Think you have a false positive on this rule?

Sid 1-51445

Message

OS-WINDOWS Microsoft Windows privilege escalation attempt

Summary

This event is generated when an executable designed to exploit CVE-2019-1215 is detected.

Impact

Privilege escalation

Detailed information

Affected systems

  • Microsoft Windows 7 (32-bit)

Ease of attack

Medium

False positives

None known

False negatives

None known

Corrective action

Isolate the affected system and remediate it in accordance with your organization's incident response policy. Afterward, ensure all available security updates have been installed

Contributors

  • Cisco Talos Intelligence Group

Additional References

  • CVE-2019-1215
  • portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1215