Snortmailing list archives

By Date

By Thread

Snort Subscriber Rules Update 2025-04-08

-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA1Talos Snort Subscriber Rules UpdateSynopsis:Talos is aware of vulnerabilities affecting products from MicrosoftCorporation.Details:Microsoft Vulnerability CVE-2025-21247:A coding deficiency exists in Microsoft MapUrlToZone that may lead tosecurity feature bypass.Rules to detect attacks targeting these vulnerabilities are included inthis release and are identified with:Snort 2: GID 1, SIDs 64652 through 64653,Snort 3: GID 1, SID 301162.Microsoft Vulnerability CVE-2025-24035:A coding deficiency exists in Microsoft Windows Remote Desktop Servicesthat may lead to remote code execution.Rules to detect attacks targeting these vulnerabilities are included inthis release and are identified with:Snort 2: GID 1, SID 64432,Snort 3: GID 1, SID 64432.Microsoft Vulnerability CVE-2025-24045:A coding deficiency exists in Microsoft Windows Remote Desktop Servicesthat may lead to remote code execution.Rules to detect attacks targeting these vulnerabilities are included inthis release and are identified with:Snort 2: GID 1, SID 64432,Snort 3: GID 1, SID 64432.Microsoft Vulnerability CVE-2025-24066:A coding deficiency exists in Microsoft Kernel Streaming Service Driverthat may lead to an escalation of privilege.Rules to detect attacks targeting these vulnerabilities are included inthis release and are identified with:Snort 2: GID 1, SIDs 64658 through 64659,Snort 3: GID 1, SID 301164.Microsoft Vulnerability CVE-2025-24067:A coding deficiency exists in Microsoft Kernel Streaming Service Driverthat may lead to an escalation of privilege.Rules to detect attacks targeting these vulnerabilities are included inthis release and are identified with:Snort 2: GID 1, SIDs 64660 through 64661,Snort 3: GID 1, SID 301165.Microsoft Vulnerability CVE-2025-24983:A coding deficiency exists in Microsoft Windows Win32 Kernel Subsystemthat may lead to an escalation of privilege.Rules to detect attacks targeting these vulnerabilities are included inthis release and are identified with:Snort 2: GID 1, SIDs 64656 through 64657,Snort 3: GID 1, SID 301163.Microsoft Vulnerability CVE-2025-24985:A coding deficiency exists in Microsoft Windows Fast FAT File SystemDriver that may lead to remote code execution.Rules to detect attacks targeting these vulnerabilities are included inthis release and are identified with:Snort 2: GID 1, SIDs 64662 through 64663,Snort 3: GID 1, SID 301166.Talos has added and modified multiple rules in the  and server-webapprule sets to provide coverage for emerging threats from thesetechnologies.For a complete list of new and modified rules please see:https://www.snort.org/advisories-----BEGIN PGP SIGNATURE-----iQIcBAEBAgAGBQJn9W0uAAoJEHB/DbSAg2dxByoP/3YI0narRC5GjMbx6ZUG8psbatbKANXG2GAfXSH3SQCvWI7VCMHviFc05jL4bgsmVony3t6sNIPWmP8hA0Z2S14Wrslic+wfoJ+9zdx89xzJQw6quNgYqRIO/IPRuHg0LkfHJF3omK+FWJiEupaap4gZxTCLjXTW7EGgbu2CiaFD2thaufjQTKlLLNfx9X49r0EkqjbjSFJ1W6E+2W/M4OgkE4g6Ih9qQAwUzAxXM7zNscATcj8nL7KpALf6b4rxfg++FWFaNKY1Rc73vhl7hvJxHWN+F6gysKx5CV5y+QI5N2ZCYsHEGrfUNVjNm12jBYHYH4j5nPJn8zkx0Xzs0DerW5lqwo0FXqMds4ia05FFygpOyDVvSEf7fyw3IrnqovxWtuvijXu6TOhKThF8qsaHm6FvAoucHQVhNjTA0nIWoNIEGWXe92WBYhZ6Pd42vZQujuSKJWMSHlJx7hY2FnVaVpA90fIC0Ri86iAUarhpB/ds/nAvphl6N5NTisfRhpaXinqw/sz4ZIpDuZBiFr9iMBiquS9p+Yzhz6vRpT253vEYD0Nxslm+rQ0XxQlS6+X3jE5ZvXE58tXrAfTwi6cqWRaW1OlqTd7epQkCoi9GppWNcrIiJWwxPYhuadYquM5TXTk3GIBjxylC5wCOlKdTpSIhdx2KRGP4TFYRKMWP=vrw4-----END PGP SIGNATURE-----_______________________________________________Snort-sigs mailing listSnort-sigs () lists snort orghttps://lists.snort.org/mailman/listinfo/snort-sigsPlease visithttp://blog.snort.org for the latest news about Snort!Please follow these rules:https://snort.org/faq/what-is-the-mailing-list-etiquetteVisit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href="https://snort.org/downloads/#rule-downloads";>emerging threats</a>!

By Date

By Thread

Current thread:

• Snort Subscriber Rules Update 2025-04-08Research via Snort-sigs (Apr 08)