Think you have a false positive on this rule?

Sid 1-50376

Message

OS-WINDOWS Windows kernel win32k driver elevation of privilege attempt

Summary

This event is generated when Windows kernel win32k driver based privilege escalation is attempted

Impact

Attempted Administrator Privilege Gain

Detailed information

Affected systems

  • Windows 10 x64

Ease of attack

False positives

False negatives

Corrective action

Contributors

  • Cisco Talos Intelligence Group

Additional References

  • CVE-2019-1065
  • portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1065