Snort mailing list archives
Snort Subscriber Rules Update 2022-01-11
From: Research <research () sourcefire com>
Date: Tue, 11 Jan 2022 20:39:08 GMT
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Talos Snort Subscriber Rules Update Synopsis: Talos is aware of vulnerabilities affecting products from Microsoft Corporation. Details: Microsoft Vulnerability CVE-2022-21881: A coding deficiency exists in Microsoft Windows Kernel that may lead to elevation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 58866 through 58867. Microsoft Vulnerability CVE-2022-21882: A coding deficiency exists in Microsoft Win32k that may lead to an escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 58859 through 58860. Microsoft Vulnerability CVE-2022-21887: A coding deficiency exists in Microsoft Win32k that may lead to an escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 58874 through 58875. Microsoft Vulnerability CVE-2022-21897: A coding deficiency exists in Microsoft Windows Common Log File System Driver that may lead to an escalation of privilege. Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 40689 through 40690. Microsoft Vulnerability CVE-2022-21907: A coding deficiency exists in HTTP Stack that may lead to remote code execution. Preprocessors to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 119, SIDs 19 and 31. Microsoft Vulnerability CVE-2022-21908: A coding deficiency exists in Microsoft Windows Installer that may lead to an escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 58870 through 58871. Microsoft Vulnerability CVE-2022-21916: A coding deficiency exists in Microsoft Windows Common Log File System Driver that may lead to an escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 58872 through 58873. Microsoft Vulnerability CVE-2022-21919: A coding deficiency exists in Microsoft Windows User Profile Service that may lead to an escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 58868 through 58869. Talos also has added and modified multiple rules in the file-other, indicator-obfuscation, malware-cnc, malware-other and server-webapp rule sets to provide coverage for emerging threats from these technologies. For a complete list of new and modified rules please see: https://www.snort.org/advisories -----BEGIN PGP SIGNATURE----- iQIcBAEBAgAGBQJh3erqAAoJEGCbAk8rPt0Hp5IP/0gfW8erT6b0PAZO8W2XMui8 pM1QIPrG49viuetcTXIiQ3SeQJo1iHYTNKu2j+WfrHE+5ZZrxbiCt1HuDaD6MH9Y 7XybiwyXBpmhznzT0wDuDHX13ZTLAUUKUpQzjRAQPsEHiRxRSmQWHIzi5CmoYro1 xqRibHGkb2meYt6jI0zWlglEugwJuz15TNl0do25zW8ngwymCC8q4l+t2+M/KPpE YA5DoL8ONjnQMUPZ+BUngUDXdTJFdWGWB1Ld2BHwqv4qQavTwzlBIWMH6oYF2/uA bRKh2n+L2G3MM+bOoqi1hs6smp6g7d5qZqPCJIsfTHa8K4KKAG6G3VypTrNxYXug t+lFDfdDvVroYd9p9TPPK7BWIO1Zt+EnrA20y3UOqtLqJklIkgmn6lOFm1/MKGuQ ccGwoZRqWYhqgRvuLdW2N93ktcae52RyVmMN97kIZG/+aML61P34qmdSC7FLt0pI 7rle/LDqLDpWoZlNe1+BfGReOkSVvAQztuGpwHNo/7Pis9IVE9rdFxkQF4VvTOrL 10+HSwygULdaz73Xxedd66JCiujVCUiU1fJfb007vW58oegD+1YE6CnXVoTBnm4i SUo8tnBulQk3u2+jI9TV0bmkQp1g18hAW+Ky9tu3IQvuv/LrF+0FjpvTUTsZqIAJ vSzhIS1h318aU8NrgDRR =3hth -----END PGP SIGNATURE----- _______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- Snort Subscriber Rules Update 2022-01-11 Research (Jan 11)