Snort Subscriber Rules Update 2025-05-13

[Research via Snort-sigs <snort-sigs () lists snort org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Talos Snort Subscriber Rules Update

Synopsis:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Vulnerability CVE-2025-24063:
A coding deficiency exists in Microsoft Kernel Streaming Service Driver
that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SID 1:64848, 1:64849,
Snort 3: GID 1, SID 1:301192.

Microsoft Vulnerability CVE-2025-29841:
A coding deficiency exists in Microsoft Universal Print Management
Service that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SID 1:64850, 1:64851,
Snort 3: GID 1, SID 1:301193.

Microsoft Vulnerability CVE-2025-29971:
A coding deficiency exists in Microsoft Web Threat Defense (WTD.sys)
that may lead to denial of service.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SID 1:64852, 1:64853,
Snort 3: GID 1, SID 1:64852, 1:64853.

Microsoft Vulnerability CVE-2025-30377:
A coding deficiency exists in Microsoft Office that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SID 1:64858, 1:64859,
Snort 3: GID 1, SID 1:301196.

Microsoft Vulnerability CVE-2025-30386:
A coding deficiency exists in Microsoft Office that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SID 1:64866, 1:64867,
Snort 3: GID 1, SID 1:301200.

Microsoft Vulnerability CVE-2025-30388:
A coding deficiency exists in Microsoft Windows Graphics Component that
may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SID 1:64854, 1:64855,
Snort 3: GID 1, SID 1:301194.

Microsoft Vulnerability CVE-2025-30397:
A coding deficiency exists in Microsoft Scripting Engine Memory
Corruption Vulnerability that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SID 1:64856, 1:64857,
Snort 3: GID 1, SID 1:301195.

Microsoft Vulnerability CVE-2025-30400:
A coding deficiency exists in Microsoft DWM Core Library that may lead
to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SID 1:64862, 1:64863,
Snort 3: GID 1, SID 1:301198.

Microsoft Vulnerability CVE-2025-32701:
A coding deficiency exists in Microsoft Windows Common Log File System
Driver that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SID 1:64864, 1:64865,
Snort 3: GID 1, SID 1:301199.

Microsoft Vulnerability CVE-2025-32706:
A coding deficiency exists in Microsoft Windows Common Log File System
Driver that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SID 1:64860, 1:64861,
Snort 3: GID 1, SID 1:301197.

Microsoft Vulnerability CVE-2025-32709:
A coding deficiency exists in Microsoft Windows Ancillary Function
Driver for WinSock that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SID 1:64882, 1:64883,
Snort 3: GID 1, SID 1:301203.

Talos has added and modified multiple rules in the browser-ie,
file-image, file-office, malware-cnc, malware-other, os-windows and
server-webapp rule sets to provide coverage for emerging threats from
these technologies.


For a complete list of new and modified rules please see:

https://www.snort.org/advisories
-----BEGIN PGP SIGNATURE-----

iQIcBAEBAgAGBQJoI4LvAAoJEHB/DbSAg2dxT7wQAIJKftA4bNWQ7mEVW/0IFcvK
DP+8QyIqsqPzgX03N8E1VwTo12pNfjCW5UbNja2rWbkISKtrYMtM0tl8Hx2y4c4C
NLdJq9r4zbXDmTahIXAf7NJCnX94NOUt+tlW8AaPiB7+uvyvYNmLvbsIuEa9CuuX
6hkz+Ba45XbTFREgp64q0hGuFcPhwMdZxcPToHOo+UIrh5dqOasB7qSei1oa2O1o
MZ1KRsD15lbyiw2XuH/UNzbigOxMyT4cm8U+Bnx5isJmorr4ssc596nDYNmuR/4O
GdtGTamWoBe7GsK5C19Py9977JCpxOjLCVvgmd9ZVAcXAnPgg/o/tSIO2KGSUfXb
X8XeU/mcsmmzMZlY5nrIGRR1HE8s76l0CqmzXJBTiFy5aoKU0gRERSWJGgWd8LXt
7ZD0laegOcy1DCLOUrChj9MyPdliYTQLvd4P5M0FlSx6z8zzhDP3/d9TsN0tPtgi
CPIWv+2JE2K17J160y6+chaRgEQXhBza/doxtpqV7qvZprgROajxcvqzxsbDVQH1
t7pBgjD7U+8e1sguixS8qS2y2G5CjN66gLDv6DV3bvceseKkn02pu0b50oWj7YP8
9kmEUKR/OUvHQFlEVratv7q7kVVAYZaqoAGVx3bfjRVjB94AfotlAloL/q3wOpB3
L2TD1rxwd8L3f/YbYrh4
=GAnS
-----END PGP SIGNATURE-----

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!