Snort rule update for July 1, 2021

Cisco Talos released the newest SNORTⓇ ruleset overnight.

Thursday's rule update was released earlier than usual to provide immediate protection against the PrintNightmare vulnerability in Microsoft's print spooler function. Microsoft patched the vulnerability as part of June's Patch Tuesday, but PoC code appeared on GitHub this week that indicates it is more serious than initially suspected and could be used for remote code execution. 

Rules 57876 and 57877 will protect against this vulnerability.

Here's a full breakdown of today's release:

.tg {border-collapse:collapse;border-spacing:0;} .tg td{border-color:black;border-style:solid;border-width:1px;font-family:Arial, sans-serif;font-size:14px; overflow:hidden;padding:10px 5px;word-break:normal;} .tg th{border-color:black;border-style:solid;border-width:1px;font-family:Arial, sans-serif;font-size:14px; font-weight:normal;overflow:hidden;padding:10px 5px;word-break:normal;} .tg .tg-6p4y{border-color:#efefef;font-weight:bold;text-align:left;vertical-align:top} .tg .tg-li6d{border-color:#efefef;text-align:center;vertical-align:top}
Shared object rules Modified shared object rules New rules Modified rules
0 6 1

There were no changes made to the snort.conf in this release.
Talos' rule release:

[SID] 57876-57877 are being released to cover the exploitation of CVE-2021-1675 in the wild.

Talos has added and modified multiple rules in the malware-other, os-windows and server-webapp rule sets to provide coverage for emerging threats from these technologies.

You can subscribe to Talos' newest rule detection functionality for as low as $29 a year with a personal account. Be sure and see our business pricing as well here. The Snort 3 release is also here after years of development and improvements. Upgrade here.