Snort Subscriber Rules Update 2024-07-09

[Research via Snort-sigs <snort-sigs () lists snort org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Talos Snort Subscriber Rules Update

Synopsis:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Vulnerability CVE-2024-38021:
A coding deficiency exists in Microsoft Office that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 63693 through 63694,
Snort 3: GID 1, SIDs 63693 through 63694.

Microsoft Vulnerability CVE-2024-38052:
A coding deficiency exists in Microsoft Kernel Streaming WOW Thunk
Service Driver that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 63699 through 63700,
Snort 3: GID 1, SID 300961.

Microsoft Vulnerability CVE-2024-38054:
A coding deficiency exists in Microsoft Kernel Streaming WOW Thunk
Service Driver that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 63699 through 63700,
Snort 3: GID 1, SID 300961.

Microsoft Vulnerability CVE-2024-38059:
A coding deficiency exists in Microsoft Win32k that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 63687 through 63688,
Snort 3: GID 1, SID 300958.

Microsoft Vulnerability CVE-2024-38080:
A coding deficiency exists in Microsoft Windows Hyper-V that may lead
to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 63689 through 63690,
Snort 3: GID 1, SID 300959.

Microsoft Vulnerability CVE-2024-38085:
A coding deficiency exists in Microsoft Windows Graphics Component that
may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 63697 through 63698,
Snort 3: GID 1, SID 300960.

Talos also has added and modified multiple rules in the file-office,
file-other, malware-cnc, os-windows and server-webapp rule sets to
provide coverage for emerging threats from these technologies.


For a complete list of new and modified rules please see:

https://www.snort.org/advisories
-----BEGIN PGP SIGNATURE-----

iQIcBAEBAgAGBQJmjXlEAAoJEMzg39Iewam/PMkP/2k+Rr7dMTf/CtuzIRnE2uX4
OjmjkZaTTjpzLTAO+QK9uvCcNSGzNXc+adc3avRS5bWI1trvgT3iqlTi98Sx+o1o
Dx5M4Ahrl8hoVQhulMoczFQ8yUeTsPBDXCNJepv5VQcH1d0UIff5mPkxvGWXFGgA
+RzRD0RM0V9YuEOWu+USwDH+udSdPkkPBlioovNgLzf9aan++BZZHx3uV9qgYJKu
7kaTUmroNM9e/0I7S+RW2qYpTM93QKfQkAjZO4+kwG+eDzSaiLcnCMiJBdSuuFKF
u90pKk1s6BHTYUzVHNdkU1pF/TRR+yse+rW+dQ/EO/d0H2myILBM5WICsx2eiwKK
E02FfbuvlLU2+OQT54M+j9RDH5xfseaQ1X++LBgydGpcaKoFd9XEINVoJwTqlMMB
bo5AhlkkaY02UmLvKI3PFHeDsijpcP/xEiZScYIzNRduLSZnCB1ecwYCAtNceA2o
Cmqx7HpaGkfZMtZLhDqtS0LRc6bzJzIOUH7CFrCKlqObw/9/6mCUIdA6gP2Ij0GC
G3RDetnibZadVSb7st6ycCapicPq8oLodk2rdgahzRW5Ka60S21/yRtiiCmETSPt
u0vrieo3cFUuG2QWiVaoEikQte2Vq2usp/3WQES74D4KXDQ+14x5lEq3Sdfrq0Ff
trrTpKLEilE7AhLDCEMz
=67z8
-----END PGP SIGNATURE-----

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!