Think you have a false positive on this rule?

Sid 1-52226

Message

OS-WINDOWS Microsoft Windows Win32k printer driver pallet privilege escalation attempt

Summary

This event is generated when a specially created executable designed to exploit a privilege escalation flaw in Win32k is detected.

Impact

Privilege escalation

Detailed information

Affected systems

  • Please refer to Microsoft's vulnerability advisory for a complete list of affected systems.

Ease of attack

Medium

False positives

None known

False negatives

None known

Corrective action

Isolate the targeted system and remediate it in accordance with your organization's incident response policy.

Contributors

  • Cisco Talos Intelligence Group

Additional References

  • CVE-2019-1408
  • portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1408