FILE-OTHER -- Snort detected traffic targeting vulnerabilities in a file type that does not require enough rule coverage to have its own category.
FILE-OTHER Microsoft Windows Common Log Files System driver privilege escalation attempt
This rule is looking for BLF files that trigger the vulnerability outlined in CVE-2020-17088.
This rule alerts on initial exploit traffic.
No public information
No known false positives
Cisco Talos Intelligence Group
No rule groups
Escalation of Privilege
An Escalation of Privilege (EOP) attack is any attack method that results in a user or application gaining permissions to access resources they normally would not have access to.
CVE-2020-17088 |
Loading description
|
Tactic: Execution
Technique: Exploitation for Client Execution
For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org