Snort Subscriber Rules Update 2023-02-14

[Research <research () sourcefire com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Talos Snort Subscriber Rules Update

Synopsis:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Vulnerability CVE-2023-21529:
A coding deficiency exists in Microsoft Exchange Server that may lead
to remote code execution.

A previously released rule will detect attacks targeting these
vulnerabilities and has been updated with the appropriate reference
information. It is included in this release and is identified with:
Snort2: GID 1, SID 57907,
Snort3: GID 1, SID 57907.

Microsoft Vulnerability CVE-2023-21688:
A coding deficiency exists in NT OS Kernel that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort2: GID 1, SIDs 61312 through 61313,
Snort3: GID 1, SID 300416.

Microsoft Vulnerability CVE-2023-21689:
A coding deficiency exists in Microsoft Protected Extensible
Authentication Protocol (PEAP) that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort3: GID 1, SID 300438.

Microsoft Vulnerability CVE-2023-21690:
A coding deficiency exists in Microsoft Protected Extensible
Authentication Protocol (PEAP) that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort3: GID 1, SID 300438 through 300439.

Microsoft Vulnerability CVE-2023-21706:
A coding deficiency exists in Microsoft Exchange Server that may lead
to remote code execution.

A rule to detect attacks targeting this vulnerability is included in
this release and is identified with:
Snort2: GID 1, SID 61359,
Snort3: GID 1, SID 61359.

Microsoft Vulnerability CVE-2023-21819:
A coding deficiency exists in Microsoft Windows Secure Channel that may
lead to a Denial of Service (DoS).

A rule to detect attacks targeting this vulnerability is included in
this release and is identified with:
Snort2: GID 1, SID 61357,
Snort3: GID 1, SID 61357.

Microsoft Vulnerability CVE-2023-21823:
A coding deficiency exists in Microsoft Graphics Component that may
lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort2: GID 1, SIDs 61314 through 61315,
Snort3: GID 1, SID 300417.

Microsoft Vulnerability CVE-2023-23376:
A coding deficiency exists in Microsoft Windows Common Log File System
Driver that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort2: GID 1, SIDs 61320 through 61321,
Snort3: GID 1, SID 300420.

Talos also has added and modified multiple rules in the file-other,
indicator-compromise, malware-tools, os-windows, policy-other and
server-webapp rule sets to provide coverage for emerging threats from
these technologies.


For a complete list of new and modified rules please see:

https://www.snort.org/advisories
-----BEGIN PGP SIGNATURE-----

iQIcBAEBAgAGBQJj6+h1AAoJEGCbAk8rPt0HqMwP/0CAYvLXpzx45QG66BOnRmkw
0S8bAStpG/AhxaJO8Mt4iZGZE5OJxpdlLI9Wk/DtUD+65F0/AhbuhP/fmocL53bi
nnuL3a9jUZK0EK8L30sSfpViCcKoIrtbHb4hZDHXlkQm3+52JtMbzcuPRCQJZBSm
2jnwmRfGm38YIV6N38MTEQkA8MAq2IH5Px9HYshhN7tMnWA5cYAsmTeT0PgiOfdl
sA3wrcE8tyKthC2ETnaaJoe9iZPndI6oj890hxCFlDR/UQAG+QbzAjWXFbqTZUwb
VL6aKE48d2EuR1L5dtqYQKpzvnLTSStExMfjWkUaGwcDk7kk91/08XF88cLz0f4o
sdUwz7A2YxyOt3xKEWe9fccc16fwfmerIGkN6wprpPr/Jrz6QKYUrQqLdaqOuH+y
zNhC7JitWoQ10Z9TYjNXUNSL7JsQCYwgBqzQz9cStT3pb7Bt594wMwX15jNy/ffS
Has7qzuHtU23nDf4RS1sp5fMBqYKm7nFanl0inxiywb+HBOnjcLbe8t15XsaRfMq
6PAK4tDSjMAWG/Hrnwn1CAtRkEYE+htRm+iLEsQK9iJZ5d4qAmHFPUT5bbZFEZvI
R0mWo7Gfa4nkZ3f1Hk9u+W+6mdILnMFr89FJQ3or4bpROYTq8g8FfEmM11jDvC0o
oq2Y26N73KshEws6vkuK
=GS3D
-----END PGP SIGNATURE-----

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!