Snort Subscriber Rules Update 2023-12-12

[Research <research () sourcefire com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Talos Snort Subscriber Rules Update

Synopsis:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Vulnerability CVE-2023-35631:
A coding deficiency exists in Microsoft Win32k that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 62762 through 62763,
Snort 3: GID 1, SID 300777.

Microsoft Vulnerability CVE-2023-35632:
A coding deficiency exists in Microsoft Windows Ancillary Function
Driver for WinSock that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 62786 through 62787,
Snort 3: GID 1, SID 300784.

Microsoft Vulnerability CVE-2023-35633:
A coding deficiency exists in Microsoft Windows Kernel that may lead to
an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 62770 through 62771,
Snort 3: GID 1, SID 300781.

Microsoft Vulnerability CVE-2023-35644:
A coding deficiency exists in Microsoft Windows Sysmain Service
Elevation of Privilege that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 62754 through 62755,
Snort 3: GID 1, SID 300774.

Microsoft Vulnerability CVE-2023-36005:
A coding deficiency exists in Microsoft Windows Telephony Server that
may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 62764 through 62765,
Snort 3: GID 1, SID 300778.

Microsoft Vulnerability CVE-2023-36391:
A coding deficiency exists in Microsoft Local Security Authority
Subsystem Service that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 62766 through 62767,
Snort 3: GID 1, SID 300779.

Microsoft Vulnerability CVE-2023-36696:
A coding deficiency exists in Microsoft Windows Cloud Files Mini Filter
Driver that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 62768 through 62769,
Snort 3: GID 1, SID 300780.

Talos also has added and modified multiple rules in the browser-chrome,
file-executable, malware-other and server-webapp rule sets to provide
coverage for emerging threats from these technologies.


For a complete list of new and modified rules please see:

https://www.snort.org/advisories
-----BEGIN PGP SIGNATURE-----

iQIcBAEBAgAGBQJleKv9AAoJEMzg39Iewam/sLEP/0SCEGiUfCIK5TKnZsRkS79X
lwkU26tbsDACpGX7IZSnqT4MjcT7JJhtPWOFjCyaXbXiJShprPHTchg+9ep4AWhA
sxDIlFtfP+D2j3+5VAjY/cUFte9WLqBOYaK5eeXuNyNmrqS+wiTwNkOYTYq6stLi
5iYegu87iQFU0lpfEG5V15x5qZppdbu4aSEdAU+0qcc+JziTuyB/oh4Cxt4U1AhM
lQ2wJI0U3uIgNl42Hfx0/bfPQGeijp5jfVjpPYJQGzlZcBU68Kkf6+F6RJP+NBm/
WhR5N/zjqGd9DmhXaibTtNQcymtrjVDx/cZetOizj/MtKOKQAcbM8WDILVwjelXa
9bOTgkBZrq7SXaZXhIO8V9Jv+ZGDvPju+3FOR6cYOAF4BZWC6WEhuTA/qOf5gESi
Xi79s1NgsB4IsAQSfMyCCRcJO9OH761Gr2fQO8ZuYaDcZ0bj1YQ/a0TQfKehqjYo
DZ3mWYG7hSQweD1mA+dlC8qmceEUt2ZOe0e7/Fbqq6zDF05jO/gfG4bK2rcWV8qj
6LbUq9GSHYLM48ljj+wgyzYz+WyijmeQ8CErkOqq9daXR6PRp74Q4Xlg382enDyt
5ZmJDlyJd4P4UjB6ia2w8ssojWupGpX0CX0hOB+MUxjdgKSn6cAKqYSiZ23axNzV
EFqs7ToQ14+kJuMrUxuZ
=XKna
-----END PGP SIGNATURE-----

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!