Snort mailing list archives
Snort Subscriber Rules Update 2024-04-09
From: Research via Snort-sigs <snort-sigs () lists snort org>
Date: Tue, 9 Apr 2024 17:29:11 GMT
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Talos Snort Subscriber Rules Update Synopsis: Talos is aware of vulnerabilities affecting products from Microsoft Corporation. Details: Microsoft Vulnerability CVE-2024-26158: A coding deficiency exists in Microsoft Install Service that may lead to an escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 63254 through 63255, Snort 3: GID 1, SID 300873. Microsoft Vulnerability CVE-2024-26209: A coding deficiency exists in Microsoft Local Security Authority Subsystem Service that may lead to an information disclosure. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 63263 through 63264, Snort 3: GID 1, SID 300877. Microsoft Vulnerability CVE-2024-26211: A coding deficiency exists in Microsoft Windows Remote Access Connection Manager that may lead to an escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 63256 through 63257, Snort 3: GID 1, SID 300874. Microsoft Vulnerability CVE-2024-26212: A coding deficiency exists in Microsoft DHCP Server Service that may lead to denial of service. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SID 63265, Microsoft Vulnerability CVE-2024-26218: A coding deficiency exists in Microsoft Windows Kernel that may lead to an escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 63266 through 63267, Snort 3: GID 1, SID 300878. Microsoft Vulnerability CVE-2024-26230: A coding deficiency exists in Microsoft Windows Telephony Server that may lead to an escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 63268 through 63269, Snort 3: GID 1, SID 300879. Microsoft Vulnerability CVE-2024-26234: A coding deficiency exists in Microsoft Proxy Driver that may lead to spoofing. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 63270 through 63271, Snort 3: GID 1, SID 300880. Microsoft Vulnerability CVE-2024-26256: A coding deficiency exists in Microsoft libarchive that may lead to remote code execution. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 63274 through 63275, Snort 3: GID 1, SID 300881. Talos also has added and modified multiple rules in the malware-other, os-windows, policy-other, pua-other and server-webapp rule sets to provide coverage for emerging threats from these technologies. For a complete list of new and modified rules please see: https://www.snort.org/advisories -----BEGIN PGP SIGNATURE----- iQIcBAEBAgAGBQJmFXrmAAoJEMzg39Iewam/fiEP/0tGb43SI0oTEEcFAaOKtblw jfyqMLTz05MBhY/KZgR/e5E+maim0td/+wRBvx7mKdYXc1m36gGH2NcKlly+sIlf Pt90Koec80NKszBI47k7k4lPbiEG7eRsTGxcS+BF0H6sum3NTMxldVlKnEmAfgn4 J4KzO8LwpMicVPHP9qezCmqtzVuyGvlMo3wAvD6JBZnfp2FxQxOE0TljlxmafPzw Sa59XX9GseYn9bFmPqREKziJAr4sS06hODnzSUp9JNRe/TqL0dgOFe1P918W7Tn/ 8GDfsJDuzfQwVdnafMrzgPagjF6NI5Pah/SeA3euK+dGizYbTr9FNyZEw/w+0S7W 6D65illNqW/nW1fOmSK1v7KGHe1qkDa7ADeKJRTvkyxsTe2NZMZJDAvlbJWzT66Z J/gqid+3+zGkG2oRc8NEZDfxCV/m0+hRHvu+t35zjbczJIuDIB4oW3+AbMRwYoH/ MvJWQbsBgk6cS9SL7qLw95KMdWnxPgSN75oDc/L9i23PLIWnsXJA8U5zkoEZrIB/ AhMqAhQgELwVzxz/LtMse6rdBBOPheTsfPhvnFWxo0Z3Y1Dq2KFOyZxvl5FHCKAh PoQ9kE5WF6XaZkkoiuHOO5mtkbkGzglJvINulJm/h1XHlzUraQ96kodBAOM39ibu HfWiARXkp8jFEDbkyx7m =dgRQ -----END PGP SIGNATURE----- _______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- Snort Subscriber Rules Update 2024-04-09 Research via Snort-sigs (Apr 09)