OS-WINDOWS Microsoft Windows CoreShellCOMServerRegistrar privilege escalation attempt
This event is generated when Snort detects an attempt to exploit CVE-2019-1184, a vulnerability in how Windows handles COM objects.
Code execution in an elevated context
- Microsoft Windows 10 (prior to the Aug 2019 patch level)
Ease of attack
Isolate the affected system and remediate it in accordance with your organization's incident response policy. Afterward, ensure the match is update to include the most recent security updates.
- Cisco Talos Intelligence Group