Snort Subscriber Rules Update 2025-02-11

[Research via Snort-sigs <snort-sigs () lists snort org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Talos Snort Subscriber Rules Update

Synopsis:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Vulnerability CVE-2025-21184:
A coding deficiency exists in Microsoft Windows Core Messaging
Elevation of Privileges Vulnerability that may lead to an escalation of
privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 64529 through 64530,
Snort 3: GID 1, SID 301136.

Microsoft Vulnerability CVE-2025-21358:
A coding deficiency exists in Microsoft Windows Core Messaging
Elevation of Privileges Vulnerability that may lead to an escalation of
privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 64531 through 64532,
Snort 3: GID 1, SID 301137.

Microsoft Vulnerability CVE-2025-21376:
A coding deficiency exists in Microsoft Windows Lightweight Directory
Access Protocol (LDAP) that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SID 64545,
Snort 3: GID 1, SID 64545.

Microsoft Vulnerability CVE-2025-21377:
A coding deficiency exists in Microsoft NTLM Hash Disclosure that may
lead to spoofing.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 62022 through 62023,
Snort 3: GID 1, SID 300612.

Microsoft Vulnerability CVE-2025-21391:
A coding deficiency exists in Microsoft Windows Storage that may lead
to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 64541 through 64542,
Snort 3: GID 1, SID 301140.

Microsoft Vulnerability CVE-2025-21400:
A coding deficiency exists in Microsoft SharePoint Server that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 58316 through 58317, 64537,
Snort 3: GID 1, SIDs 58316 through 58317, 64537.

Microsoft Vulnerability CVE-2025-21414:
A coding deficiency exists in Microsoft Windows Core Messaging
Elevation of Privileges Vulnerability that may lead to an escalation of
privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 64539 through 64540,
Snort 3: GID 1, SID 301139.

Talos has added and modified multiple rules in the file-office,
os-windows, server-apache and server-webapp rule sets to provide
coverage for emerging threats from these technologies.


For a complete list of new and modified rules please see:

https://www.snort.org/advisories
-----BEGIN PGP SIGNATURE-----

iQIcBAEBAgAGBQJnq50ZAAoJEMzg39Iewam/R6MQAIGINkhHApTavwNte7upw9Dd
WL3Vx6gnj1Hbg0n7MKj/wUFQnUNMoXuvVeZVjNybxutpgfg30kBEgZfWjaxkS0f8
oCKx3DjTdq/5TF+78XeqQqWfSTLoq1iEVrFFBsuGu9GZR5arRm/ol3qDdfBJaK7H
th3GIMIT/HfWsxX7g7I4/1ahtVPYw9yQDClVHsW2VI+iompJAAc2RaJ76HjxeT5Q
ZU8ts+FdAGmhWMyug+igSByz4Jbg4lDi1IUXH8E6c27OwDThuFuE4slUlAcrfo6J
T8loZsxtUH/sM4L0QbkVWW38KcFnfA4mv9xFhpsGWEppXDUTJ3bIdNuc9STggGDH
ps3fFrcYH88mlKRmO+jp+5C5qphlJm251W0VmST7lKzdG7eimDoUnKHSHdt8gnyH
PKXwLEOeKoE/tMI6dbAeGEOhTz4ho3oI1ebieaD6ccd1m3iyfL4guoP4Azs6GBBc
ZHmTQY4o8/PvxvDdlicrBM/l4PGYbdhfjcS+Ah2HrlZEFqYrUEUsLyRqy3kBBR7d
/aDKBiYT2dEybAXgqxatFbr01gSM6jC7GvIuT7djYnpWpbTyrgwIV2Np5g1eOgxz
jb6piqZtzQLTu+A4GoYtDj2i0PNJ7/6s+vCM1YaJ7TN2TDzfj/G5ncdF3q8QM5Ca
xbvhjCCmaSq+ux81I7+T
=s19/
-----END PGP SIGNATURE-----

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!