Rule Category

OS-WINDOWS -- Snort has detected traffic targeting vulnerabilities in a Windows-based operating system. This does not include browser traffic or other software on the OS, but attacks against the OS itself. (such as?)

Alert Message

OS-WINDOWS Microsoft Windows Common Log File System Driver memory corruption attempt

Rule Explanation

This event is generated when a specially crafted executable designed to exploit CVE-2020-0657 is detected. Impact: Privilege escalation Details: Ease of Attack: Medium

What To Look For

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

MITRE ATT&CK Framework

Tactic:

Technique:

For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org

CVE

Additional Links

CVE Additional Information

CVE-2020-0657
An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka 'Windows Common Log File System Driver Elevation of Privilege Vulnerability'.
Details
SeverityMEDIUM Base Score4.6
Impact Score6.4 Exploit Score3.9
Confidentiality ImpactPARTIAL Integrity ImpactPARTIAL
Availability ImpactPARTIAL Access VectorLOCAL
AuthenticationNONE Ease of AccessLOW
CVE-2020-0658
An information disclosure vulnerability exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle objects in memory, aka 'Windows Common Log File System Driver Information Disclosure Vulnerability'.
Details
SeverityLOW Base Score2.1
Impact Score2.9 Exploit Score3.9
Confidentiality ImpactPARTIAL Integrity ImpactNONE
Availability ImpactNONE Access VectorLOCAL
AuthenticationNONE Ease of AccessLOW