Snort Subscriber Rules Update 2024-05-14

[Research via Snort-sigs <snort-sigs () lists snort org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Talos Snort Subscriber Rules Update

Synopsis:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Vulnerability CVE-2024-29996:
A coding deficiency exists in Microsoft Windows Common Log File System
Driver that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 63427 through 63428,
Snort 3: GID 1, SID 300909.

Microsoft Vulnerability CVE-2024-30025:
A coding deficiency exists in Microsoft Windows Common Log File System
Driver that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 63419 through 63420,
Snort 3: GID 1, SID 300906.

Microsoft Vulnerability CVE-2024-30032:
A coding deficiency exists in Microsoft Windows DWM Core Library that
may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 63425 through 63426,
Snort 3: GID 1, SID 300908.

Microsoft Vulnerability CVE-2024-30034:
A coding deficiency exists in Microsoft Windows Cloud Files Mini Filter
Driver that may lead to an information disclosure.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 63422 through 63423,
Snort 3: GID 1, SID 300907.

Microsoft Vulnerability CVE-2024-30035:
A coding deficiency exists in Microsoft Windows DWM Core Library that
may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 63429 through 63430,
Snort 3: GID 1, SID 300910.

Microsoft Vulnerability CVE-2024-30037:
A coding deficiency exists in Microsoft Windows Common Log File System
Driver that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 63431 through 63432,
Snort 3: GID 1, SID 300911.

Microsoft Vulnerability CVE-2024-30044:
A coding deficiency exists in Microsoft SharePoint Server that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SID 63424,
Snort 3: GID 1, SID 63424.

Microsoft Vulnerability CVE-2024-30050:
A coding deficiency exists in Microsoft Windows Mark of the Web that
may lead to security feature bypass.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 63434 through 63435,
Snort 3: GID 1, SID 300912.

Talos also has added and modified multiple rules in the
file-executable, os-windows, policy-other, protocol-voip and
server-webapp rule sets to provide coverage for emerging threats from
these technologies.


For a complete list of new and modified rules please see:

https://www.snort.org/advisories
-----BEGIN PGP SIGNATURE-----

iQIcBAEBAgAGBQJmQ6H5AAoJEMzg39Iewam/ZD4P/2CaUuyWdywCgSMVv98rQiAO
avn94wM3bSPrm8EWU+sLnPx04AShq+9A5D1pxu5i+Tz4B54pyUXvAIYcWON007V+
qHpwxQW03BQytV2UakU+iguCaJMmlVTch+xahiDE3g+gSG85MkhahgERnDy6oI9u
vu1Inw0fxRR30+Vcg6fd/Zy13R09yAsBEDRtzMIv5tvMwcIfhEKa73JSIDWMvz5R
44azerpFNjp1tvjeqlx8YKbbfiJZ4OW2sjoEGdZMFPQccZqg4FIcN0cfwg6uybim
wIYJP6x8F/oy6f2vnB9ZhO67QXTxq0OSTryLr4pbIod31UpnNX4Kk2xgdzRvEDuw
G23rp7eoiYdJKg2eMuE80/F36TksCuPxXazVrE+53kQT1orNgenIuoK9kZFA6qYn
bqnsS63EjNl0t+0EBeVKBN/Kd0IhgGlVdX7xFIBJwbgU3FmHyB4jidVqCWDb90F+
sImASyUWTZk5It8aDTqFivUpEwav98KOSyWa9uB66OBxBd2mGutSmKyMEGDWmuER
kPyCoO+mDS+DOKBSYroDE4QKX0doEcMgciirthNqp9v1UrdWIrsKqa0pAVD3TgdV
P2R7HOFmc1W0uIhqw5kexxMhYd+NeUcU5GjL2HK/jh0JcngI3G6+FHhifkQ1kXQn
f0YFZDW9Bq1a6z9MB5Db
=e8Tw
-----END PGP SIGNATURE-----

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!