The latest SNORT rule update is available this morning, including new coverage for the recently disclosed zero-day vulnerability in Microsoft MSHTML.
Users are encouraged to deploy SIDs 58120 – 58129 to detect and prevent the exploitation of CVE-2021-40444, which Microsoft disclosed earlier this week. If an adversary were to successfully exploit this vulnerability, they could remotely execute code on the victim machine or gain complete control. The Microsoft advisory also stated that proof-of-concept code for this vulnerability is available in the wild.
Here's a full breakdown of this rule update:
| Shared object rules | Modified shared object rules | New rules | Modified rules |
|---|---|---|---|
| 1 | 0 | 19 | 2 |