Snort Subscriber Rules Update 2023-04-11

[Research <research () sourcefire com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Talos Snort Subscriber Rules Update

Synopsis:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Vulnerability CVE-2023-21554:
A coding deficiency exists in Microsoft Message Queuing that may lead
to remote code execution.

A rule to detect attacks targeting this vulnerability is included in
this release and is identified with:
Snort 2:  GID 1, SID 61619,
Snort 3:  GID 1, SID 61619.

Microsoft Vulnerability CVE-2023-24912:
A coding deficiency exists in Microsoft Windows Graphics Component that
may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 61617 through 61618,
Snort 3: GID 1, SID 300500.

Microsoft Vulnerability CVE-2023-28218:
A coding deficiency exists in Microsoft Windows Ancillary Function
Driver for WinSock that may lead to an escalation of privilege.

A rule to detect attacks targeting this vulnerability is included in
this release and is identified with:
Snort 2: GID 1, SIDs 61615 through 61616,
Snort 3: GID 1, SID 300499.

Microsoft Vulnerability CVE-2023-28219:
A coding deficiency exists in Layer 2 Tunneling Protocol that may lead
to remote code execution.

A rule to detect attacks targeting this vulnerability is included in
this release and is identified with:
Snort 2: GID 1, SID 61614,
Snort 3: GID 1, SID 61614.

Microsoft Vulnerability CVE-2023-28220:
A coding deficiency exists in Layer 2 Tunneling Protocol that may lead
to remote code execution.

A rule to detect attacks targeting this vulnerability is included in
this release and is identified with:
Snort 2: GID 1, SID 61613,
Snort 3: GID 1, SID 61613.

Microsoft Vulnerability CVE-2023-28231:
A coding deficiency exists in Microsoft DHCP Server Service that may
lead to remote code execution.

A rule to detect attacks targeting this vulnerability is included in
this release and is identified with:
Snort 2: GID 1, SID 61620,
Snort 3: GID 1, SID 61620.

Microsoft Vulnerability CVE-2023-28274:
A coding deficiency exists in Microsoft Win32k that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 61606 through 61607,
Snort 3: GID 1, SID 300496.

Talos also has added and modified multiple rules in the browser-chrome,
malware-cnc and server-webapp rule sets to provide coverage for
emerging threats from these technologies.


For a complete list of new and modified rules please see:

https://www.snort.org/advisories
-----BEGIN PGP SIGNATURE-----

iQIcBAEBAgAGBQJkNbGMAAoJEMzg39Iewam/WvQP/i0IaMNtItNkQRZNXOxhQeKO
8j2N0/8L3LFsOYAUluLptDatSO5byw7LuQSKYUd7+A302QXS0ufa21A5DQrb/ULx
K2+6dafbuSKv/pksr+XNjG/WoeFAgDxucXwGUY+0hRFUd0lnDB2BxY/sbbyNYXOx
Jwh3KQQ8sXcczS91OlLgdSBpWF7cFwal93O5/iWhwWqkfjM5SHBT1WGvVs336zDZ
2S/hWvuR1p5e8ZXdtCkmdtjpWei+l1efEBWVOmhMCRattScR0m2Q1BwbULWLUImj
HCDEA/Z9HFsaKQaFn3UumvE66t7mrr4G/zMLwE6zpr5tawMMjr9fhzJ6Y53yh9EU
OlgbEZrpbSZnlVf5NjZh0abw1yzTBiqzqPKCBvx0oez5w0WLAk7ofOO4MDHRu0S8
ljx2NypiB85ouJtOEJi7upCeCGysJQ6FSwz3usV1ZRw2zmpfTUgzM3a+zSWRjmN9
lY11pN5U8Emy/Dwpd5yC5TuO7vgz8DMs2riHGMKdYdpUCXTsE5QP0h9RaLHpXCKV
9guZltnhkjRuOT7K6iGZlTjGWy41sF33VeBLoKU32yffuKQxxIBP+vWEcPn8CsMr
1slcnWzyBxdMsQ32eGx7nDZ6dwGb8E+O3faa+kdLOjSWkRFqUMgemNA+p0tqEm63
Cq97MmuV3bYQ6f20TS6C
=nvan
-----END PGP SIGNATURE-----

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!