Snort Subscriber Rules Update 2022-11-08

[Research <research () sourcefire com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Talos Snort Subscriber Rules Update

Synopsis:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Vulnerability CVE-2022-41057:
A coding deficiency exists in Microsoft Windows HTTP.sys that may lead
to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 60822 through 60823,
Snort 3: GID 1, SID 300312.

Microsoft Vulnerability CVE-2022-41096:
A coding deficiency exists in Microsoft DWM Core Library that may lead
to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 60820 through 60821,
Snort 3: GID 1, SID 300311.

Microsoft Vulnerability CVE-2022-41109:
A coding deficiency exists in Microsoft Windows Win32k that may lead to
an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 60815 through 60816,
Snort 3: GID 1, SID 300309.

Microsoft Vulnerability CVE-2022-41113:
A coding deficiency exists in Microsoft Windows Win32k Kernel Subsystem
that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 60818 through 60819,
Snort 3: GID 1, SID 300310.

Microsoft Vulnerability CVE-2022-41118:
A coding deficiency exists in Microsoft Windows Scripting Languages
that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 60833 through 60834,
Snort 3: GID 1, SID 300316.

Microsoft Vulnerability CVE-2022-41125:
A coding deficiency exists in Microsoft Windows CNG Key Isolation
Service that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 60831 through 60832,
Snort 3: GID 1, SID 300315.

Talos also has added and modified multiple rules in the browser-ie,
file-other, malware-cnc and os-windows rule sets to provide coverage
for emerging threats from these technologies.


For a complete list of new and modified rules please see:

https://www.snort.org/advisories
-----BEGIN PGP SIGNATURE-----

iQIcBAEBAgAGBQJjarL8AAoJEGCbAk8rPt0Hz6UP/is7ElFXWdlaQQ7Gy8QNKpTg
B8jb3Ce936S/a2lgSw87CMhOlO6ipbGikQhSZIXjAM7pJaYu6osCpt6/vJCxtV0f
3VNQ7V1vLZnr4vhGR84zzsjONA1BpZaWlX7ZdCxAAqM1yvpJAUyl8D9hc2d5FUEP
hMbW4Ua9ifL1mwGltIWke6NIqGUg5GQzkvpIl5IkyTPQUaeMmQC/Vo1P/aqI3+wg
I65hL07rw3YFr4rvhrhGPuNrYtiSl4G7fFbknC9IJj0eqIKCjsBSiH+QFEltw7r2
vdj6dtLJcP1JTZ96ArV2QyHvuMLOwZPJc+xzasvWjTt+0TNrXrQh4RJnac0fEJTE
NiEArynWD3yO9IDVE+QycgdKPAI20EQL3VWEgp9YnFRJVqD/31tPf66u8O94RI5c
lo7uJ6CyrVBATZPjZP7b4EPafoTORLy2XJ1y/jflf/o5haAF8VQCGC1gmx3XHc20
iSEU+O2uGk0XNVBEi6/ErFSmT1f+T5wZss1jupxc/kltch974d2P5UEW3crsvqNX
kmk1WCB9EdiOTwvx+543pSQ6mUeyxo5JK5FFOnL5WwnXlPd1prRCSISaftM7c4bk
xoT1oTeY0ErYWAzhq1VHXNj1Cv7ngFUZ4/7N14uMoFdAS3/G2nPYI6MFBKBTY6Js
PW0sDCfz2UCM+6Jo7IO8
=xDbG
-----END PGP SIGNATURE-----

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!