Think you have a false positive on this rule?

Sid 1-45130

Message

OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt

Summary

This event is generated when an attacker attempts an arbitrary pointer dereference against the Windows Routing and Remote Access Service.

Impact

Potential remote code execution

Detailed information

Rule checks for an attempt to cause an arbitrary pointer dereference against Microsoft's RRAS service.

Affected systems

Ease of attack

Hard

False positives

Not known

False negatives

Not known

Corrective action

Implement the appropriate patches for this service.

Contributors

  • Cisco's Talos Intelligence Group

Additional References

  • portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-11885