Snort Subscriber Rules Update 2025-03-11

[Research via Snort-sigs <snort-sigs () lists snort org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Talos Snort Subscriber Rules Update

Synopsis:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Vulnerability CVE-2025-21247:
A coding deficiency exists in Microsoft MapUrlToZone that may lead to
security feature bypass.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 64652 through 64653,
Snort 3: GID 1, SID 301162.

Microsoft Vulnerability CVE-2025-24035:
A coding deficiency exists in Microsoft Windows Remote Desktop Services
that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SID 64432,
Snort 3: GID 1, SID 64432.

Microsoft Vulnerability CVE-2025-24045:
A coding deficiency exists in Microsoft Windows Remote Desktop Services
that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SID 64432,
Snort 3: GID 1, SID 64432.

Microsoft Vulnerability CVE-2025-24066:
A coding deficiency exists in Microsoft Kernel Streaming Service Driver
that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 64658 through 64659,
Snort 3: GID 1, SID 301164.

Microsoft Vulnerability CVE-2025-24067:
A coding deficiency exists in Microsoft Kernel Streaming Service Driver
that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 64660 through 64661,
Snort 3: GID 1, SID 301165.

Microsoft Vulnerability CVE-2025-24983:
A coding deficiency exists in Microsoft Windows Win32 Kernel Subsystem
that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 64656 through 64657,
Snort 3: GID 1, SID 301163.

Microsoft Vulnerability CVE-2025-24985:
A coding deficiency exists in Microsoft Windows Fast FAT File System
Driver that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 64662 through 64663,
Snort 3: GID 1, SID 301166.

Talos has added and modified multiple rules in the browser-ie,
file-pdf, malware-cnc, os-windows and server-webapp rule sets to
provide coverage for emerging threats from these technologies.


For a complete list of new and modified rules please see:

https://www.snort.org/advisories
-----BEGIN PGP SIGNATURE-----

iQIcBAEBAgAGBQJn0KzZAAoJEMzg39Iewam/ng0P/R4AR7FocXRi03BhighMemud
RbriX9grfOLvse1JIxxgSyNISB6J2D+wo9I659pmXNvOn/U26nsyYBK/RZFbk65m
nAyUC+71R+XNb8IRYodr70JKxMFalI0SGKg7o1ACUjonwlkt2nN4kgVcwIqpvz1r
Z0Bp2BVejGuHtBswfPzRamgf8LsXc32meFY16dC6G7sVSsog2ltzmzM2XsqBGV+g
rhKkIYkIsHngCAdh2j8FaO9x2DoQ3mGiqr7j1VDiwi1KyAt3K4dstaDh1fD5RnfD
5oagB1vru9XzMoIz5U/8uPDj5nyHkjIG0nkpLdwQsx6SblVbdKK8eZaYdpSWmWIC
HWIBeUhw0s9QVjM90VG2i6r2+25wum5J43CzSyOyvPlhpWFII5s5gGXpMgsDhz48
xdQ68EVhzuVSkgb9PSwoqErYIWYoUAkg84dTkAQjgpGtjqD1GEPje4tzrX/lBe7z
4XEnKTFKJvcKKc2F/zmOZ+7AWhos65M+ph2kQlRxiLueqLazq9qK87VKVHXKdt67
hWw3WPSwmAnMJPnbHcPoVlbkHn1sDD9w6uyZXT0fKYrFnUmvIPPfozBRWND6/eNU
MFZLe24Hz/MeeLePUkvcXmlhNRYxm1IF8ix+tevS2d+Zw9kn67cOH5yVBFziypRQ
soRRiiwd1jsNARPq3AyW
=eOLL
-----END PGP SIGNATURE-----

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!