Snort Subscriber Rules Update 2024-11-12

[Research via Snort-sigs <snort-sigs () lists snort org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Talos Snort Subscriber Rules Update

Synopsis:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Vulnerability CVE-2024-43451:
A coding deficiency exists in Microsoft Windows SmartScreen that may
lead to spoofing.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 62022 through 62023,
Snort 3: GID 1, SID 300612.

Microsoft Vulnerability CVE-2024-43623:
A coding deficiency exists in Microsoft Windows NT OS Kernel that may
lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 64219 through 64220,
Snort 3: GID 1, SID 301064.

Microsoft Vulnerability CVE-2024-43629:
A coding deficiency exists in Microsoft Windows DWM Core Library that
may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 64221 through 64222,
Snort 3: GID 1, SID 301065.

Microsoft Vulnerability CVE-2024-43630:
A coding deficiency exists in Microsoft Windows Kernel that may lead to
an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 64223 through 64224,
Snort 3: GID 1, SID 301066.

Microsoft Vulnerability CVE-2024-43642:
A coding deficiency exists in Microsoft Windows SMB that may lead to
denial of service.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SID 64234,
Snort 3: GID 1, SID 64234.

Microsoft Vulnerability CVE-2024-49019:
A coding deficiency exists in Microsoft Active Directory Certificate
Services that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SID 64218,
Snort 3: GID 1, SID 64218.

Microsoft Vulnerability CVE-2024-49033:
A coding deficiency exists in Microsoft Word that may lead to security
feature bypass.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SID 64229,
Snort 3: GID 1, SID 64229.

Microsoft Vulnerability CVE-2024-49039:
A coding deficiency exists in Microsoft Windows Task Scheduler that may
lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 64232 through 64233,
Snort 3: GID 1, SID 301073.

Talos has added and modified multiple rules in the malware-cnc,
malware-other, os-other, os-windows, protocol-tftp and server-webapp
rule sets to provide coverage for emerging threats from these
technologies.


For a complete list of new and modified rules please see:

https://www.snort.org/advisories
-----BEGIN PGP SIGNATURE-----

iQIcBAEBAgAGBQJnM9PSAAoJEMzg39Iewam/F/UP/3gGLCQjgiRgXD0L/Dh4MhOL
paTdwW1mpt730gisUx8NBrAOGJeaMjqbMCnKB8KwiFGjd/zdNhweLbFqSV7PbFFa
1BQctDv5xYH2Tpn1gB9xAl6aT7SVvmLEio99yZMh3v0k+rnJgEkaOrHyMZ2oQcEB
o0AdsXxYTNg9tTBxkZjOf2Dj+TrrMeIGvbLkSz9xnEe43jDCm9I15drFVts2VbAm
lu1MM4DMxXtamavw1jDFLPKRlD+OqUIfAh+wYFO4Hg2bSvpV3hYmcr9rIF5DPZ7b
XhoTntMM7ksJgYrmbZCfwzoICFKENZrd9oogGZH5CnJZqUuPqpi6ciHqmBFpN63w
pfl6gI9rmxYmla3iFPrUzI9jmnWquMdngbn+HnEYtAYMhGFDcoHsm1esgH2pBGJb
6kihRypgYuHsvCmt6p6PGgDGPhM6HQkaxIYvd0TBiay98vEZvh3F4zUAc38DU9iX
Hh8//so67q5f4/aIuGfrfGX/EVJ7q0vGjeiHf1HXecpjkPp63p70iYB+u3xavbDV
nUEFVE8xXHpiZ6Na/Ak/W648eOaDyR85rHZRSIICe9uor5b7PPGL16aI1Oll7jMk
XB/uH/GyRGk+WDuBz/ObG2Y0x270RapH505i9bbkA09FIexmWXvNWEe3Dg8KIXjk
9hWziNkfKmQ8HnC31T+s
=/Rzc
-----END PGP SIGNATURE-----

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!