Snort Subscriber Rules Update 2024-12-10

[Research via Snort-sigs <snort-sigs () lists snort org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Talos Snort Subscriber Rules Update

Synopsis:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Vulnerability CVE-2024-49088:
A coding deficiency exists in Microsoft Windows Common Log File System
Driver that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 64308 through 64309,
Snort 3: GID 1, SID 301085.

Microsoft Vulnerability CVE-2024-49090:
A coding deficiency exists in Microsoft Windows Common Log File System
Driver that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 63874 through 63875,
Snort 3: GID 1, SID 300987.

Microsoft Vulnerability CVE-2024-49093:
A coding deficiency exists in Microsoft Windows Resilient File System
(ReFS) that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 64310 through 64311,
Snort 3: GID 1, SID 301086.

Microsoft Vulnerability CVE-2024-49114:
A coding deficiency exists in Microsoft Windows Cloud Files Mini Filter
Driver that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 64313 through 64314,
Snort 3: GID 1, SID 301087.

Microsoft Vulnerability CVE-2024-49122:
A coding deficiency exists in Microsoft Message Queuing (MSMQ) that may
lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SID 64312,
Snort 3: GID 1, SID 64312.

Microsoft Vulnerability CVE-2024-49138:
A coding deficiency exists in Microsoft Windows Common Log File System
Driver that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 64306 through 64307,
Snort 3: GID 1, SID 301084.

Talos also has added and modified multiple rules in the file-identify,
file-image, file-multimedia, indicator-obfuscation, malware-cnc,
malware-other, os-other and server-webapp rule sets to provide coverage
for emerging threats from these technologies.


For a complete list of new and modified rules please see:

https://www.snort.org/advisories
-----BEGIN PGP SIGNATURE-----

iQIcBAEBAgAGBQJnWJGeAAoJEMzg39Iewam/mWIP+gKxL+j3ospjF8hpDzDmw+qk
B1vxpWv+6lH7/NeL0swswY6gaJvjbnhvFmzveBr2/BoAsOGZPInUo8y5iPrNMxyi
AB8iEXAD+u5Mrtbue7n7A/sObJMzg8FNf9BWBA9+rFEPme2kTiV4aNqPCW+gmIU/
WGX+/QR4OXLS28RK53aJZb6zcpLDmrxEcVnL6GfVRhDrAtohqvK0Zq6R+0t7Zdj0
bLZwAfk8S/QkKb80TBKkKfAgPiXzKlOawzcNPozVMJ5efaQu9mBtS171XmEzAlkJ
UjPvDN3ujwcky1db8V4kkTtofiZatBNlkLvIimMa9prfzSVfqIPp4KYJI3uvfcJg
OUq0WZWZDaUsllnzpm6y2K3hQJfr7ocVBSLgezDiVrg9s4Odt557x2rStv61wLOO
hE8V9QV8ZHC5D5dyOrEsnswvwAkHcoNuLnlX4r3kOlpZRzwRrMIz2YgzSTYIBcIu
vjT/+f99rxrCkSwngF7J7QZQpuJw1r9wdL9jA4RIwIWfksyRy47cpEAMJecWWchf
9Sx9VfRzBQ3FRdM5Enw+ypn5YckHZLL08t9S7D2B1A30cptB+ryvgvW2q2nCCTrQ
cJZ8dyFpq3t1D8W6Oplx9H9d2eq0Hny9iDZg3jSzn4CWCnIPxYvyU6B+QiaCBsDA
u4gKzzwDwZdF0cQ+XzoX
=tMyG
-----END PGP SIGNATURE-----

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!