Rule Document 1:301374

Report a false positive

Rule Category

OS-WINDOWS -- Snort has detected traffic targeting vulnerabilities in a Windows-based operating system. This does not include browser traffic or other software on the OS, but attacks against the OS itself. (such as?)

Alert Message

OS-WINDOWS Microsoft Windows Error Reporting Service privilege escalation attempt

Rule Explanation

This rule looks for attempts to exploit a vulnerability in the Windows Error Reporting Service in windows. Attackers who abuse this may be able to leak sensitive information and/or gain a further foothold on an exploited system.

What To Look For

This rule looks for attempts to exploit an escalation of privilege on Microsoft Windows.

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

Rule Groups

MITRE::ATT&CK Framework::Enterprise::Execution::User Execution::Malicious File

Rule Categories::File::Executable

MITRE::ATT&CK Framework::Enterprise::Privilege Escalation::Exploitation for Privilege Escalation

CVE

CVE-2026-20817

Additional Links

msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20817

Rule Vulnerability

Escalation of Privilege

An Escalation of Privilege (EOP) attack is any attack method that results in a user or application gaining permissions to access resources they normally would not have access to.

CVE Additional Information

This product uses data from the NVD API but is not endorsed or certified by the NVD.
CVE-2026-20817
 Loading description