FILE-OTHER -- Snort detected traffic targeting vulnerabilities in a file type that does not require enough rule coverage to have its own category.
FILE-OTHER Microsoft Windows WER arbitrary file move escalation of privilege attempt
This event is generated when WER arbitrary file move Elevation of Privilege is attempted Impact: Attempted Administrator Privilege Gain Details: Ease of Attack:
No public information
No known false positives
Cisco Talos Intelligence Group
Tactic:
Technique:
For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org
CVE-2019-1315An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1339, CVE-2019-1342. |
|