Think you have a false positive on this rule?

Sid 1-50966


OS-WINDOWS Microsoft Windows CoreShellCOMServerRegistrar privilege escalation attempt


This event is generated when Snort detects an attempt to exploit CVE-2019-1184, a vulnerability in how Windows handles COM objects.


Code execution in an elevated context

Detailed information

Affected systems

  • Microsoft Windows 10 (prior to the Aug 2019 patch level)

Ease of attack


False positives

None known

False negatives

None known

Corrective action

Isolate the affected system and remediate it in accordance with your organization's incident response policy. Afterward, ensure the match is update to include the most recent security updates.


  • Cisco Talos Intelligence Group

Additional References

  • CVE-2019-1184