Think you have a false positive on this rule?

Sid 1-50199


OS-WINDOWS Windows DACL privilege escalation attempt


This event is generated when an attacker attempts to exploit CVE-2019-0841.


Attempted User Privilege Gain

Detailed information

An attacker who abuses this vulnerability could potentially gain access to sensitive system files, which could lead to escalation of privileges or further abuse of an already compromised system.

Affected systems

Ease of attack

False positives

False negatives

Corrective action

Investigate host for potential compromise and perform remediation actions per company policy.


  • Cisco Talos Intelligence Group

Additional References

  • CVE-2019-0841
  • CVE-2019-1064
  • CVE-2019-1129