OS-WINDOWS -- Snort has detected traffic targeting vulnerabilities in a Windows-based operating system. This does not include browser traffic or other software on the OS, but attacks against the OS itself. (such as?)
OS-WINDOWS Microsoft Windows 10 Win32k driver elevation of privileges attempt
This rule will check for the transfer of a malicious exe file that attempts to exploit a win32 kernel driver in Windows 10
What To Look For
This rule will detect any potential attempts of a Kernel driver exploitation in Windows 10 via a maliciously crafted executable file.
No public information
No known false positives
Cisco Talos Intelligence Group