Think you have a false positive on this rule?

Sid 1-50365

Message

OS-WINDOWS Microsoft Windows DComposition privilege escalation attempt

Summary

This event is generated when a specifically crafted Windows executable designed to exploit CVE-2019-1041 is detected.

Impact

Privilege escalation

Detailed information

Affected systems

  • Windows 10 System prior to application of the 2019-06 Security Update

Ease of attack

Medium

False positives

None known

False negatives

None known

Corrective action

Isolate the affected systems and remediate them in accordance with your organization's incident repsonse policy.

Contributors

  • Cisco Talos Intelligence Group

Additional References

  • CVE-2019-1041
  • portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1041