Think you have a false positive on this rule?

Sid 1-51463

Message

OS-WINDOWS Microsoft Windows elevation of privilege attempt

Summary

This event is generated when an attacker attempts to exploit local elevation of privilege vulnerability in Microsoft Windows.

Impact

Elevation of privilege

Detailed information

Null dereference vulnerability that leads to elevation of privilege

Affected systems

  • Microsoft Windows

Ease of attack

False positives

None known

False negatives

none known

Corrective action

Contributors

  • Cisco Talos Intelligence Group

Additional References

  • CVE-2019-1256
  • portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1256