Snort mailing list archives

Snort Subscriber Rules Update 2026-07-14


From: Research via Snort-sigs <snort-sigs () lists snort org>
Date: Tue, 14 Jul 2026 19:46:01 +0000 (GMT)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Talos Snort Subscriber Rules Update

Synopsis:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Vulnerability CVE-2026-49170:
A coding deficiency exists in Microsoft Windows StateRepository API
Server file that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 66738 through 66739,
Snort 3: GID 1, SID 301557.

Microsoft Vulnerability CVE-2026-49795:
A coding deficiency exists in Microsoft Windows Kernel that may lead to
an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 66740 through 66741,
Snort 3: GID 1, SID 301558.

Microsoft Vulnerability CVE-2026-49798:
A coding deficiency exists in Microsoft Windows Kernel that may lead to
an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 66760 through 66761,
Snort 3: GID 1, SID 301567.

Microsoft Vulnerability CVE-2026-49805:
A coding deficiency exists in Microsoft Win32k that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 66734 through 66735,
Snort 3: GID 1, SID 301555.

Microsoft Vulnerability CVE-2026-50327:
A coding deficiency exists in Microsoft Windows Media that may lead to
remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 66748 through 66749,
Snort 3: GID 1, SID 301561.

Microsoft Vulnerability CVE-2026-50329:
A coding deficiency exists in Microsoft DWM Core Library that may lead
to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 66762 through 66763,
Snort 3: GID 1, SID 301568.

Microsoft Vulnerability CVE-2026-50332:
A coding deficiency exists in Microsoft Windows Kernel that may lead to
an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 66768 through 66769,
Snort 3: GID 1, SID 301571.

Microsoft Vulnerability CVE-2026-50343:
A coding deficiency exists in Microsoft Install Service that may lead
to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 66742 through 66743,
Snort 3: GID 1, SID 301559.

Microsoft Vulnerability CVE-2026-50351:
A coding deficiency exists in Microsoft Windows Audio Compression
Manager (ACM) that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 66750 through 66751,
Snort 3: GID 1, SID 301562.

Microsoft Vulnerability CVE-2026-50375:
A coding deficiency exists in Microsoft DirectX Graphics Kernel that
may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 66754 through 66755,
Snort 3: GID 1, SID 301564.

Microsoft Vulnerability CVE-2026-50387:
A coding deficiency exists in Microsoft Windows GDI that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 66764 through 66765,
Snort 3: GID 1, SID 301569.

Microsoft Vulnerability CVE-2026-50390:
A coding deficiency exists in Microsoft Windows Kernel that may lead to
an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 66803 through 66804,
Snort 3: GID 1, SID 301582.

Microsoft Vulnerability CVE-2026-50420:
A coding deficiency exists in Microsoft HTTP.sys that may lead to an
information disclosure.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 66746 through 66747,
Snort 3: GID 1, SID 301560.

Microsoft Vulnerability CVE-2026-50423:
A coding deficiency exists in Microsoft Windows Kernel that may lead to
an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 66756 through 66757,
Snort 3: GID 1, SID 301565.

Microsoft Vulnerability CVE-2026-50433:
A coding deficiency exists in Microsoft Windows Media that may lead to
an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 66758 through 66759,
Snort 3: GID 1, SID 301566.

Microsoft Vulnerability CVE-2026-50436:
A coding deficiency exists in Microsoft Windows Kernel that may lead to
an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 66766 through 66767,
Snort 3: GID 1, SID 301570.

Microsoft Vulnerability CVE-2026-50454:
A coding deficiency exists in Microsoft Windows User Interface Core
that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 66784 through 66785,
Snort 3: GID 1, SID 301579.

Microsoft Vulnerability CVE-2026-50475:
A coding deficiency exists in Microsoft Windows Kernel that may lead to
an information disclosure.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 66736 through 66737,
Snort 3: GID 1, SID 301556.

Microsoft Vulnerability CVE-2026-50476:
A coding deficiency exists in Microsoft Windows Network Connections
Service that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 66770 through 66771,
Snort 3: GID 1, SID 301572.

Microsoft Vulnerability CVE-2026-50489:
A coding deficiency exists in Microsoft Win32k that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 66772 through 66773,
Snort 3: GID 1, SID 301573.

Microsoft Vulnerability CVE-2026-50518:
A coding deficiency exists in Microsoft Windows DHCP Server that may
lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SID 66745,
Snort 3: GID 1, SID 66745.

Microsoft Vulnerability CVE-2026-50522:
A coding deficiency exists in Microsoft SharePoint that may lead to
remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 66791 through 66792,
Snort 3: GID 1, SIDs 66791 through 66792.

Microsoft Vulnerability CVE-2026-50655:
A coding deficiency exists in Microsoft Windows Media Foundation that
may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 66752 through 66753,
Snort 3: GID 1, SID 301563.

Microsoft Vulnerability CVE-2026-50667:
A coding deficiency exists in Microsoft Windows Common Log File System
Driver that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 66774 through 66775,
Snort 3: GID 1, SID 301574.

Microsoft Vulnerability CVE-2026-50688:
A coding deficiency exists in Microsoft Windows Win32k that may lead to
an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 66776 through 66777,
Snort 3: GID 1, SID 301575.

Microsoft Vulnerability CVE-2026-54114:
A coding deficiency exists in Microsoft Windows Win32k that may lead to
an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 66778 through 66779,
Snort 3: GID 1, SID 301576.

Microsoft Vulnerability CVE-2026-54986:
A coding deficiency exists in Microsoft Windows Win32k that may lead to
an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 66780 through 66781,
Snort 3: GID 1, SID 301577.

Microsoft Vulnerability CVE-2026-54992:
A coding deficiency exists in Microsoft Message Queuing Queue Manager
that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SID 66733,
Snort 3: GID 1, SID 66733.

Microsoft Vulnerability CVE-2026-56164:
A coding deficiency exists in Microsoft SharePoint Server that may lead
to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 66782 through 66783,
Snort 3: GID 1, SID 301578.

Microsoft Vulnerability CVE-2026-56188:
A coding deficiency exists in Microsoft Windows Server Network driver
that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SID 66793,
Snort 3: GID 1, SID 66793.

Microsoft Vulnerability CVE-2026-57091:
A coding deficiency exists in Microsoft Windows File History Service
that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 66800 through 66801,
Snort 3: GID 1, SID 301581.

Microsoft Vulnerability CVE-2026-58531:
A coding deficiency exists in Microsoft Windows SMB that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SID 66807,
Snort 3: GID 1, SID 66807.

Microsoft Vulnerability CVE-2026-58536:
A coding deficiency exists in Microsoft Windows Cloud Files Mini Filter
Driver that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 66805 through 66806,
Snort 3: GID 1, SID 301583.

Microsoft Vulnerability CVE-2026-58631:
A coding deficiency exists in Microsoft Windows Admin Center (WAC) that
may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SID 66802,
Snort 3: GID 1, SID 66802.

Talos has added and modified multiple rules in the file-multimedia,
malware-cnc, malware-other, os-windows, policy-other and server-webapp
rule sets to provide coverage for emerging threats from these
technologies.


For a complete list of new and modified rules please see:

https://www.snort.org/advisories
-----BEGIN PGP SIGNATURE-----

iQIcBAEBAgAGBQJqVpH5AAoJEHB/DbSAg2dxN4kP/A+NTo63GmBdzThWCBn0qo7V
62bi01Y/YksY8hEVjMeRgZCJieVoXXwpDe+QcxASi+RoX0RZXFjPs91cs7q93So/
Uk9RPYbboJTT1GuZUGdPE7hhHtF+UE8HnWDegjPa4VU459GXUCE3CP3pxLBFdG6i
bliXiXaaWwbb8XDnDbS9g1W6aZyq6Rh7E6Pk3KIg9soFQ7Wt6qSe6RkDYYT2qS2w
o+C/mv8Pg/vv4eQj92M78zse9BQQO2D39WDIMWJg/HnF7rRzu0/WXYHB6sNZIHgl
f5qIOEaA5Z1vCPr6rW5i700X0gWc6cUPkgJKuTEMzy0Yo/F1J9Jsw+w0DT3kb0+j
Z5Z9hakjq6gK0O3OWocStGXvpU5Ep7en6SrxJwI4zxlklMhxxRj1LkWiVL9MKBNo
EmyUY/irwGEIe4SKzCud0Sm1xcxaD13mlDo+y3Tgb/tu/zRnlnoszPwvomAuUeYc
bLDa5GRdKhP8pI5OLc9DjeuKmoq40azN2ixDvnWOcUdFaDD9Q8Wyr2NAjuRMw+60
Rg2Z8W1NVSlvSAs0ClePmJ0kdLoPK6jeYoXmkgCkTMC67ANnIbymqJwU09qOVkib
e991kOT5yHIscVV3I8u7uY3Jb03rhYoHrRSuWLeaCf87pxk9Mdm1zZk+PAms/IyE
J6zlFU4Oz3JqoyoQhV4I
=JrVR
-----END PGP SIGNATURE-----

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!


Current thread: