Rule Category

OS-WINDOWS -- Snort has detected traffic targeting vulnerabilities in a Windows-based operating system. This does not include browser traffic or other software on the OS, but attacks against the OS itself. (such as?)

Alert Message

OS-WINDOWS Microsoft Windows DirectX kernel memory leak attempt

Rule Explanation

Rule is looking for the exploitation of Microsoft Windows DirectX that could lead to privilege escalation.

What To Look For

This rule alerts when an attacker attempts to use a shellcode that can be used to exploit a Microsoft Windows DirectX vulnerability

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

MITRE ATT&CK Framework

Tactic: Privilege Escalation

Technique: Access Token Manipulation

For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org

CVE

Additional Links

CVE Additional Information

CVE-2020-0690
An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'.
Details
SeverityHIGH Base Score10.0
Impact Score10.0 Exploit Score10.0
Confidentiality ImpactCOMPLETE Integrity ImpactCOMPLETE
Availability ImpactCOMPLETE Access VectorNETWORK
AuthenticationNONE Ease of AccessLOW