Think you have a false positive on this rule?

Sid 1-46596

Message

OS-WINDOWS dxgkrnl.sys privilege escalation attempt

Summary

This event is generated when DirectX driver privilege escalation is attempted in MS windows system

Impact

Attempted Administrator Privilege Gain

Detailed information

Affected systems

Ease of attack

False positives

False negatives

Corrective action

Contributors

  • Cisco's Talos Intelligence Group

Additional References

  • portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8165