Think you have a false positive on this rule?

Sid 1-50999

Message

FILE-OFFICE Microsoft Office Outlook memory corruption attempt

Summary

This event is generated when an Microsoft Office Outlook 365 memory corruption attempt is detected.

Impact

Attempted User Privilege Gain

Detailed information

Affected systems

  • Windows 10 x64 and Outlook 365

Ease of attack

False positives

False negatives

Corrective action

Contributors

  • Cisco Talos Intelligence Group

Additional References

  • CVE-2019-1199
  • portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1199