Snort Subscriber Rules Update 2026-02-10

[Research via Snort-sigs <snort-sigs () lists snort org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Talos Snort Subscriber Rules Update

Synopsis:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Vulnerability CVE-2026-21231:
A coding deficiency exists in Microsoft Windows Kernel that may lead to
an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 65895 through 65896,
Snort 3: GID 1, SID 301395.

Microsoft Vulnerability CVE-2026-21238:
A coding deficiency exists in Microsoft Windows Ancillary Function
Driver for WinSock that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 65897 through 65898,
Snort 3: GID 1, SID 301396.

Microsoft Vulnerability CVE-2026-21241:
A coding deficiency exists in Microsoft Windows Ancillary Function
Driver for WinSock that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 65899 through 65900,
Snort 3: GID 1, SID 301397.

Microsoft Vulnerability CVE-2026-21253:
A coding deficiency exists in Microsoft Mailslot File System that may
lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 65906 through 65907,
Snort 3: GID 1, SID 301399.

Microsoft Vulnerability CVE-2026-21510:
A coding deficiency exists in Microsoft Windows Shell that may lead to
security feature bypass.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 65902 through 65903,
Snort 3: GID 1, SID 301398.

Microsoft Vulnerability CVE-2026-21514:
A coding deficiency exists in Microsoft Word that may lead to security
feature bypass.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 65913 through 65914,
Snort 3: GID 1, SID 301402.

Microsoft Vulnerability CVE-2026-21519:
A coding deficiency exists in Microsoft Desktop Window Manager that may
lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 65910 through 65911,
Snort 3: GID 1, SID 301401.

Microsoft Vulnerability CVE-2026-21525:
A coding deficiency exists in Microsoft Windows Remote Access
Connection Manager that may lead to denial of service.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 65908 through 65909,
Snort 3: GID 1, SID 301400.

Microsoft Vulnerability CVE-2026-21533:
A coding deficiency exists in Microsoft Windows Remote Desktop Services
that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 65923 through 65924,
Snort 3: GID 1, SID 301403.

Talos also has added and modified multiple rules in the file-office,
file-other, malware-cnc and server-webapp rule sets to provide coverage
for emerging threats from these technologies.


For a complete list of new and modified rules please see:

https://www.snort.org/advisories
-----BEGIN PGP SIGNATURE-----

iQIcBAEBAgAGBQJpi8Q4AAoJEHB/DbSAg2dx5wwP/jvaVHZ7J5JV3bLk/42DYtbb
9o7qMDZ8pmso+k7CTfTfKx7yLvk9gmjIzfwJYn+C2oZ05UD+ovvyBq1mJJpyhPoV
V9fCx4fbVP82mq9peDqtRTevFhwqwZptmuUuD3XfyddWxJdvuhkTvNoKB7zjhcVB
IwEpyLXtkIx55HPBfsp54Dz1vpVX3WDosMg5LI0DMSOoFS5J2av5WwRBqdyf+Z/E
Tz0g4jAe91xMulmcMECwCCLd0rgi+9CubNe6/8o11IKCIFvgmiElb91d6XJB1P0k
7Ph3xCJ+wp2haMzEz7EWJWOd0N0/QGuLwpyZyClYYPBqCVuqEBJRRU73UanbKXSa
/nAv8tvb8Wvep0mXCG0JwI8EKxCGCeouzyqQ8bnZYQakViNyqsQiBfed7W4DCwg2
YTwkcopALLSUH65tr0NBGB8vlV0CaB/txvzKnaQZ4wFb5Z7vqsWIiPB2/A3Yq2i9
XBeerA8cxt6in9s9g5+gluz0CPFG1yJuT/TJHlwVvrlPOagFQaoFYqqyWxVEqaP4
CFs4mAW09mtgE6vB/PFpth0LhHGmcw3iGSQUUupjbNJYxt7n2DAhBK04E0OVcQOu
RuNJyEWlzqvMYFpba8xF/0UvHOqlS4u6MvhiKFCDDCyLtB5oZIxhMD4zKeLxF9fw
g1lVYat/q3TaKiwSqv0J
=SNhY
-----END PGP SIGNATURE-----

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!