Snort Subscriber Rules Update 2024-10-08

[Research via Snort-sigs <snort-sigs () lists snort org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Talos Snort Subscriber Rules Update

Synopsis:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Vulnerability CVE-2024-43502:
A coding deficiency exists in Microsoft Windows Kernel that may lead to
an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 64083 through 64084,
Snort 3: GID 1, SID 301034.

Microsoft Vulnerability CVE-2024-43560:
A coding deficiency exists in Microsoft Windows Storage Port Driver
that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 64111 through 64112,
Snort 3: GID 1, SID 301041.

Microsoft Vulnerability CVE-2024-43572:
A coding deficiency exists in Microsoft Management Console that may
lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 64085 through 64086,
Snort 3: GID 1, SID 301035.

Microsoft Vulnerability CVE-2024-43573:
A coding deficiency exists in Microsoft Windows MSHTML Platform that
may lead to spoofing.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 64089 through 64090,
Snort 3: GID 1, SID 301036.

Talos has added and modified multiple rules in the malware-other,
os-other, os-windows and server-webapp rule sets to provide coverage
for emerging threats from these technologies.


For a complete list of new and modified rules please see:

https://www.snort.org/advisories
-----BEGIN PGP SIGNATURE-----

iQIcBAEBAgAGBQJnBXm9AAoJEMzg39Iewam/r3wQAIONiiZBVjP9f07/V87uL1DB
s7lAyXChmJU2Zce2Ut24aJn2P09lPL8Tr8w2DfdCBnUqxyp5Xmpj3zThMeABnRE4
W0Aj2Qivk7rKDOvKqhav1E3cRcJ8MktHCXucfvZmjX10H3OyN6zAy2D+qSFakWml
b/k+2QfcDL6OkE2AYjspkA/XRVH8PA0M6Mnq6mgRg2DSm+amRiwNAXkTRomCAmT3
fD5gx5+wnrVehZq8v5ftOeme2I12BQ5b8Y8Et+hNXnpnbDmhomEWTQEk9ovJm7Fx
8CGPkrIb0mT6L2eNkhvkf08QCBLtwG0NA6kuvoTJ4vsdyuSGWjZDv6P5X6cYvHjM
SVFrcYJsvGEfkmAWy+QeeX8B8LlMKovpnYkaUFcbFdhhu19Ie4j2ZfABIcraDyGs
BZq6y78Z1vmF6npt97hlCguRAHzi1MOgz73zIWJNRkNUDmWl5ktixjMJ86GzSTKj
EVNvX7KxgqYl/upDUbLGtaWmxvUbBs9A0wd3sDQa33JSIrCrPmZKdz05AX2dXpBm
AU+J9K061Bw6Qg+UAXIiHh2qqE/uJz8Gih9WeAh7W1NTDTsE3gzDEVjsAIl9IYZt
CbwLJGwQ1dyvNa+o3Ds2rpTuadpUz8DuRkDu10f/p9VCr4xGaiD72OwqI5MnXaBM
6Dm6jE5/YQsITDcgQFJu
=okZR
-----END PGP SIGNATURE-----

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!