Snort Subscriber Rules Update 2024-08-13

[Research via Snort-sigs <snort-sigs () lists snort org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Talos Snort Subscriber Rules Update

Synopsis:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Vulnerability CVE-2024-38106:
A coding deficiency exists in Microsoft Windows Kernel that may lead to
an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 63866 through 63867,
Snort 3: GID 1, SID 300983.

Microsoft Vulnerability CVE-2024-38125:
A coding deficiency exists in Microsoft Kernel Streaming WOW Thunk
Service Driver that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 63872 through 63873,
Snort 3: GID 1, SID 300986.

Microsoft Vulnerability CVE-2024-38141:
A coding deficiency exists in Microsoft Windows Ancillary Function
Driver for WinSock that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 63858 through 63859,
Snort 3: GID 1, SID 300980.

Microsoft Vulnerability CVE-2024-38144:
A coding deficiency exists in Microsoft Kernel Streaming WOW Thunk
Service Driver that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 63860 through 63861,
Snort 3: GID 1, SID 300981.

Microsoft Vulnerability CVE-2024-38147:
A coding deficiency exists in Microsoft DWM Core Library that may lead
to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 63868 through 63869,
Snort 3: GID 1, SID 300984.

Microsoft Vulnerability CVE-2024-38148:
A coding deficiency exists in Microsoft Windows Secure Channel that may
lead to denial of service.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SID 63878,
Snort 3: GID 1, SID 63878.

Microsoft Vulnerability CVE-2024-38150:
A coding deficiency exists in Microsoft Windows DWM Core Library that
may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 63876 through 63877,
Snort 3: GID 1, SID 300988.

Microsoft Vulnerability CVE-2024-38178:
A coding deficiency exists in Microsoft Scripting Engine Memory
Corruption Vulnerability that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 63864 through 63865,
Snort 3: GID 1, SID 300982.

Microsoft Vulnerability CVE-2024-38193:
A coding deficiency exists in Microsoft Windows Ancillary Function
Driver for WinSock that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 63870 through 63871,
Snort 3: GID 1, SID 300985.

Microsoft Vulnerability CVE-2024-38196:
A coding deficiency exists in Microsoft Windows Common Log File System
Driver that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 63874 through 63875,
Snort 3: GID 1, SID 300987.

Talos also has added and modified multiple rules in the browser-ie,
file-pdf, malware-cnc, os-windows and server-webapp rule sets to
provide coverage for emerging threats from these technologies.


For a complete list of new and modified rules please see:

https://www.snort.org/advisories
-----BEGIN PGP SIGNATURE-----

iQIcBAEBAgAGBQJmu6wQAAoJEMzg39Iewam/4eIP/3guPcAJ6mhkJn6D3xUKvn9J
vqn6Rx1ggJMq+n4WcHAhNzzpEhmfczBsaFD6tTAs3lNkNv7gXWVjGUQHj/wDA6e1
R4MenEf3TAvUaWMSQSefTEXuPqdssfyL/C+6Iu5pOxkqdoOvF0e1IrexXznmAr44
NrmNcl4JEyqfO4c/g5bCAOruPr855dr0g97TnDmK7Yyh3ab6IvcXE7mKUFOj8TLq
pVl12I9xvGSpH9bPW9TLac0Fn8X+JM9HCY/6nW4VQde84RC8F4KAl6qjvab8Nuuy
ypclM+AsScscKVhHp+jj9hOkMEp/xTJX1GjL9wNYkycr8cDm9DxFFC3sbZ07j5zu
HyJOHkAEtchuscT2zey6HfEHPXxr/3eJCHD5g46OENv7TrSIeEwT1+NWzdGQQap9
oa4MswclL1m5yxnk4k+PsqdBAX9WHoxhT8Fv1WqUqEWQkK4YAD6Ex1jjqtdrbBdH
dMmpExDsiU55LQKDoNWY2VLjJmjEt/TSSYh1TZ0fQR/AWu3aZ7GE4AKQz74NvQnR
vjgN8N2ByB7vdX+NTm1ixcNbs48ISL3HQG3Tbf26yN5agxJ7GQd+E34W9oesVmM2
yArk17nOkwj1t3+ePm1vxXdP4xDqcKkFsoS1vjVVb815DU8Z7CTEK92PE8TUcYdP
9eSF3OLtMr3MNUXgJC57
=v4H7
-----END PGP SIGNATURE-----

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!