Snort Subscriber Rules Update 2022-04-12

[Research <research () sourcefire com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Talos Snort Subscriber Rules Update

Synopsis:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Vulnerability CVE-2022-24474:
A coding deficiency exists in Microsoft Win32k that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 59497 through 59498.

Microsoft Vulnerability CVE-2022-24481:
A coding deficiency exists in Microsoft Windows Common Log File System
driver that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 59521 through 59522.

Microsoft Vulnerability CVE-2022-24491:
A coding deficiency exists in Microsoft Windows Network File System
that may lead to remote code execution.

A rule to detect attacks targeting this vulnerability is included in
this release and is identified with GID 1, SID 59534 through 59535.

Microsoft Vulnerability CVE-2022-24497:
A coding deficiency exists in Microsoft Windows Network File System
that may lead to remote code execution.

A rule to detect attacks targeting this vulnerability is included in
this release and is identified with GID 1, SID 59533.

Microsoft Vulnerability CVE-2022-24521:
A coding deficiency exists in Microsoft Windows Common Log File System
driver that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 59523 through 59524.

Microsoft Vulnerability CVE-2022-24542:
A coding deficiency exists in Microsoft Win32k that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 59525 through 59526.

Microsoft Vulnerability CVE-2022-24546:
A coding deficiency exists in Microsoft DWM Core Library that may lead
to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 59529 through 59530.

Microsoft Vulnerability CVE-2022-24547:
A coding deficiency exists in Microsoft Windows Digital Media Receiver
that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 59531 through 59532.

Microsoft Vulnerability CVE-2022-26904:
A coding deficiency exists in Microsoft Windows User Profile Service
that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 59511 through 59512.

Microsoft Vulnerability CVE-2022-26914:
A coding deficiency exists in Microsoft Win32k that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 59519 through 59520.

Talos also has added and modified multiple rules in the file-image,
file-other, malware-cnc, os-windows, protocol-ftp, protocol-other,
protocol-scada, pua-other, server-apache and server-webapp rule sets to
provide coverage for emerging threats from these technologies.


For a complete list of new and modified rules please see:

https://www.snort.org/advisories
-----BEGIN PGP SIGNATURE-----

iQIcBAEBAgAGBQJiVdnuAAoJEGCbAk8rPt0H9nQP/RsOyla8cUd78Wgz7H5L64Dk
elE3Q/YYGfMwgu8xlk2vWgNCvUDwsvKxqJRG/NAama04zjIsb3Qe9D0u6jCIqviI
717a733x4ENmi1oPSk+k47CFtN4zHcXbdjogbaLDDZXK8PmkEtuKfxXAJ2n/b9RF
0lbto17gahMHukRj8OoaduSoFtyPda36uSxN/H6zf7ytcagHVDtcpHApUQsIeQ4N
W5HjmLehYFEbvMQ6eG1MHi2kqKIkKb/iK6veim+AxMHwfuHGMToKyWwvSFbxhhTr
i3TBNPu1Qp4wyw2gMwR09IJP6A/7FHCZIzT8gUcCo2r+r3GfrirnKanMdQ1DzJGP
lWGD6aRlXWQ0Y4Aj2Vw+9CA05B09UeCioOpSSoQAvd0sNxjj4+AwDGiCAB3AynNf
0OVYch3GqU4wuOaz0LGf/q90GPtjVCC870IAE+HSXbt+qaION8M6UK3yUu5iU8lp
Eg9l++1fVr+0FyPOw0Nh7R3sn9ARgbJqWLQrNJ1fiNIsmBssEBlb+qudJU+QUS4Y
vJt7ZyFBlk/W48ODljtDsmX74L+qf7tpztd7uiWaywNpUkwP8KOPCV+pM1TJM6yj
ZiS0jhmrtelS8jt4YsPya+wx633nB2HNwBR1dDbq7bojySoumQlGKxf+RgwB4pKU
HWEO1nSsHjIatTiBdy/c
=5xT0
-----END PGP SIGNATURE-----

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!