Think you have a false positive on this rule?

Sid 1-48408

Message

FILE-OFFICE Microsoft Outlook rwz file memory corruption attempt

Summary

This event is generated when an attempt to cause a memory corruption in Outlook 2016 is detected

Impact

High

CVE-2018-8522:

CVSS base score 7.8

CVSS impact score 5.9

CVSS exploitability score 1.8

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Detailed information

A memory corruption vulnerability has been identified in Outlook 2016. This can be used to achieve RCE. CVE-2018-8522: A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique from CVE-2018-8524, CVE-2018-8576, CVE-2018-8582.

Affected systems

  • microsoft office 2019
  • microsoft office365proplus -
  • microsoft outlook 2010
  • microsoft outlook 2013
  • microsoft outlook 2016
  • microsoft outlook_rt 2013

Ease of attack

Simple

False positives

N/A

False negatives

N/A

Corrective action

Apply the latest available patch for Microsoft Outlook 2016

Contributors

  • Cisco's Talos Intelligence Group

Additional References

  • portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8522