Think you have a false positive on this rule?

Sid 1-48407

Message

FILE-OFFICE Microsoft Outlook rwz file memory corruption attempt

Summary

This event is generated when an attempt to cause a memory corruption in Outlook 2016 is detected

Impact

High

Detailed information

A memory corruption vulnerability has been identified in Outlook 2016. This can be used to achieve RCE.

Affected systems

  • Microsoft Outlook 2016

Ease of attack

Simple

False positives

N/A

False negatives

N/A

Corrective action

Apply the latest available patch for Microsoft Outlook 2016

Contributors

  • Cisco's Talos Intelligence Group

Additional References

  • portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8522