Snort Subscriber Rules Update 2025-07-08

[Research via Snort-sigs <snort-sigs () lists snort org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Talos Snort Subscriber Rules Update

Synopsis:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Vulnerability CVE-2025-47981:
A coding deficiency exists in Microsoft SPNEGO Extended Negotiation
(NEGOEX) Security Mechanism that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SID 65105, 65106,
Snort 3: GID 1, SID 65105, 65106.

Microsoft Vulnerability CVE-2025-47987:
A coding deficiency exists in Microsoft Credential Security Support
Provider Protocol (CredSSP) that may lead to an escalation of
privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SID 65100, 65101,
Snort 3: GID 1, SID 301270.

Microsoft Vulnerability CVE-2025-48799:
A coding deficiency exists in Microsoft Windows Update Service that may
lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SID 65098, 65099,
Snort 3: GID 1, SID 301269.

Microsoft Vulnerability CVE-2025-49695:
A coding deficiency exists in Microsoft Office that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SID 65096, 65097,
Snort 3: GID 1, SID 301268.

Microsoft Vulnerability CVE-2025-49696:
A coding deficiency exists in Microsoft Office that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SID 64435, 64436,
Snort 3: GID 1, SID 301114.

Microsoft Vulnerability CVE-2025-49701:
A coding deficiency exists in Microsoft SharePoint that may lead to
remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SID 65107,
Snort 3: GID 1, SID 65107.

Microsoft Vulnerability CVE-2025-49704:
A coding deficiency exists in Microsoft SharePoint that may lead to
remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SID 65092,
Snort 3: GID 1, SID 65092.

Microsoft Vulnerability CVE-2025-49718:
A coding deficiency exists in Microsoft SQL Server that may lead to an
information disclosure.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SID 65102, 65103,
Snort 3: GID 1, SID 65102, 65103.

Microsoft Vulnerability CVE-2025-49724:
A coding deficiency exists in Microsoft Windows Connected Devices
Platform Service that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SID 65104,
Snort 3: GID 1, SID 65104.

Microsoft Vulnerability CVE-2025-49727:
A coding deficiency exists in Microsoft Win32k that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SID 65112, 65113,
Snort 3: GID 1, SID 301272.

Microsoft Vulnerability CVE-2025-49744:
A coding deficiency exists in Microsoft Windows Graphics Component that
may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SID 65110, 65111,
Snort 3: GID 1, SID 301271.

Talos also has added and modified multiple rules in the file-office,
os-linux, os-windows, server-mssql and server-webapp rule sets to
provide coverage for emerging threats from these technologies.


For a complete list of new and modified rules please see:

https://www.snort.org/advisories
-----BEGIN PGP SIGNATURE-----

iQIbBAEBAgAGBQJobX81AAoJEHB/DbSAg2dxhWgP9RbRx88Bn4nFfOwy4kDe9b2e
t3Gp0FY5oV8FAefB6PYZ3DBnPZzCUnPmqdGnNAOCYm1ZhgXQ/+Ak69zaYTELDK/f
L8oS1QFVxHekjS/d6V/IZfhG8GYq+JUZJ6rd10fcE/Svkyz2kHhzyWRbqKrM2UbD
bzvkmb5Kq3uLv7R8eCRHyo4Y133bZpzzSepqeeQU1vx/0i34NC08YdKHXgRdvMm1
Z83MKf+6dcaqUSUIo1wMCJda6CanSXgKRjH8M8rjB48MZYvYcSDeG9JTm8blKJSc
3e1BVkjyZ2wRYD1YHTEgi4yQgWdAus16QalC1gr5gvYKlV5wfrUukFIBOKaQEGf8
NKPVmxoKmxrLZGST9jAL3K1/eDB5DBs4KGBMrfNVSr2Q8szpAzSsmGJ+qpVXuuz3
NfORq+BQwfrdDxjvoWc9nYGS6qdLP4p9iTbMv/XiVJ0CiAy9mVT1Ulc+htmogTOO
pX934RqwNwrdUQM3YoRBxJ2kxJlPiM2MDTk6GCaAOToGKrl8zXgwwyOmqejf+YUj
KCEWmDovMWm5AfBuk8007EyYOkPzKig0+GEWKf2xLJxK0WhdVUduLoxPo5YVNJSz
QyOPa42jeX7ve47guXVlJUgvgaI1DhVVhLqbSs07GwZuPZFQtnql5XS7NcN2+/0N
aTEUZhVkelB0qtM07P4=
=tjDZ
-----END PGP SIGNATURE-----

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!