Think you have a false positive on this rule?

Sid 1-49692

Message

OS-WINDOWS Microsoft Windows LUAFV driver privilege escalation attempt

Summary

This event is generated when an attacker attempts to exploit an privilege escalation vulnerability in the Microsoft LUAFV driver.

Impact

Attempted User Privilege Gain

Detailed information

This rule checks for attempts to exploit an privilege escalation vulnerability in the Microsoft LUAFV driver.

Affected systems

Ease of attack

False positives

Not known

False negatives

Not known

Corrective action

Contributors

  • Cisco Talos Intelligence Group

Additional References

  • portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0730