may lead to an information disclosure. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 63422 through 63423, Snort 3: GID 1, SID 300907. Microsoft Vulnerability CVE-2024-30035: A coding deficiency exists in Microsoft Windows DWM Core Library that may lead to an escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 63429 through 63430, Snort 3: GID 1, SID 300910. Microsoft Vulnerability CVE-2024-30037: A coding deficiency exists in Microsoft Windows Common Log File System Driver that may lead to an escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 63431 through 63432, Snort 3: GID 1, SID 300911. Microsoft Vulnerability CVE-2024-30044: A coding deficiency exists in Microsoft SharePoint Server that may lead to remote code execution. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SID 63424, Snort 3: GID 1, SID 63424. Microsoft Vulnerability CVE-2024-30050: A coding deficiency exists in Microsoft Windows Mark of the Web that may lead to security feature bypass. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 63434 through 63435, Snort 3: GID 1, SID 300912. Talos also has added and modified multiple rules in the file-executable, os-windows, policy-other, protocol-voip and server-webapp rule sets to provide coverage for emerging threats from these technologies. For a complete list of new and modified rules please see: https://www.snort.org/advisories -----BEGIN PGP SIGNATURE----- iQIcBAEBAgAGBQJmQ6H5AAoJEMzg39Iewam/ZD4P/2CaUuyWdywCgSMVv98rQiAO avn94wM3bSPrm8EWU+sLnPx04AShq+9A5D1pxu5i+Tz4B54pyUXvAIYcWON007V+ qHpwxQW03BQytV2UakU+iguCaJMmlVTch+xahiDE3g+gSG85MkhahgERnDy6oI9u vu1Inw0fxRR30+Vcg6fd/Zy13R09yAsBEDRtzMIv5tvMwcIfhEKa73JSIDWMvz5R 44azerpFNjp1tvjeqlx8YKbbfiJZ4OW2sjoEGdZMFPQccZqg4FIcN0cfwg6uybim wIYJP6x8F/oy6f2vnB9ZhO67QXTxq0OSTryLr4pbIod31UpnNX4Kk2xgdzRvEDuw G23rp7eoiYdJKg2eMuE80/F36TksCuPxXazVrE+53kQT1orNgenIuoK9kZFA6qYn bqnsS63EjNl0t+0EBeVKBN/Kd0IhgGlVdX7xFIBJwbgU3FmHyB4jidVqCWDb90F+ sImASyUWTZk5It8aDTqFivUpEwav98KOSyWa9uB66OBxBd2mGutSmKyMEGDWmuER kPyCoO+mDS+DOKBSYroDE4QKX0doEcMgciirthNqp9v1UrdWIrsKqa0pAVD3TgdV P2R7HOFmc1W0uIhqw5kexxMhYd+NeUcU5GjL2HK/jh0JcngI3G6+FHhifkQ1kXQn f0YFZDW9Bq1a6z9MB5Db =e8Tw -----END PGP SIGNATURE----- _______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- Snort Subscriber Rules Update 2024-05-14 Research via Snort-sigs (May 14)