Snort Subscriber Rules Update 2026-01-13

[Research via Snort-sigs <snort-sigs () lists snort org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Talos Snort Subscriber Rules Update

Synopsis:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Vulnerability CVE-2026-20805:
A coding deficiency exists in Microsoft Desktop Window Manager that may
lead to an information disclosure.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 65663 through 65664,
Snort 3: GID 1, SID 301368.

Microsoft Vulnerability CVE-2026-20816:
A coding deficiency exists in Microsoft Windows Installer that may lead
to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 65665 through 65666,
Snort 3: GID 1, SID 301369.

Microsoft Vulnerability CVE-2026-20817:
A coding deficiency exists in Microsoft Windows Error Reporting Service
that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 65675 through 65676,
Snort 3: GID 1, SID 301374.

Microsoft Vulnerability CVE-2026-20820:
A coding deficiency exists in Microsoft Windows Common Log File System
Driver that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 65667 through 65668,
Snort 3: GID 1, SID 301370.

Microsoft Vulnerability CVE-2026-20840:
A coding deficiency exists in Microsoft Windows NTFS that may lead to
remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 65671 through 65672,
Snort 3: GID 1, SID 301372.

Microsoft Vulnerability CVE-2026-20843:
A coding deficiency exists in Microsoft Windows Routing and Remote
Access Service (RRAS) that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 65669 through 65670,
Snort 3: GID 1, SID 301371.

Microsoft Vulnerability CVE-2026-20860:
A coding deficiency exists in Microsoft Windows Ancillary Function
Driver for WinSock that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 65498 through 65499,
Snort 3: GID 1, SID 301344.

Microsoft Vulnerability CVE-2026-20871:
A coding deficiency exists in Microsoft Desktop Windows Manager that
may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 65673 through 65674,
Snort 3: GID 1, SID 301373.

Microsoft Vulnerability CVE-2026-20922:
A coding deficiency exists in Microsoft Windows NTFS that may lead to
remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 65671 through 65672,
Snort 3: GID 1, SID 301372.

Talos has added and modified multiple rules in the malware-cnc,
malware-tools and server-webapp rule sets to provide coverage for
emerging threats from these technologies.


For a complete list of new and modified rules please see:

https://www.snort.org/advisories
-----BEGIN PGP SIGNATURE-----

iQIcBAEBAgAGBQJpZou6AAoJEHB/DbSAg2dxG/gP/i08aXJaWhhW+jsVvgQ8OIa/
+HP6FjuCDrImnRr9BfwCtS6MoRv9QqrVSkYbwjHmi8GVXpolLStZFwZeRZPM6/5s
vpUrSXhogs1MTOdQ21eR25hMia4+/hin7AWHClc0zTwkMuA/IR0muCzLORczu6Lq
NPCvEGeVwYHRdAab7Y8j7lACOIG+cAAMvvqOEE2qLr3Q4Ikb2KaM89napGLKpkoG
iY/ZjG5YXMu9tqVv/qJyh0C/cwfKBJwEp6PYv/UYHICVbkk0Z1PlW0wkVrqLAQnM
KwXFFW48OmIFHKNRsLbSQT2Na6IhWXxFiLPl5JbJ+9jEBdsTaf5NBeNg2p7L+Ob2
KmoVbkIjnHSdnazezZ23VTNMAzsunRzAe3IcLjuoCNBkQq/fXSaSuhKNWIdgcFZf
dtb7XqBjD/EQ9U2DDrDwHDLEhtwnsOgyeAq+WmvWJ08VnH4VU/HBjJ7/n6Nl1uct
WI22mOq4gip475fuIbEJVM1ATAjkncUNc9+P+E13RHbG76SdZtgkUx/T35KOWrQp
u4sK3Vz6G4nyVcSA3IEkI833Xcj4yYzm1vqI6LBUS5u31ZC6ZTtbkshKTKh4J8SU
X7I6vaz3Jx4c3+Ovt1dscJiMWbSShIxEStjJJbPVSvZvRP99K/c6YeTks2K/y/3P
bnnUx8Vpq+6zlVLmVyWK
=BCni
-----END PGP SIGNATURE-----

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!