Think you have a false positive on this rule?

Sid 1-49160

Message

OS-WINDOWS Microsoft Windows Win32k driver privilege escalation attempt

Summary

This event is generated when privilege escalation is attempted in windows based operating systems

Impact

Attempted Administrator Privilege Gain

Detailed information

Affected systems

Ease of attack

False positives

False negatives

Corrective action

Contributors

  • Cisco Talos Intelligence Group

Additional References

  • portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0656