Snort Subscriber Rules Update 2023-01-10

[Research <research () sourcefire com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Talos Snort Subscriber Rules Update

Synopsis:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Vulnerability CVE-2023-21552:
A coding deficiency exists in Microsoft Windows GDI that may lead to
elevation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 61060 through 61061,
Snort 2: GID 1, SID 300358.

Microsoft Vulnerability CVE-2023-21674:
A coding deficiency exists in Microsoft Windows Advanced Local
Procedure Call (ALPC) that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 61062 through 61063,
Snort 3: GID 1, SID 300359.

Microsoft Vulnerability CVE-2023-21768:
A coding deficiency exists in Microsoft Windows Ancillary Function
Driver for WinSock that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 61064 through 61065,
Snort 3: GID 1, SID 300360.

Talos also has added and modified multiple rules in the malware-cnc,
malware-other and server-webapp rule sets to provide coverage for
emerging threats from these technologies.


For a complete list of new and modified rules please see:

https://www.snort.org/advisories
-----BEGIN PGP SIGNATURE-----

iQIcBAEBAgAGBQJjvbWDAAoJEGCbAk8rPt0H2NwQALcLk7YbPEDGSafhQm5FRAT6
UgBiTjGeDvo223NytSWyOilVejCHkFHPKUH+3zUG2rj4nnU43vlpvavQd96Be4mk
/1gQSbslZ7LKpLnt/heInD43ODSKJxO1bzpVv8k/xz8wirITVpnT1zkrRBc6IHGY
hsRj6H2bwzgqBrr7rP3vCuNxqlrTVyM/A+gxgdqEjGxzcT8q+QcF26kcnWUoNnd8
AHf0/a83+RqhH24g8G1ufKJNHkDhiWgiRBZyMmBdRVEVC8adz2k8nwTPHR0gk52G
cJb/muhIfupyIXpqEVy8yfL52L2XphAFSCw08lmcAts7I7S2l1W9u4ASMZkKMXAN
zWLucG90Gt7bZzh6qc53/dkwR2wRfDVt/IL8FxTrwRn3GCmCz3Dlkd95kz5jT7X5
go9tf6ihODB7LJ06BMpqz/mJZE1u+kcMTUJgaf91/eTa0AerS/n7MKjXSAfSB6gd
PGNBxlOJXiGE+NjUqSlvVzTiVQdKlyT9Fnnlq5WtichajFPkooVb0BO80v23ToPu
sbg+5iEL1YLPWT/56r/RNXyxD+rPKqokm+v5ith3sr36vJout7FmQ0AjtV+1/RLI
VO7g1xAbBy7j87ojOrJHVCByi/18VgTI8dKQXpyIEzMIdnAiXOJVlhzZ0Q0ILS7Y
tdvXi30lZ179qDKZxSpH
=eC5S
-----END PGP SIGNATURE-----

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!