Think you have a false positive on this rule?

Sid 1-51014

Message

OS-WINDOWS Microsoft Windows privilege escalation attempt

Summary

This event is generated when a file containing a Microsoft Windows privilege escalation attempt is detected.

Impact

Attempted Administrator Privilege Gain

Detailed information

Affected systems

Windows 10 1809 x64

Ease of attack

False positives

False negatives

Corrective action

Contributors

Cisco Talos Intelligence Group

Additional References

CVE-2019-1173
portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1173

©2019 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.

Privacy Policy | Snort License | FAQ | Sitemap

Follow us on twitter