Think you have a false positive on this rule?

Sid 1-47091

Message

BROWSER-IE Microsoft Internet Explorer crafted UNC path sandbox escape attempt

Summary

This event is generated when an attacker attempts to exploit an Internet Explorer sandbox escape vulnerability.

Impact

Attempted User Privilege Gain

Detailed information

Rule checks for attempts to exploit an Internet Explorer sandbox escape vulnerability.

Affected systems

Ease of attack

False positives

False negatives

Corrective action

Implement the patches described here: url,portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-0949.

Contributors

  • Cisco's Talos Intelligence Group

Additional References

  • portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-0949