Snort Subscriber Rules Update 2024-09-10

[Research via Snort-sigs <snort-sigs () lists snort org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Talos Snort Subscriber Rules Update

Synopsis:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Vulnerability CVE-2024-38217:
A coding deficiency exists in Microsoft Windows Mark of the Web that
may lead to security feature bypass.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 63983 through 63984,
Snort 3: GID 1, SID 301009.

Microsoft Vulnerability CVE-2024-38237:
A coding deficiency exists in Microsoft Kernel Streaming WOW Thunk
Service Driver that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 63987 through 63988,
Snort 3: GID 1, SID 301010.

Microsoft Vulnerability CVE-2024-38238:
A coding deficiency exists in Microsoft Kernel Streaming Service Driver
that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 63989 through 63990,
Snort 3: GID 1, SID 301011.

Microsoft Vulnerability CVE-2024-38241:
A coding deficiency exists in Microsoft Kernel Streaming Service Driver
that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 63991 through 63992,
Snort 3: GID 1, SID 301012.

Microsoft Vulnerability CVE-2024-38242:
A coding deficiency exists in Microsoft Kernel Streaming Service Driver
that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 63993 through 63994,
Snort 3: GID 1, SID 301013.

Microsoft Vulnerability CVE-2024-38243:
A coding deficiency exists in Microsoft Kernel Streaming Service Driver
that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 63978 through 63979,
Snort 3: GID 1, SID 301008.

Microsoft Vulnerability CVE-2024-38244:
A coding deficiency exists in Microsoft Kernel Streaming Service Driver
that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 63978 through 63979,
Snort 3: GID 1, SID 301008.

Microsoft Vulnerability CVE-2024-38245:
A coding deficiency exists in Microsoft Kernel Streaming Service Driver
that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 63978 through 63979,
Snort 3: GID 1, SID 301008.

Microsoft Vulnerability CVE-2024-43461:
A coding deficiency exists in Microsoft Windows MSHTML Platform that
may lead to spoofing.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 63980 through 63982,
Snort 3: GID 1, SIDs 63980 through 63982.

Talos has added and modified multiple rules in the browser-ie,
malware-other, os-windows and server-webapp rule sets to provide
coverage for emerging threats from these technologies.


For a complete list of new and modified rules please see:

https://www.snort.org/advisories
-----BEGIN PGP SIGNATURE-----

iQIcBAEBAgAGBQJm4JZ6AAoJEMzg39Iewam/p1IP/2q6eX5M2eoWB1Bq7SiqkdU0
bbn2aL5LmB/Oxl1aH/8SKKZEEJ88Uo/ljNT8HxyWzGsDSPXw/H9Ag8F7ssHEWIpY
FC141LpGJB/4isJXUAk5beJjkYUQYPwY7Pt62zStsUBSxligwiHvbpId2yO1mUal
6uEob6VfoeWu1LtFLU9IBl63FVaDt+qdvCnZGyhDO+fl6JqqBSJeTePj2RIysSHr
xCuFvL+edx8pPx+phVq0mX2cVf4tmsdksouloVvC2GSIzX7LcwZ8aTz/18gfa0Zk
9BngtjFeVbWbYfIdbW5jLd7Ir8lRghmD/hmv7Hoc0Uk+erPWRs+puE5YPdXg3JNB
eW2W1EjqjBmPmWvoAdtYHJ7E7Y9AwYp1uFSG/FYXiZkH7MEJCNak6jtdow++JC5/
6PRA0jVV0ym5gQCj+a+pMKDFhVQIB+GdFWSQ8sj0ob1BZWzU9EqDh+9QKhCLDjkJ
C7/MLSewiZ2pYO+3UnTm3vT4k0IoiJccdodtmhEpiN6t74x5N+7c0yHJVz8ouy9L
aQoJRR6VBzw62+EzGAZycG57BkdsKvO6FbROJHHwq2p8iZeaGi3TawcOXNvZpWvp
I4wzUQRjb0UmDLGV4/uHALichcE8EwUgLYIj1J0elaMHbRKn9xt15X2+koLRu5gI
4tenDhz3PspwvTx0RsJv
=VRli
-----END PGP SIGNATURE-----

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!