Think you have a false positive on this rule?

Sid 1-46601

Message

FILE-OFFICE Microsoft Outlook use-after-free vulnerability attempt

Summary

This event is generated when an attempt to exploit a use after free vulnerability in Outlook 2013 or 2016 is detected

Impact

Attempted Administrator Privilege Gain

Detailed information

Successful exploitation of this vulnerability could result in Remote Code Execution.

Affected systems

  • Microsoft Outlook 2013 and 2016

Ease of attack

Simple

False positives

N/A

False negatives

N/A

Corrective action

Upgrade to the fixed version of Microsoft Outlook

Contributors

  • Cisco's Talos Intelligence Group

Additional References

  • portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8161