Snort Subscriber Rules Update 2025-11-11

[Research via Snort-sigs <snort-sigs () lists snort org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Talos Snort Subscriber Rules Update

Synopsis:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Vulnerability CVE-2025-59512:
A coding deficiency exists in Microsoft Customer Experience Improvement
Program (CEIP) that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 65500 through 65501,
Snort 3: GID 1, SID 301345.

Microsoft Vulnerability CVE-2025-60705:
A coding deficiency exists in Microsoft Windows Client-Side Caching
that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 65507 through 65508,
Snort 3: GID 1, SID 301347.

Microsoft Vulnerability CVE-2025-60719:
A coding deficiency exists in Microsoft Windows Ancillary Function
Driver for WinSock that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 65496 through 65497,
Snort 3: GID 1, SID 301343.

Microsoft Vulnerability CVE-2025-62213:
A coding deficiency exists in Microsoft Windows Ancillary Function
Driver for WinSock that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 65498 through 65499,
Snort 3: GID 1, SID 301344.

Microsoft Vulnerability CVE-2025-62215:
A coding deficiency exists in Microsoft Windows Kernel that may lead to
an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 65509 through 65510,
Snort 3: GID 1, SID 301348.

Talos has added and modified multiple rules in the malware-cnc,
malware-other, os-windows, policy-other and server-webapp rule sets to
provide coverage for emerging threats from these technologies.


For a complete list of new and modified rules please see:

https://www.snort.org/advisories
-----BEGIN PGP SIGNATURE-----

iQIcBAEBAgAGBQJpE30CAAoJEHB/DbSAg2dxafgQALUt46B8vHlyThFuMu3gUWBJ
32P1TcRy2D/mM14fM779b+sObekk+v9yI107toZPWe+HGLkzLWVoaOSG6WKF3DmM
Pwpi2eVSrhRM4nnoMiDdrqJRsR6iD7N0EyvZfpQmlsOsQE/zwTURmTt2rhTTXLJ6
t3wz4YZvdvfZ4Rp6bnLbziewqZLot2le+y5eq7tJ3eSFUsQl0abnuW9rpFhHNwx0
zCdiQMkUM3gKGQ8Q2pCMGxtVSbTQRq+WBCucrphf8x4nNkXG0buG47wsIPvzEZSc
yGFATxR+84kQSY1nU70zOHvn40nOjdazXghyWVsxuF9W2jziY+NeuPApYl9qlcJy
n7wSYroLacWpK5c/nk1Vs1a8PW0k2cCcU9TuuR9usM3uADIcs2kgAGoNdXeari/a
jBUtvomglcTQ8B0lvF2Ncq7x19XhK/RMaRfZjweFICSPa13Q9d9jjTatkJBf10Gz
ggDVH5L6a0PNSJJRfvbXP5sNmszAclUiwckth5E3xD3YInAcsThTLsnbi3XkMbHK
1DGLHKqa2vZd3ufpfA/0ubGPJEYaeKnL3vdtbCOihsGuxn3LokcXUn0DSXexV3A5
1OcH+ncMrno2IQUa3H357t8/rvN5SJ9qPZQ1kb9AuLljAXTa9VqUN+DEr1bAsmKj
hL9TNNH7HGR1odRe53Yi
=hYhF
-----END PGP SIGNATURE-----

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!