Snort mailing list archives
Snort Subscriber Rules Update 2026-07-14
From: Research via Snort-sigs <snort-sigs () lists snort org>
Date: Tue, 14 Jul 2026 19:46:01 +0000 (GMT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Talos Snort Subscriber Rules Update Synopsis: Talos is aware of vulnerabilities affecting products from Microsoft Corporation. Details: Microsoft Vulnerability CVE-2026-49170: A coding deficiency exists in Microsoft Windows StateRepository API Server file that may lead to an escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 66738 through 66739, Snort 3: GID 1, SID 301557. Microsoft Vulnerability CVE-2026-49795: A coding deficiency exists in Microsoft Windows Kernel that may lead to an escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 66740 through 66741, Snort 3: GID 1, SID 301558. Microsoft Vulnerability CVE-2026-49798: A coding deficiency exists in Microsoft Windows Kernel that may lead to an escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 66760 through 66761, Snort 3: GID 1, SID 301567. Microsoft Vulnerability CVE-2026-49805: A coding deficiency exists in Microsoft Win32k that may lead to an escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 66734 through 66735, Snort 3: GID 1, SID 301555. Microsoft Vulnerability CVE-2026-50327: A coding deficiency exists in Microsoft Windows Media that may lead to remote code execution. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 66748 through 66749, Snort 3: GID 1, SID 301561. Microsoft Vulnerability CVE-2026-50329: A coding deficiency exists in Microsoft DWM Core Library that may lead to an escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 66762 through 66763, Snort 3: GID 1, SID 301568. Microsoft Vulnerability CVE-2026-50332: A coding deficiency exists in Microsoft Windows Kernel that may lead to an escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 66768 through 66769, Snort 3: GID 1, SID 301571. Microsoft Vulnerability CVE-2026-50343: A coding deficiency exists in Microsoft Install Service that may lead to an escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 66742 through 66743, Snort 3: GID 1, SID 301559. Microsoft Vulnerability CVE-2026-50351: A coding deficiency exists in Microsoft Windows Audio Compression Manager (ACM) that may lead to an escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 66750 through 66751, Snort 3: GID 1, SID 301562. Microsoft Vulnerability CVE-2026-50375: A coding deficiency exists in Microsoft DirectX Graphics Kernel that may lead to an escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 66754 through 66755, Snort 3: GID 1, SID 301564. Microsoft Vulnerability CVE-2026-50387: A coding deficiency exists in Microsoft Windows GDI that may lead to an escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 66764 through 66765, Snort 3: GID 1, SID 301569. Microsoft Vulnerability CVE-2026-50390: A coding deficiency exists in Microsoft Windows Kernel that may lead to an escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 66803 through 66804, Snort 3: GID 1, SID 301582. Microsoft Vulnerability CVE-2026-50420: A coding deficiency exists in Microsoft HTTP.sys that may lead to an information disclosure. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 66746 through 66747, Snort 3: GID 1, SID 301560. Microsoft Vulnerability CVE-2026-50423: A coding deficiency exists in Microsoft Windows Kernel that may lead to an escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 66756 through 66757, Snort 3: GID 1, SID 301565. Microsoft Vulnerability CVE-2026-50433: A coding deficiency exists in Microsoft Windows Media that may lead to an escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 66758 through 66759, Snort 3: GID 1, SID 301566. Microsoft Vulnerability CVE-2026-50436: A coding deficiency exists in Microsoft Windows Kernel that may lead to an escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 66766 through 66767, Snort 3: GID 1, SID 301570. Microsoft Vulnerability CVE-2026-50454: A coding deficiency exists in Microsoft Windows User Interface Core that may lead to an escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 66784 through 66785, Snort 3: GID 1, SID 301579. Microsoft Vulnerability CVE-2026-50475: A coding deficiency exists in Microsoft Windows Kernel that may lead to an information disclosure. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 66736 through 66737, Snort 3: GID 1, SID 301556. Microsoft Vulnerability CVE-2026-50476: A coding deficiency exists in Microsoft Windows Network Connections Service that may lead to an escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 66770 through 66771, Snort 3: GID 1, SID 301572. Microsoft Vulnerability CVE-2026-50489: A coding deficiency exists in Microsoft Win32k that may lead to an escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 66772 through 66773, Snort 3: GID 1, SID 301573. Microsoft Vulnerability CVE-2026-50518: A coding deficiency exists in Microsoft Windows DHCP Server that may lead to remote code execution. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SID 66745, Snort 3: GID 1, SID 66745. Microsoft Vulnerability CVE-2026-50522: A coding deficiency exists in Microsoft SharePoint that may lead to remote code execution. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 66791 through 66792, Snort 3: GID 1, SIDs 66791 through 66792. Microsoft Vulnerability CVE-2026-50655: A coding deficiency exists in Microsoft Windows Media Foundation that may lead to remote code execution. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 66752 through 66753, Snort 3: GID 1, SID 301563. Microsoft Vulnerability CVE-2026-50667: A coding deficiency exists in Microsoft Windows Common Log File System Driver that may lead to an escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 66774 through 66775, Snort 3: GID 1, SID 301574. Microsoft Vulnerability CVE-2026-50688: A coding deficiency exists in Microsoft Windows Win32k that may lead to an escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 66776 through 66777, Snort 3: GID 1, SID 301575. Microsoft Vulnerability CVE-2026-54114: A coding deficiency exists in Microsoft Windows Win32k that may lead to an escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 66778 through 66779, Snort 3: GID 1, SID 301576. Microsoft Vulnerability CVE-2026-54986: A coding deficiency exists in Microsoft Windows Win32k that may lead to an escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 66780 through 66781, Snort 3: GID 1, SID 301577. Microsoft Vulnerability CVE-2026-54992: A coding deficiency exists in Microsoft Message Queuing Queue Manager that may lead to remote code execution. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SID 66733, Snort 3: GID 1, SID 66733. Microsoft Vulnerability CVE-2026-56164: A coding deficiency exists in Microsoft SharePoint Server that may lead to an escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 66782 through 66783, Snort 3: GID 1, SID 301578. Microsoft Vulnerability CVE-2026-56188: A coding deficiency exists in Microsoft Windows Server Network driver that may lead to remote code execution. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SID 66793, Snort 3: GID 1, SID 66793. Microsoft Vulnerability CVE-2026-57091: A coding deficiency exists in Microsoft Windows File History Service that may lead to an escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 66800 through 66801, Snort 3: GID 1, SID 301581. Microsoft Vulnerability CVE-2026-58531: A coding deficiency exists in Microsoft Windows SMB that may lead to an escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SID 66807, Snort 3: GID 1, SID 66807. Microsoft Vulnerability CVE-2026-58536: A coding deficiency exists in Microsoft Windows Cloud Files Mini Filter Driver that may lead to an escalation of privilege. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 66805 through 66806, Snort 3: GID 1, SID 301583. Microsoft Vulnerability CVE-2026-58631: A coding deficiency exists in Microsoft Windows Admin Center (WAC) that may lead to remote code execution. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SID 66802, Snort 3: GID 1, SID 66802. Talos has added and modified multiple rules in the file-multimedia, malware-cnc, malware-other, os-windows, policy-other and server-webapp rule sets to provide coverage for emerging threats from these technologies. For a complete list of new and modified rules please see: https://www.snort.org/advisories -----BEGIN PGP SIGNATURE----- iQIcBAEBAgAGBQJqVpH5AAoJEHB/DbSAg2dxN4kP/A+NTo63GmBdzThWCBn0qo7V 62bi01Y/YksY8hEVjMeRgZCJieVoXXwpDe+QcxASi+RoX0RZXFjPs91cs7q93So/ Uk9RPYbboJTT1GuZUGdPE7hhHtF+UE8HnWDegjPa4VU459GXUCE3CP3pxLBFdG6i bliXiXaaWwbb8XDnDbS9g1W6aZyq6Rh7E6Pk3KIg9soFQ7Wt6qSe6RkDYYT2qS2w o+C/mv8Pg/vv4eQj92M78zse9BQQO2D39WDIMWJg/HnF7rRzu0/WXYHB6sNZIHgl f5qIOEaA5Z1vCPr6rW5i700X0gWc6cUPkgJKuTEMzy0Yo/F1J9Jsw+w0DT3kb0+j Z5Z9hakjq6gK0O3OWocStGXvpU5Ep7en6SrxJwI4zxlklMhxxRj1LkWiVL9MKBNo EmyUY/irwGEIe4SKzCud0Sm1xcxaD13mlDo+y3Tgb/tu/zRnlnoszPwvomAuUeYc bLDa5GRdKhP8pI5OLc9DjeuKmoq40azN2ixDvnWOcUdFaDD9Q8Wyr2NAjuRMw+60 Rg2Z8W1NVSlvSAs0ClePmJ0kdLoPK6jeYoXmkgCkTMC67ANnIbymqJwU09qOVkib e991kOT5yHIscVV3I8u7uY3Jb03rhYoHrRSuWLeaCf87pxk9Mdm1zZk+PAms/IyE J6zlFU4Oz3JqoyoQhV4I =JrVR -----END PGP SIGNATURE----- _______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- Snort Subscriber Rules Update 2026-07-14 Research via Snort-sigs (Jul 14)
