Snort Subscriber Rules Update 2025-10-14

[Research via Snort-sigs <snort-sigs () lists snort org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Talos Snort Subscriber Rules Update

Synopsis:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Vulnerability CVE-2025-24052:
A coding deficiency exists in Microsoft Windows Agere Modem Driver that
may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 65391 through 65392,
Snort 3: GID 1, SID 301325.

Microsoft Vulnerability CVE-2025-24990:
A coding deficiency exists in Microsoft Windows Agere Modem Driver that
may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 65391 through 65392,
Snort 3: GID 1, SID 301325.

Microsoft Vulnerability CVE-2025-48004:
A coding deficiency exists in Microsoft Brokering File System that may
lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 65393 through 65394,
Snort 3: GID 1, SID 301326.

Microsoft Vulnerability CVE-2025-55680:
A coding deficiency exists in Microsoft Windows Cloud Files Mini Filter
Driver that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 65395 through 65396,
Snort 3: GID 1, SID 301327.

Microsoft Vulnerability CVE-2025-55681:
A coding deficiency exists in Microsoft Desktop Windows Manager that
may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 65409 through 65410,
Snort 3: GID 1, SID 301334.

Microsoft Vulnerability CVE-2025-55692:
A coding deficiency exists in Microsoft Windows Error Reporting Service
that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 65397 through 65398,
Snort 3: GID 1, SID 301328.

Microsoft Vulnerability CVE-2025-55693:
A coding deficiency exists in Microsoft Windows Kernel that may lead to
an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 65401 through 65402,
Snort 3: GID 1, SID 301330.

Microsoft Vulnerability CVE-2025-55694:
A coding deficiency exists in Microsoft Windows Error Reporting Service
that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 65403 through 65404,
Snort 3: GID 1, SID 301331.

Microsoft Vulnerability CVE-2025-58722:
A coding deficiency exists in Microsoft DWM Core Library that may lead
to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 65399 through 65400,
Snort 3: GID 1, SID 301329.

Microsoft Vulnerability CVE-2025-59194:
A coding deficiency exists in Microsoft Windows Kernel that may lead to
an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 65407 through 65408,
Snort 3: GID 1, SID 301333.

Microsoft Vulnerability CVE-2025-59199:
A coding deficiency exists in Microsoft Software Protection Platform
(SPP) that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 65405 through 65406,
Snort 3: GID 1, SID 301332.

Microsoft Vulnerability CVE-2025-59287:
A coding deficiency exists in Microsoft Windows Server Update Service
(WSUS) that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SID 65422,
Snort 3: GID 1, SID 65422.

Microsoft Vulnerability CVE-2025-47827:
A coding deficiency exists in Secure Boot Security Feature Bypass
Vulnerability that may lead to security feature bypass.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SID 65420 through 65421,
Snort 3: GID 1, SID 301336.

Talos has added and modified multiple rules in the file-pdf,
malware-cnc, malware-other, os-windows and server-webapp rule sets to
provide coverage for emerging threats from these technologies.


For a complete list of new and modified rules please see:

https://www.snort.org/advisories
-----BEGIN PGP SIGNATURE-----

iQIcBAEBAgAGBQJo7quiAAoJEHB/DbSAg2dx4HsQAMbfMd8oKpGl8T9eRIMyDVdy
/tRspXDlBJmnPet0Jtv6GUmgo90kJcLV2g4rBH1JYlo1xVgq/ITy2OXqiLJACSvP
vwEBImix+pKQQMajGehE/AL6bU++9JBgOGVt8KZqjF0/eFveR+Cj24nD704dXBDI
1DNR4pk8r4+ItdY/Re46e7AuKs59QvUOkxbWrTn6JSvJUcJ+CNkkwlfqEUg+VoUX
Kc74MQG9gHG11wQ714SuyOlgR4twh3UqlJ17ZS8zOvU36nOzPdZqsBkEiw7RgbXN
HuCt3L85Lgm8ikkPalpo3lQgfQTnghNAdrSnA6FLZxdUoNZt/tkddDze7EMtstbv
xEMO34F8ZJWL+X9dO39KeMFBP9qTHCxZjZkrvp8bA3IH38oRiZyMYEvZbgxRwCGk
jR1hHFbxXDhdEdo2ssoH5nOP92hR00AaMdLiNQyzAqVlGEnr2vpPNMDyOrqnVtNy
i09L5+/LT3rY2CZrSprPLvD46Le8oIK/LH4RcS7VO0BQADMC5T4/jqfFwum3bOh7
yieO3fC+Re4jS8+0I1XQPFueY36JcExA6zEQYddQy+0EligJXhHswivh0adl21Z7
KaIqXDCxKMvqduVeL8PydjDwgTlUB7/pd6sJDEP20EVgmRd8rtzwJNkhtTXKAK5b
XAoWxsH2IikD1FNqwMTE
=ZjhF
-----END PGP SIGNATURE-----

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!