FILE-OTHER -- Snort detected traffic targeting vulnerabilities in a file type that does not require enough rule coverage to have its own category.
FILE-OTHER Microsoft Powershell XML instantiation constrained language mode bypass attempt
This event is generated when a Powershell script designed to bypass Windows Device Guard policy traverses the corporate network. Impact: Attempted User Privilege Gain Details: The potential vulnerability here is a potential Constrained Language Mode Bypass within PowerShell v5.0+ via XML/XSL COM instantiation and transformation. This can lead to bypassing Device guard when enforced by policy. Ease of Attack:
No information provided
No public information
No known false positives
Cisco Talos Intelligence Group
No rule groups
CVE-2018-8492 |
Loading description
|