Think you have a false positive on this rule?

Sid 1-49754

Message

OS-WINDOWS Microsoft Windows Kernel information disclosure attempt

Summary

This event is generated when an attempt to disclose sensitive information from the Windows Kernel is observed.

Impact

Potential Kernel Information Leak

Detailed information

Affected systems

  • Microsoft Windows

Ease of attack

False positives

False negatives

Corrective action

Contributors

  • Cisco Talos Intelligence Group

Additional References

  • portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0844