Snort Subscriber Rules Update 2026-04-14

[Research via Snort-sigs <snort-sigs () lists snort org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Talos Snort Subscriber Rules Update

Synopsis:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Vulnerability CVE-2026-26169:
A coding deficiency exists in Microsoft Windows Kernel Memory that may
lead to an information disclosure.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 66242 through 66243,
Snort 3: GID 1, SID 301468.

Microsoft Vulnerability CVE-2026-27908:
A coding deficiency exists in Microsoft Windows TDI Translation Driver
(tdx.sys) that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 66250 through 66251,
Snort 3: GID 1, SID 301472.

Microsoft Vulnerability CVE-2026-27909:
A coding deficiency exists in Microsoft Windows Search Service that may
lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 66246 through 66247,
Snort 3: GID 1, SID 301470.

Microsoft Vulnerability CVE-2026-27914:
A coding deficiency exists in Microsoft Management Console that may
lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 66244 through 66245,
Snort 3: GID 1, SID 301469.

Microsoft Vulnerability CVE-2026-27921:
A coding deficiency exists in Microsoft Windows TDI Translation Driver
(tdx.sys) that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 66248 through 66249,
Snort 3: GID 1, SID 301471.

Microsoft Vulnerability CVE-2026-32070:
A coding deficiency exists in Microsoft Windows Common Log File System
Driver that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 66275 through 66276,
Snort 3: GID 1, SID 301480.

Microsoft Vulnerability CVE-2026-32152:
A coding deficiency exists in Microsoft Desktop Window Manager that may
lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 66266 through 66267,
Snort 3: GID 1, SID 301478.

Microsoft Vulnerability CVE-2026-32162:
A coding deficiency exists in Microsoft Windows COM that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 66264 through 66265,
Snort 3: GID 1, SID 301477.

Microsoft Vulnerability CVE-2026-32202:
A coding deficiency exists in Microsoft Windows Shell that may lead to
spoofing.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 65902 through 65903,
Snort 3: GID 1, SID 301398.

Microsoft Vulnerability CVE-2026-33825:
A coding deficiency exists in Microsoft Defender that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 66259 through 66260,
Snort 3: GID 1, SID 301475.

Talos has added and modified multiple rules in the file-multimedia,
malware-cnc, malware-other, os-windows, policy-other and server-webapp
rule sets to provide coverage for emerging threats from these
technologies.


For a complete list of new and modified rules please see:

https://www.snort.org/advisories
-----BEGIN PGP SIGNATURE-----

iQIcBAEBAgAGBQJp3n2GAAoJEHB/DbSAg2dxE1sP/iDiAVAZs47cXxdaIlfkMfvo
Tm3DKTyNr6KEwZvOmgDA+m1QObkDn4zbl+E5fVaqbfSBB1DtcBKLig4m3KC+q1qn
BYdQV+ZnsxujytQj2XDthbyNQ7HwewlhJO7lWIh+4Van6/IG+gnwEpkUNlk9q0Ex
gPqjw8NwAFv0aLlBy+1Ljfyyen90smtO7ctVC7QXbFlvK+l8Xe3KispeMUohVhVo
7lENXxVoZPVtXo4ReztyY+Cqms1D7fHt1C+feDYwKlLoffm3CmhJYbdlbpnhJ9Qb
9obmb9h+pTO/34F7dl7H38MD4sgZdM1VTIs7gqdMLUgjQZT6j9XXmphRrLML9js2
25vMExUDmXIWiuqN22cwysNxJpfVdOQ7S2lZE6POuRdPZFjTXbERn9lNjIltEEEf
Mptl5GiFgjA+C9k5Cuj2biwY7flBk+YttDe46vlxCPxkOQrxhXUR5imy+g356uBZ
8ODbWAb7dZ00oDScxDbhFYUMXgKnzM75M5nSvMFo4EXdPETrL/cGP8tnX+5anqq8
2QAOBQ7yeoivy28cRGdiqiPVJKPAAeiUvB0Y9pG6peOkGiCG/QRSHS0d6zYe+c27
U3PP+dvo0e5KjjZqyLGy9wP/62IaVurdVBTmtSerRKfH6J84Up7W0iPdBI2MMlHH
prJwBGcjxpYRQMj3EgjX
=r5oj
-----END PGP SIGNATURE-----

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!