Think you have a false positive on this rule?

Sid 1-45902

Message

OS-WINDOWS Microsoft Windows Desktop Bridge privilege escalation attempt

Summary

This event is generated when Windows Desktop Bridge privilege escalation attempt.

Impact

Attempted Administrator Privilege Gain

CVE-2018-0880:

CVSS base score

CVSS impact score

CVSS exploitability score

Confidentiality Impact

Integrity Impact

Availability Impact

Detailed information

CVE-2018-0880: The Desktop Bridge in Windows 10 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how the virtual registry is managed, aka "Windows Desktop Bridge Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0882.

Affected systems

Ease of attack

CVE-2018-0880:

Access Vector

Access Complexity

Authentication

False positives

False negatives

Corrective action

Contributors

  • Cisco's Talos Intelligence Group

Additional References

  • portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-0880