This SRU number: 2025-10-13-001
Previous SRU number: 2025-10-08-001
Corresponding SEU number: 2921
Applies to:
| Total new rules | 42 |
| Total rule modifications | 6 |
| Policy change | No |
Note: Rule updates are cumulative, so you do not need to install prior updates before installing this one.
To review a cumulative list of recent feature updates and resolved issues since the last Rule Updates you imported, use the link provided from this advisory on the Sourcefire Customer Support Site.
Talos is aware of vulnerabilities affecting products from Microsoft Corporation.
Microsoft Vulnerability CVE-2025-24052:
A coding deficiency exists in Microsoft Windows Agere Modem Driver that may lead to an escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 65391 through 65392, Snort 3: GID 1, SID 301325.
Microsoft Vulnerability CVE-2025-24990:
A coding deficiency exists in Microsoft Windows Agere Modem Driver that may lead to an escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 65391 through 65392, Snort 3: GID 1, SID 301325.
Microsoft Vulnerability CVE-2025-48004:
A coding deficiency exists in Microsoft Brokering File System that may lead to an escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 65393 through 65394, Snort 3: GID 1, SID 301326.
Microsoft Vulnerability CVE-2025-55680:
A coding deficiency exists in Microsoft Windows Cloud Files Mini Filter Driver that may lead to an escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 65395 through 65396, Snort 3: GID 1, SID 301327.
Microsoft Vulnerability CVE-2025-55681:
A coding deficiency exists in Microsoft Desktop Windows Manager that may lead to an escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 65409 through 65410, Snort 3: GID 1, SID 301334.
Microsoft Vulnerability CVE-2025-55692:
A coding deficiency exists in Microsoft Windows Error Reporting Service that may lead to an escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 65397 through 65398, Snort 3: GID 1, SID 301328.
Microsoft Vulnerability CVE-2025-55693:
A coding deficiency exists in Microsoft Windows Kernel that may lead to an escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 65401 through 65402, Snort 3: GID 1, SID 301330.
Microsoft Vulnerability CVE-2025-55694:
A coding deficiency exists in Microsoft Windows Error Reporting Service that may lead to an escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 65403 through 65404, Snort 3: GID 1, SID 301331.
Microsoft Vulnerability CVE-2025-58722:
A coding deficiency exists in Microsoft DWM Core Library that may lead to an escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 65399 through 65400, Snort 3: GID 1, SID 301329.
Microsoft Vulnerability CVE-2025-59194:
A coding deficiency exists in Microsoft Windows Kernel that may lead to an escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 65407 through 65408, Snort 3: GID 1, SID 301333.
Microsoft Vulnerability CVE-2025-59199:
A coding deficiency exists in Microsoft Software Protection Platform (SPP) that may lead to an escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 65405 through 65406, Snort 3: GID 1, SID 301332.
Microsoft Vulnerability CVE-2025-59287:
A coding deficiency exists in Microsoft Windows Server Update Service (WSUS) that may lead to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SID 65422, Snort 3: GID 1, SID 65422.
Talos has added and modified multiple rules in the file-pdf, malware-cnc, malware-other, os-windows and server-webapp rule sets to provide coverage for emerging threats from these technologies.
You can view instructions for importing rule updates and SEUs on the Sourcefire Customer Support Site and in the user documentation for the Sourcefire 3D System.
Detailed instructions can be found on the Sourcefire Customer Support Site in the downloads section for each product.
For information on obtaining documentation, using the Cisco Bug Search Tool (BST), submitting a service request, and gathering additional information about Cisco ASA devices, see What's New in Cisco Product Documentation.
Subscribe to What's New in Cisco Product Documentation, which lists all new and revised Cisco technical documentation, as an RSS feed and deliver content directly to your desktop using a reader application. The RSS feeds are a free service. If you have any questions or require assistance with Cisco ASA devices, please contact Cisco Support:
The Talos Security Intelligence and Research Group (Talos) is made up of leading threat researchers supported by sophisticated systems to create threat intelligence for Cisco products that detects, analyzes and protects against both known and emerging threats. Talos maintains the official rule sets of Snort.org, ClamAV, SenderBase.org and SpamCop. The team's expertise spans software development, reverse engineering, vulnerability triage, malware investigation and intelligence gathering.