OS-WINDOWS Microsoft Windows Win32k SendMessageTimeout kernel information leak attempt
This event is generated when an attacker attempts to leak kernel memory via a vulnerability in Microsoft Windows' Win32k driver.
Attempted Administrator Privilege Gain
This rule checks for attempts to leak kernel memory via a vulnerability in Microsoft Windows' Win32k driver.
Ease of attack
- Cisco Talos Intelligence Group