Rule Document 1:301368

Report a false positive

Rule Category

OS-WINDOWS -- Snort has detected traffic targeting vulnerabilities in a Windows-based operating system. This does not include browser traffic or other software on the OS, but attacks against the OS itself. (such as?)

Alert Message

OS-WINDOWS Microsoft Windows Desktop Windows Manager information disclosure attempt

Rule Explanation

This rule looks for bytes known to be specific to files that are intended to exploit an information disclosure vulnerability in the Microsoft Windows operating system.

What To Look For

This rule looks for attempts to exploit an information disclosure vulnerability in the Microsoft Windows operating system.

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

Rule Groups

MITRE::ATT&CK Framework::Enterprise::Execution::User Execution::Malicious File

Rule Categories::Operating Systems::Windows

MITRE::ATT&CK Framework::Enterprise::Privilege Escalation::Exploitation for Privilege Escalation

CVE

CVE-2026-20805

Additional Links

msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20805

Rule Vulnerability

Information Leak

Information Leakage happens when an attacker manipulates a system into revealing sensitive information, either through malformed input or by taking advantage of another feature of the system.

CVE Additional Information

This product uses data from the NVD API but is not endorsed or certified by the NVD.
CVE-2026-20805
 Loading description