Snort Subscriber Rules Update 2021-09-14

[Research <research () sourcefire com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Talos Snort Subscriber Rules Update

Synopsis:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Vulnerability CVE-2021-36963:
A coding deficiency exists in Microsoft Windows Common Log File System
driver that may lead to an escalation of privilege.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 40689 through 40690.

Microsoft Vulnerability CVE-2021-36975:
A coding deficiency exists in Microsoft Win32k that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 58136 through 58137.

Microsoft Vulnerability CVE-2021-38633:
A coding deficiency exists in Microsoft Windows Common Log File System
driver that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 58140 through 58141.

Microsoft Vulnerability CVE-2021-40444:
A coding deficiency exists in Microsoft MSHTML Engine that may lead to
remote code execution.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 58120 through 58129 and 58132 through 58135.

Talos also has added and modified multiple rules in the file-image,
file-other, malware-other, os-windows and server-webapp rule sets to
provide coverage for emerging threats from these technologies.


For a complete list of new and modified rules please see:

https://www.snort.org/advisories
-----BEGIN PGP SIGNATURE-----

iQIcBAEBAgAGBQJhQNwgAAoJEGCbAk8rPt0HeH8QAKp04mrKtEGGqBSX2PXu+rH5
q+Rv+NdrjMoPjOPIONvwhfOzVODCkDsEnTv5auCneGDoyByveNivh+APt25miCY2
NlhYAR4jghL+55+8lwRzBz9yuV0FIodcrlNIbhcGr0IrOqF7dERiXyzUdqIcHex8
egroPEfDRaMDB+uCoAlw/KVHDVZTlJ9kqkaiTwHczf4UJ3/8ll3Ebq2DqxqcozHv
rGhvm5DcZsml1Ag7GMf/Pm2pZGtAlY/TF8w3oGN9sZRZ642ri4VNNTWWu2dzNV57
QhJujHPFAGhH0/aIDPIHALYC9R60XgQgwyZRFb2Xpx/9M90hyl6Lf3EItcsg+Wey
BTF3omMPB8zsmaKZqADA/CsnjovxstYW70+i4fMTkvZJtndhLCMqgr3ygmgmIlQo
tWovWnemeATSOW7ZXiIqIMrUjF7k63HUxi/ZlhjxQZx7Anoxv5Pbj/wC9xVZ421S
TGUW6PD2EVQcgx4C8Mw7806aezM3jbq/bZeCWZO0x1PMwyuTigb72Shy1YtQU0TH
bCJ+u6xyxlYz/Xy751i92L9H8pCuVUMPfEyQzZzG9SH8sFGJ75bYoUhHnY3seaZT
e3QJ+e7ZMZ29F058JGEdXBAs/PS/gQXOKTebtj+Dde3Q5nCtUrT1V4V915FAYWTD
Fy3tiYQKvz5bNeVq3yds
=JKm9
-----END PGP SIGNATURE-----

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!