Snort mailing list archives
Snort Subscriber Rules Update 2022-05-10
From: Research <research () sourcefire com>
Date: Tue, 10 May 2022 19:19:42 GMT
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Talos Snort Subscriber Rules Update Synopsis: Talos is aware of vulnerabilities affecting products from Microsoft Corporation. Details: Microsoft Vulnerability CVE-2022-23270: A coding deficiency exists in Point-to-Point Tunneling Protocol that may lead to remote code execution. A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 1, SID 59726 for Snort2, and GID 1, SID 300125 for Snort3. Microsoft Vulnerability CVE-2022-23279: A coding deficiency exists in Microsoft Windows ALPC that may lead to an escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 59727 through 59728 for Snort2, and GID 1, SID 300126 for Snort3. Microsoft Vulnerability CVE-2022-26925: A coding deficiency exists in Microsoft Windows LSA that may lead to spoofing. A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 1, SID 59737 for Snort2, and GID 1, SID 300133 for Snort3. Microsoft Vulnerability CVE-2022-26937: A coding deficiency exists in Microsoft Windows Network File System that may lead to remote code execution. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 59738 through 59741 for Snort2, and GID 1, SIDs 300134 through 300137 for Snort3. Microsoft Vulnerability CVE-2022-29104: A coding deficiency exists in Microsoft Windows Print Spooler that may lead to an escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 59730 through 59731 for Snort2 and GID 1, SID 300128 for Snort3.. Microsoft Vulnerability CVE-2022-29142: A coding deficiency exists in Microsoft Windows Kernel that may lead to an escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 59733 through 59734 for Snort2, and GID 1, SIDs 300129 through 300130 for Snort3. Talos also has added and modified multiple rules in the file-image, file-java, malware-cnc, os-windows, policy-other, protocol-dns, protocol-rpc, protocol-voip and server-webapp rule sets to provide coverage for emerging threats from these technologies. For a complete list of new and modified rules please see: https://www.snort.org/advisories -----BEGIN PGP SIGNATURE----- iQIcBAEBAgAGBQJierrNAAoJEGCbAk8rPt0Hs3EQAIYtXUFYf/C7/HIgFtRsewQ3 03hNJ1PrLooTZtG+jZwFG7vbo9rR08rO48Cwb6MpwWz89wVR3wyL+W5grVI7d4ci ElEpYocPhmNuCnpF62cvsVAfaaushj59EQpirrXbph6Vm43wKHxmqp0+wEVfQq1V N4yNJ7sleDe5twbLwgMYyLu0XFmroZK9sfijXdw7UYl+1Z/6uuZkAe/BdRO4VGpN nIQ5hLDhJvei9WfyQq5jmh5J2Ak9+2w9lITQHYR3fUafTHfo4qR6Vi7cL23VX95/ msbmSHqm60hh0BOYtotCiKWDP8RbfJMRtLRUJAG7/68nPe6tniXYS65YOMPyG8rL TezySc0JPunJdJ1LkFzl7dWMjDC0wzc1Dc5MPzNt8fnBIfOjvbKRnt81xHweaA0B XUE58ThKb93Rj17kz2vdgES8xnfWdWD7BFueKahFbDRu3+E/g5Vvn+bdYBX8Gi+p D2y04UgA0v1fomZGD9/ABmEy5Z8PDrZ2uVP54Rb99MFUrcL5fVq5imp9+DMVlC8w bi49VklH40qFboO/K27XIJEobE0g+Hr5e0KC+ZxEHjsy4sL+pl6MFFQ/9/soAuHd zEo6W0wKfxyJBOjisl/dfcIPXGB6p6RjoQ7QMJ1JcQH19Gkvk6MoQxz88mVtbCb6 0O4GKsoEN3Rft8TDTQT1 =Q/YM -----END PGP SIGNATURE----- _______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- Snort Subscriber Rules Update 2022-05-10 Research (May 10)