Think you have a false positive on this rule?

Sid 1-49131

Message

BROWSER-IE Microsoft Edge type confusion exploit attempt

Summary

This event is generated when a specially crafted web page designed to exploit CVE-2019-0593 is detected.

Impact

Remote code execution in context of current user via Microsoft Edge

Detailed information

Affected systems

  • Microsoft Edge on Windows 10 v1809

Ease of attack

Simple

False positives

None known

False negatives

None known

Corrective action

Isolate the affected system and determine if all security updates have been applied. If not, remediate the system in accordance with your organziation's incident response policy.

Contributors

  • Cisco Talos Intelligence Group

Additional References

  • portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0593