Think you have a false positive on this rule?

Sid 1-52233

Message

OS-WINDOWS Microsoft Windows Win32k kernel information disclosure attempt

Summary

This event is generated when an attacker attempts to exploit an information disclosure vulnerability in Windows kernel

Impact

Information disclosure

Detailed information

Affected systems

  • Windows systems

Ease of attack

Hard

False positives

None known

False negatives

None known

Corrective action

Contributors

  • Cisco Talos Intelligence Group

Additional References

  • CVE-2019-1436
  • portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1436