Snort Subscriber Rules Update 2025-01-14

[Research via Snort-sigs <snort-sigs () lists snort org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Talos Snort Subscriber Rules Update

Synopsis:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Vulnerability CVE-2025-21189:
A coding deficiency exists in Microsoft MapUrlToZone that may lead to
security feature bypass.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 64454 through 64455,
Snort 3: GID 1, SID 301122.

Microsoft Vulnerability CVE-2025-21219:
A coding deficiency exists in Microsoft MapUrlToZone that may lead to
security feature bypass.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 64456 through 64457,
Snort 3: GID 1, SID 301123.

Microsoft Vulnerability CVE-2025-21269:
A coding deficiency exists in Microsoft Windows HTML Platforms that may
lead to security feature bypass.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 64452 through 64453,
Snort 3: GID 1, SID 301121.

Microsoft Vulnerability CVE-2025-21292:
A coding deficiency exists in Microsoft Windows Search Service that may
lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 64448 through 64449,
Snort 3: GID 1, SID 301119.

Microsoft Vulnerability CVE-2025-21299:
A coding deficiency exists in Microsoft Windows Kerberos that may lead
to security feature bypass.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 64446 through 64447,
Snort 3: GID 1, SID 301118.

Microsoft Vulnerability CVE-2025-21309:
A coding deficiency exists in Microsoft Windows Remote Desktop Services
that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SID 64432,
Snort 3: GID 1, SID 64432.

Microsoft Vulnerability CVE-2025-21315:
A coding deficiency exists in Microsoft Brokering File System that may
lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 64450 through 64451,
Snort 3: GID 1, SID 301120.

Microsoft Vulnerability CVE-2025-21354:
A coding deficiency exists in Microsoft Excel that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 64444 through 64445,
Snort 3: GID 1, SID 301117.

Microsoft Vulnerability CVE-2025-21362:
A coding deficiency exists in Microsoft Excel that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 64435 through 64436,
Snort 3: GID 1, SID 301114.

Microsoft Vulnerability CVE-2025-21365:
A coding deficiency exists in Microsoft Office that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 64433 through 64434,
Snort 3: GID 1, SID 301113.

Talos has added and modified multiple rules in the file-office,
file-other, malware-cnc, malware-other, os-windows and server-webapp
rule sets to provide coverage for emerging threats from these
technologies.


For a complete list of new and modified rules please see:

https://www.snort.org/advisories
-----BEGIN PGP SIGNATURE-----

iQIcBAEBAgAGBQJnhsu7AAoJEMzg39Iewam/Qm8P/0mcXOQ7qStzvu3/WRCGm2au
DKhrRpX789LAfJIxXDBhFoM6xEhfKEdZ9ENjtreI7X4aUX/2fVLKuzDi7WugZVNI
u4mhaAMdyvpH/vpXVEvH12OmGvpzza7DMipOFZIV0RfYEbtYos/l1pDwD/i1hA4b
NA2rsSQ3PCuuxjdZ3SHgrwdEZdisY2Dt7uQS9cr495w/g949JQYyX/eTwnJUS6tb
NqYAfsQZsWfJztV5U/QTja1SlcfN299qJvvNpke6PVmwJqNZO7sp8eToUek4LAQM
lx3O2f7RUkIL5/KaIIou03QIufTOihYFK9QH8Da6qGB7KrzmM0zKrpuI69S83YCk
Ka2uEOKuCOb3T0rhgQKZ7aL2r/DwK+u/CZ3wm9VoUvIzp4Zrmw+4hOReiBjgJ1GT
qKgZpTGsFzNViUVhRjwo4CDLKCzvVRjWS9K/TVW+sZIWh02AzJTLCF4yrlIDcJE8
LXaiA6/jB2PXJ8yeST9FyABu8wOT1huxTYcOF7tVpgtO+mirvqrH2U3+y1uM78qc
6+i7GQbn/KsCT/9NcRobWo74qBFMghY7W+MUzBQswxTAew0Wx90QJU/rkwdZ4tKb
xzpF2LmfE95rcYWkOhznuflTZyE8G86FDFmyhRY1H9Uf2/RApgwYyl2/SOX7mjdt
xlirR/tjPCK1NNtJxq0u
=/tk4
-----END PGP SIGNATURE-----

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!