Think you have a false positive on this rule?

Sid 1-47476

Message

FILE-OTHER Microsoft LNK remote code execution attempt

Summary

This event is generated when LNK file based remote code execution is attempted on Windows systems

Impact

Attempted Administrator Privilege Gain

Detailed information

Affected systems

  • Windows Systems

Ease of attack

False positives

False negatives

Corrective action

Contributors

  • Cisco's Talos Intelligence Group

Additional References

  • portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8345