Snort Subscriber Rules Update 2022-01-11

[Research <research () sourcefire com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Talos Snort Subscriber Rules Update

Synopsis:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Vulnerability CVE-2022-21881:
A coding deficiency exists in Microsoft Windows Kernel that may lead to
elevation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 58866 through 58867.

Microsoft Vulnerability CVE-2022-21882:
A coding deficiency exists in Microsoft Win32k that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 58859 through 58860.

Microsoft Vulnerability CVE-2022-21887:
A coding deficiency exists in Microsoft Win32k that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 58874 through 58875.

Microsoft Vulnerability CVE-2022-21897:
A coding deficiency exists in Microsoft Windows Common Log File System
Driver that may lead to an escalation of privilege.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 40689 through 40690.

Microsoft Vulnerability CVE-2022-21907:
A coding deficiency exists in HTTP Stack that may lead to remote code
execution.

Preprocessors to detect attacks targeting these vulnerabilities are
included in this release and are identified with GID 119, SIDs 19 and
31.

Microsoft Vulnerability CVE-2022-21908:
A coding deficiency exists in Microsoft Windows Installer that may lead
to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 58870 through 58871.

Microsoft Vulnerability CVE-2022-21916:
A coding deficiency exists in Microsoft Windows Common Log File System
Driver that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 58872 through 58873.

Microsoft Vulnerability CVE-2022-21919:
A coding deficiency exists in Microsoft Windows User Profile Service
that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 58868 through 58869.

Talos also has added and modified multiple rules in the file-other,
indicator-obfuscation, malware-cnc, malware-other and server-webapp
rule sets to provide coverage for emerging threats from these
technologies.


For a complete list of new and modified rules please see:

https://www.snort.org/advisories
-----BEGIN PGP SIGNATURE-----

iQIcBAEBAgAGBQJh3erqAAoJEGCbAk8rPt0Hp5IP/0gfW8erT6b0PAZO8W2XMui8
pM1QIPrG49viuetcTXIiQ3SeQJo1iHYTNKu2j+WfrHE+5ZZrxbiCt1HuDaD6MH9Y
7XybiwyXBpmhznzT0wDuDHX13ZTLAUUKUpQzjRAQPsEHiRxRSmQWHIzi5CmoYro1
xqRibHGkb2meYt6jI0zWlglEugwJuz15TNl0do25zW8ngwymCC8q4l+t2+M/KPpE
YA5DoL8ONjnQMUPZ+BUngUDXdTJFdWGWB1Ld2BHwqv4qQavTwzlBIWMH6oYF2/uA
bRKh2n+L2G3MM+bOoqi1hs6smp6g7d5qZqPCJIsfTHa8K4KKAG6G3VypTrNxYXug
t+lFDfdDvVroYd9p9TPPK7BWIO1Zt+EnrA20y3UOqtLqJklIkgmn6lOFm1/MKGuQ
ccGwoZRqWYhqgRvuLdW2N93ktcae52RyVmMN97kIZG/+aML61P34qmdSC7FLt0pI
7rle/LDqLDpWoZlNe1+BfGReOkSVvAQztuGpwHNo/7Pis9IVE9rdFxkQF4VvTOrL
10+HSwygULdaz73Xxedd66JCiujVCUiU1fJfb007vW58oegD+1YE6CnXVoTBnm4i
SUo8tnBulQk3u2+jI9TV0bmkQp1g18hAW+Ky9tu3IQvuv/LrF+0FjpvTUTsZqIAJ
vSzhIS1h318aU8NrgDRR
=3hth
-----END PGP SIGNATURE-----

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!