Snort Subscriber Rules Update 2024-01-09

[Research <research () sourcefire com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Talos Snort Subscriber Rules Update

Synopsis:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Vulnerability CVE-2024-20653:
A coding deficiency exists in Microsoft Common Log File System that may
lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 62854 through 62859,
Snort 3: GID 1, SIDs 300799 through 300801.

Microsoft Vulnerability CVE-2024-20683:
A coding deficiency exists in Microsoft Win32k that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 62847 through 62848,
Snort 3: GID 1, SID 300797.

Microsoft Vulnerability CVE-2024-20698:
A coding deficiency exists in Microsoft Windows Kernel that may lead to
an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 62849 through 62850,
Snort 3: GID 1, SID 300798.

Microsoft Vulnerability CVE-2024-21310:
A coding deficiency exists in Microsoft Windows Cloud Files Mini Filter
Driver that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 62860 through 62861,
Snort 3: GID 1, SID 300802.

Talos also has added and modified multiple rules in the browser-chrome,
file-pdf and server-webapp rule sets to provide coverage for emerging
threats from these technologies.


For a complete list of new and modified rules please see:

https://www.snort.org/advisories
-----BEGIN PGP SIGNATURE-----

iQIcBAEBAgAGBQJlnZKpAAoJEMzg39Iewam/ZsMP/0qEPpSP/LDAQFuD6HVt+MDj
4DdM/yQ4osELK/Bhg9nEif+mgLoWPhCE4LT9i+/CaeL+xmW23HEC5hBaLurvUuje
93r4DQk1dpvZwLLEXF36BHbn2AhJ/uGCOomvyoymID08gwACjKQnFUrO7xkec6EQ
3nDwmKF0w0ON6NhszeR585gU8sbuMm348QGAm53KhOdOv9IFoT5ZLtE+m5XCawci
URcgjFWb+U8mzq0s95VygS3N/dTOlZZRes/7krZ9mBVzv9EaEd6ypE5YjKrEY1i/
rCQ6bgvFkv6BCaq8chV9ubcesIpLLoOPOTq5YHa5Xg/Eg+d1Uvy4eZW2r87yjL2R
eHr50fFCcvX7NlcSLfFGagSIEoPvThrpAw0vLpnl7JY9SHClXhMau1koqJbAHWQx
5+TmPkAhTaT5FZGBzWYZWkjK7c19+dKFfGGT94mGSNLdpIo7p9ZQkkzguQD1/xvr
f8bEHZYaQXPqyYCFlDeZudwfozc6AfykQmkaZbrfGGzMf0ROEHCpT9vEBosA6ZQz
SXH7jfHGqF9isQaecQZ366JZw0JoR07NOFc/IGhm1+6gHzKDwgGwaTRarpE3iofY
isdXK5WM57yZsf7mQQX8XrXvLCOuUZwKow8aIdud2LhAplvBFZr1FAbHBoeBTcOO
rF7l9lUlveuR8uocU5Wk
=+xac
-----END PGP SIGNATURE-----

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!