OS-WINDOWS Microsoft Windows RDP client buffer overflow attempt
This event is generated when an attacker attempts to exploit a remote code execution in the Microsoft Windows RDP client.
Attempted User Privilege Gain
This rule checks for attempts to exploit a remote code execution in the Microsoft Windows RDP client when handling Server Redirection packets.
Ease of attack
- Cisco Talos Intelligence Group