Think you have a false positive on this rule?

Sid 1-46935

Message

OS-WINDOWS Microsoft Windows DNSAPI remote code execution attempt

Summary

This event is generated when attacker tries to exploit DNSAPI vulnerability to perform remote code execution on Windows systems

Impact

Attempted Administrator Privilege Gain

Detailed information

Affected systems

  • Windows 10

Ease of attack

False positives

False negatives

Corrective action

Contributors

  • Cisco's Talos Intelligence Group

Additional References

  • portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8225