This event is generated when an attacker attempts to exploit a memory corruption in the Windows Kernel. Impact: Attempted Administrator Privilege Gain Details: This rule checks for attempts to exploit a NULL pointer dereference in the Windows Kernel nt!MiOffsetToProtos function. Ease of Attack:
No public information
No known false positives
Tactic:
Technique:
For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org
©2020 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
Privacy Policy | Snort License | FAQ | Sitemap
