INDICATOR-COMPROMISE Microsoft Windows Remote Desktop client heap spray attempt
This event is generated when an attacker attempts to exploit a remote code execution vulnerability in the Remote Desktop client.
Attempted User Privilege Gain
This rule checks for heap spray attempts against Microsoft Windows Remote Desktop clients.
Ease of attack
- Cisco Talos Intelligence Group