Snort Subscriber Rules Update 2025-04-08

[Research via Snort-sigs <snort-sigs () lists snort org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Talos Snort Subscriber Rules Update

Synopsis:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Vulnerability CVE-2025-21247:
A coding deficiency exists in Microsoft MapUrlToZone that may lead to
security feature bypass.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 64652 through 64653,
Snort 3: GID 1, SID 301162.

Microsoft Vulnerability CVE-2025-24035:
A coding deficiency exists in Microsoft Windows Remote Desktop Services
that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SID 64432,
Snort 3: GID 1, SID 64432.

Microsoft Vulnerability CVE-2025-24045:
A coding deficiency exists in Microsoft Windows Remote Desktop Services
that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SID 64432,
Snort 3: GID 1, SID 64432.

Microsoft Vulnerability CVE-2025-24066:
A coding deficiency exists in Microsoft Kernel Streaming Service Driver
that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 64658 through 64659,
Snort 3: GID 1, SID 301164.

Microsoft Vulnerability CVE-2025-24067:
A coding deficiency exists in Microsoft Kernel Streaming Service Driver
that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 64660 through 64661,
Snort 3: GID 1, SID 301165.

Microsoft Vulnerability CVE-2025-24983:
A coding deficiency exists in Microsoft Windows Win32 Kernel Subsystem
that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 64656 through 64657,
Snort 3: GID 1, SID 301163.

Microsoft Vulnerability CVE-2025-24985:
A coding deficiency exists in Microsoft Windows Fast FAT File System
Driver that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 64662 through 64663,
Snort 3: GID 1, SID 301166.

Talos has added and modified multiple rules in the  and server-webapp
rule sets to provide coverage for emerging threats from these
technologies.


For a complete list of new and modified rules please see:

https://www.snort.org/advisories
-----BEGIN PGP SIGNATURE-----

iQIcBAEBAgAGBQJn9W0uAAoJEHB/DbSAg2dxByoP/3YI0narRC5GjMbx6ZUG8psb
atbKANXG2GAfXSH3SQCvWI7VCMHviFc05jL4bgsmVony3t6sNIPWmP8hA0Z2S14W
rslic+wfoJ+9zdx89xzJQw6quNgYqRIO/IPRuHg0LkfHJF3omK+FWJiEupaap4gZ
xTCLjXTW7EGgbu2CiaFD2thaufjQTKlLLNfx9X49r0EkqjbjSFJ1W6E+2W/M4Ogk
E4g6Ih9qQAwUzAxXM7zNscATcj8nL7KpALf6b4rxfg++FWFaNKY1Rc73vhl7hvJx
HWN+F6gysKx5CV5y+QI5N2ZCYsHEGrfUNVjNm12jBYHYH4j5nPJn8zkx0Xzs0Der
W5lqwo0FXqMds4ia05FFygpOyDVvSEf7fyw3IrnqovxWtuvijXu6TOhKThF8qsaH
m6FvAoucHQVhNjTA0nIWoNIEGWXe92WBYhZ6Pd42vZQujuSKJWMSHlJx7hY2FnVa
VpA90fIC0Ri86iAUarhpB/ds/nAvphl6N5NTisfRhpaXinqw/sz4ZIpDuZBiFr9i
MBiquS9p+Yzhz6vRpT253vEYD0Nxslm+rQ0XxQlS6+X3jE5ZvXE58tXrAfTwi6cq
WRaW1OlqTd7epQkCoi9GppWNcrIiJWwxPYhuadYquM5TXTk3GIBjxylC5wCOlKdT
pSIhdx2KRGP4TFYRKMWP
=vrw4
-----END PGP SIGNATURE-----

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!