Snort Subscriber Rules Update 2022-03-08

[Research <research () sourcefire com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Talos Snort Subscriber Rules Update

Synopsis:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Vulnerability CVE-2022-21990:
A coding deficiency exists in Remote Desktop Client that may lead to
remote code execution.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 59107 through 59108.

Microsoft Vulnerability CVE-2022-23253:
A coding deficiency exists in Point-to-Point Tunneling Protocol that
may lead to denial of service.

A rule to detect attacks targeting this vulnerability is included in
this release and is identified with GID 1, SID 59212.

Microsoft Vulnerability CVE-2022-23285:
A coding deficiency exists in Remote Desktop Client that may lead to
remote code execution.

A rule to detect attacks targeting this vulnerability is included in
this release and is identified with GID 1, SID 59215.

Microsoft Vulnerability CVE-2022-23286:
A coding deficiency exists in Microsoft Windows Cloud Files Mini Filter
Driver that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 59213 through 59214.

Microsoft Vulnerability CVE-2022-23299:
A coding deficiency exists in Microsoft Windows PDEV that may lead to
an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 59210 through 59211.

Microsoft Vulnerability CVE-2022-24502:
A coding deficiency exists in Microsoft Windows HTML Platforms that may
lead to security feature bypass.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 59216 through 59217.

Microsoft Vulnerability CVE-2022-24507:
A coding deficiency exists in Microsoft Windows Ancillary Function
Driver that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 59220 through 59221.

Talos also has added and modified multiple rules in the browser-ie,
malware-cnc, malware-other, os-windows and server-webapp rule sets to
provide coverage for emerging threats from these technologies.


For a complete list of new and modified rules please see:

https://www.snort.org/advisories
-----BEGIN PGP SIGNATURE-----

iQIcBAEBAgAGBQJiJ6JtAAoJEGCbAk8rPt0H96YQAIBhXIXZC7BI8nOWUIBKeLC/
785xDPjSuVTu27qXBHrWnIH4AxySgFoLYUtl4pD41aPwBDhQ6386IKthn+u8PoXz
I+IEsazwBe+iAcSF++kQ63JH409rOEJwltIaRoCe+18dkCF3XewSjbdudYU/Rk6+
66SFMJu0/HJRWt2A10tYA0OJqE0cEBfjZXOCFzOMw8S09QzOSH5DnnfynD6SKp/W
BpTA1sFdvHRyMryiEPeegbtYeovjgH0TDpSasiTl7iHM7qnQ9XrppH4CvbvZe57y
wAwdi+MPb/qg0HiVCJKBq32q/b8S+fxDzlueQXgXVS0vZ88F8N34hBfSLAqiEmIf
KjQmMj+ZH8d4+vPMbnZyBPSPjsHdq7TeSMqRZzq9xI0Tiueund29QsllMPyLkKfW
DBljQZkwLz3BUEprECbAnG+ehGkPpMUgSbSXb0+tYGNxGHNROxNbpRl663fHaNFC
5NxKnEymptn7ExEZ7E3aWRJPkQKYsRqA2u9fU99xp32PN4yQFnWcBW8ID/uJckAz
ifPkSPtiHrAFIXljE9IEhE7PIBM/s0nHBndFWnjJbnZBiVOUeCMQ68WzOWqRHIZG
Ws1OdKNw3okBFiEZFnAKOk/LZVvCtSfXLbOtBjPv63H/CoSCnixleaL9XFgzCg9s
9537mA8CTaWf10A3ayZq
=tMl1
-----END PGP SIGNATURE-----

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!