Snort Subscriber Rules Update 2024-04-09

[Research via Snort-sigs <snort-sigs () lists snort org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Talos Snort Subscriber Rules Update

Synopsis:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Vulnerability CVE-2024-26158:
A coding deficiency exists in Microsoft Install Service that may lead
to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 63254 through 63255,
Snort 3: GID 1, SID 300873.

Microsoft Vulnerability CVE-2024-26209:
A coding deficiency exists in Microsoft Local Security Authority
Subsystem Service that may lead to an information disclosure.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 63263 through 63264,
Snort 3: GID 1, SID 300877.

Microsoft Vulnerability CVE-2024-26211:
A coding deficiency exists in Microsoft Windows Remote Access
Connection Manager that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 63256 through 63257,
Snort 3: GID 1, SID 300874.

Microsoft Vulnerability CVE-2024-26212:
A coding deficiency exists in Microsoft DHCP Server Service that may
lead to denial of service.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SID 63265,

Microsoft Vulnerability CVE-2024-26218:
A coding deficiency exists in Microsoft Windows Kernel that may lead to
an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 63266 through 63267,
Snort 3: GID 1, SID 300878.

Microsoft Vulnerability CVE-2024-26230:
A coding deficiency exists in Microsoft Windows Telephony Server that
may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 63268 through 63269,
Snort 3: GID 1, SID 300879.

Microsoft Vulnerability CVE-2024-26234:
A coding deficiency exists in Microsoft Proxy Driver that may lead to
spoofing.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 63270 through 63271,
Snort 3: GID 1, SID 300880.

Microsoft Vulnerability CVE-2024-26256:
A coding deficiency exists in Microsoft libarchive that may lead to
remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 63274 through 63275,
Snort 3: GID 1, SID 300881.

Talos also has added and modified multiple rules in the malware-other,
os-windows, policy-other, pua-other and server-webapp rule sets to
provide coverage for emerging threats from these technologies.


For a complete list of new and modified rules please see:

https://www.snort.org/advisories
-----BEGIN PGP SIGNATURE-----

iQIcBAEBAgAGBQJmFXrmAAoJEMzg39Iewam/fiEP/0tGb43SI0oTEEcFAaOKtblw
jfyqMLTz05MBhY/KZgR/e5E+maim0td/+wRBvx7mKdYXc1m36gGH2NcKlly+sIlf
Pt90Koec80NKszBI47k7k4lPbiEG7eRsTGxcS+BF0H6sum3NTMxldVlKnEmAfgn4
J4KzO8LwpMicVPHP9qezCmqtzVuyGvlMo3wAvD6JBZnfp2FxQxOE0TljlxmafPzw
Sa59XX9GseYn9bFmPqREKziJAr4sS06hODnzSUp9JNRe/TqL0dgOFe1P918W7Tn/
8GDfsJDuzfQwVdnafMrzgPagjF6NI5Pah/SeA3euK+dGizYbTr9FNyZEw/w+0S7W
6D65illNqW/nW1fOmSK1v7KGHe1qkDa7ADeKJRTvkyxsTe2NZMZJDAvlbJWzT66Z
J/gqid+3+zGkG2oRc8NEZDfxCV/m0+hRHvu+t35zjbczJIuDIB4oW3+AbMRwYoH/
MvJWQbsBgk6cS9SL7qLw95KMdWnxPgSN75oDc/L9i23PLIWnsXJA8U5zkoEZrIB/
AhMqAhQgELwVzxz/LtMse6rdBBOPheTsfPhvnFWxo0Z3Y1Dq2KFOyZxvl5FHCKAh
PoQ9kE5WF6XaZkkoiuHOO5mtkbkGzglJvINulJm/h1XHlzUraQ96kodBAOM39ibu
HfWiARXkp8jFEDbkyx7m
=dgRQ
-----END PGP SIGNATURE-----

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!