Think you have a false positive on this rule?

Sid 1-52226


OS-WINDOWS Microsoft Windows Win32k printer driver pallet privilege escalation attempt


This event is generated when a specially created executable designed to exploit a privilege escalation flaw in Win32k is detected.


Privilege escalation

Detailed information

Affected systems

  • Please refer to Microsoft's vulnerability advisory for a complete list of affected systems.

Ease of attack


False positives

None known

False negatives

None known

Corrective action

Isolate the targeted system and remediate it in accordance with your organization's incident response policy.


  • Cisco Talos Intelligence Group

Additional References

  • CVE-2019-1408