Snort Subscriber Rules Update 2024-06-11

[Research via Snort-sigs <snort-sigs () lists snort org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Talos Snort Subscriber Rules Update

Synopsis:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Vulnerability CVE-2024-30080:
A coding deficiency exists in Microsoft Message Queuing (MSMQ) that may
lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SID 63587,
Snort 3: GID 1, SID 63587.

Microsoft Vulnerability CVE-2024-30084:
A coding deficiency exists in Microsoft Windows Kernel-Mode Driver that
may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 63590 through 63591,
Snort 3: GID 1, SID 300941.

Microsoft Vulnerability CVE-2024-30087:
A coding deficiency exists in Microsoft Win32k that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 63596 through 63597,
Snort 3: GID 1, SID 300942.

Microsoft Vulnerability CVE-2024-30088:
A coding deficiency exists in Microsoft Windows Kernel that may lead to
an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 63583 through 63584,
Snort 3: GID 1, SID 300938.

Microsoft Vulnerability CVE-2024-30089:
A coding deficiency exists in Microsoft Streaming Service that may lead
to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 63585 through 63586,
Snort 3: GID 1, SID 300939.

Microsoft Vulnerability CVE-2024-30091:
A coding deficiency exists in Microsoft Win32k that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 63581 through 63582,
Snort 3: GID 1, SID 300937.

Microsoft Vulnerability CVE-2024-35250:
A coding deficiency exists in Microsoft Windows Kernel-Mode Driver that
may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 63588 through 63589,
Snort 3: GID 1, SID 300940.

Talos also has added and modified multiple rules in the app-detect,
browser-ie, browser-plugins, malware-other, os-other and server-webapp
rule sets to provide coverage for emerging threats from these
technologies.


For a complete list of new and modified rules please see:

https://www.snort.org/advisories
-----BEGIN PGP SIGNATURE-----

iQIcBAEBAgAGBQJmaInUAAoJEMzg39Iewam/8DkP/i705XJ2+6uteW51K0fPgIwL
kvQqWpEX89cKtNKdplB9QGUQpH5Dawyfh0YeLaFl/DucvWK2wFA3+5DlbGqY8jQe
NNslz1ha9yFrC40sUxOBxpSEkf3bf9i0TOsfyirEvzBf6/jcwEysG2ffnZMewr2G
Br6chkjKHWUSBTRAgb7TezsdRHb9nr3ApBZuanSicgQ7M9FAeqs3uK/tPcWP/YBj
y3KMcdY+7fGbcLhPxbqbxjkGtcukWtM/DvcywttD8pocDdGfVOaZyXdRKfxAC9a6
WIkSg6ZtvoOgFaOxuwCNgibjbxGVsjwxYOmIipyX3DGXQjui+mREy9p1D6K70DfB
Vd0URwPle9PC2eXhgLms23jJ5/ddcqZrL6ZRSt3Ya9ePRxX0zHInDYpAYT3khFjA
OzGOQ4zvc5JD/YMHhQLNsANpgirI19MF2d+nQcEttsaOXCMZtGDV6luCnEQkLxZB
XT5mnKeiV2E58ToVjeWP9Tph0x7OHbS803tMWuExg0gEfjvkYXwE2rh/k38m8Fnq
hZKxD+RnAIxdUzlT9PFZlYzXVW/mKYfM6LXMj3Clm5HKj//X8FxH15dnIDGC6W4M
v2GqPyo37wvkb7veW4RAp4Cw/WurQ0hhTX7Qxax//o2kq24vSuUQKvGEd0yuWDG8
QqupwEJZYbSGA4HTPzp1
=N9i8
-----END PGP SIGNATURE-----

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!