Rule Category

FILE-OTHER -- Snort detected traffic targeting vulnerabilities in a file type that does not require enough rule coverage to have its own category.

Alert Message

FILE-OTHER Microsoft Windows WER arbitrary file move escalation of privilege attempt

Rule Explanation

This event is generated when WER arbitrary file move Elevation of Privilege is attempted Impact: Attempted Administrator Privilege Gain Details: Ease of Attack:

What To Look For

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

MITRE ATT&CK Framework

Tactic:

Technique:

For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org

CVE

Additional Links

Rule Vulnerability

CVE Additional Information

CVE-2019-1315
An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1339, CVE-2019-1342.
Details
SeverityHIGH Base Score7.2
Impact Score10.0 Exploit Score3.9
Confidentiality ImpactCOMPLETE Integrity ImpactCOMPLETE
Availability ImpactCOMPLETE Access VectorLOCAL
AuthenticationNONE Ease of AccessLOW