Snort Subscriber Rules Update 2025-06-10

[Research via Snort-sigs <snort-sigs () lists snort org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Talos Snort Subscriber Rules Update

Synopsis:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Vulnerability CVE-2025-32713:
A coding deficiency exists in Microsoft Windows Common Log File System
Driver that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SID 1:65038, 1:65039,
Snort 3: GID 1, SID 1:301253.

Microsoft Vulnerability CVE-2025-32714:
A coding deficiency exists in Microsoft Windows Installer that may lead
to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SID 1:65040, 1:65041,
Snort 3: GID 1, SID 1:301254.

Microsoft Vulnerability CVE-2025-33053:
A coding deficiency exists in Microsoft Web Distributed Authoring and
Versioning (WEBDAV) that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SID 1:65042, 1:65043,
Snort 3: GID 1, SID 1:301255.

Microsoft Vulnerability CVE-2025-33070:
A coding deficiency exists in Microsoft Windows Netlogon that may lead
to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SID 1:55802, 1:56290, 1:65030,
Snort 3: GID 1, SID 1:301220, 1:55802, 1:56290.

Microsoft Vulnerability CVE-2025-33071:
A coding deficiency exists in Microsoft Windows KDC Proxy Service
(KPSSVC) that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SID 1:65037,
Snort 3: GID 1, SID 1:65037.

Microsoft Vulnerability CVE-2025-47162:
A coding deficiency exists in Microsoft Office that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SID 1:65031, 1:65032,
Snort 3: GID 1, SID 1:301250.

Microsoft Vulnerability CVE-2025-47164:
A coding deficiency exists in Microsoft Office that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SID 1:65033, 1:65034,
Snort 3: GID 1, SID 1:301251.

Microsoft Vulnerability CVE-2025-47167:
A coding deficiency exists in Microsoft Office that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SID 1:65035, 1:65036,
Snort 3: GID 1, SID 1:301252.

Talos has added and modified multiple rules in the deleted, file-office
and server-webapp rule sets to provide coverage for emerging threats
from these technologies.


For a complete list of new and modified rules please see:

https://www.snort.org/advisories
-----BEGIN PGP SIGNATURE-----

iQIcBAEBAgAGBQJoSKX/AAoJEHB/DbSAg2dxRZUQAJN5DLYlzqrsM3zR5GnmCWtw
oJH23G6ipcSbD3m77sXC9rA5mqKEu/Bjr+WvCDY39ozieO9LYl/oH4E/K/nlPCuh
f87idZ7zSO3IzV5RAY3fCmFH+GGRIVJM+JyvfIXZIBjCWwL8nyRNEvA/EdGzOevd
W2XP0lTmeM8Ty6NZS1PPo1LRIKuvbisTMB4OPzbmGQeFOSTVjQ3ErPmpdJsE0EPr
GX1iqzRsYEUenYwDeOODz86cJBaXWklj8hVLSjtxLG9mpZqmJPKoNMrTkLwQWwf1
bvam5Sa19pbmu5dfKjwstbiqpu1y5X829ag8GW7ZlEsBYADxlZP4G3r7ESdmGmN1
zLZALHwUcagJbjeCPi71nxI2gGyz6k+vawS+M3O5jKJZm8Y2ijFZ0xmk5TOn9NZD
RXHO+MrKOAIgMgSN28HRuhqZQEwu8xa3XM7IlJX7YG5bd9lt2NvYkdfi9toEwDzX
AL2gqdqG95M6vjJdFQphzDJ5lo/ESr6gqmsd53m2q1jkP9Bpo4JOGeG3a14jW9Q6
DzMkKMI2o3Sn56L+EjAfqe0IMG7GiyyJLmIiHRHAKkAAMjTx1K8auuduMDek5eM7
LIHPNUIc3SRgpQdWJFM+qNEx+c9bEAtfGJqMLr6yv85GqNo+1g1Xll8TvF+lsq+V
GcstTCAFmH9Se8rNVFue
=9dWD
-----END PGP SIGNATURE-----

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!