Think you have a false positive on this rule?

Sid 1-48370

Message

BROWSER-IE Microsoft Internet Explorer DirectX information disclosure attempt

Summary

This event is generated when an attempt to exploit a DirectX vulnerability on Internet Explorer is detected.

Impact

High

CVE-2018-8563:

CVSS base score 5.5

CVSS impact score 3.6

CVSS exploitability score 1.8

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Detailed information

CVE-2018-8563: An information disclosure vulnerability exists when DirectX improperly handles objects in memory, aka "DirectX Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2008 R2.

Affected systems

  • microsoft windows_7 -
  • microsoft windows_8.1 -
  • microsoft windowsrt8.1 -
  • microsoft windowsserver2008 r2
  • microsoft windowsserver2012 -
  • microsoft windowsserver2012 r2

Ease of attack

Simple

False positives

N/a

False negatives

N/A

Corrective action

Apply the latest patch available for the affected systems.

Contributors

  • Cisco's Talos Intelligence Group

Additional References

  • portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8563