OS-WINDOWS -- Snort has detected traffic targeting vulnerabilities in a Windows-based operating system. This does not include browser traffic or other software on the OS, but attacks against the OS itself. (such as?)
OS-WINDOWS Microsoft Windows SMB2 SET_INFO information disclosure attempt
This rule is looking for multiple SMB2_SET_INFO requests that fit several parameters in a very short period of time.
What To Look For
This rule alerts on exploit traffic from an attacker.
No public information
No known false positives
Cisco Talos Intelligence Group
MITRE ATT&CK Framework
Tactic: Initial Access
Technique: External Remote Services
For reference, see the MITRE ATT&CK vulnerability types here:
Information Leakage happens when an attacker manipulates a system into revealing sensitive information, either through malformed input or by taking advantage of another feature of the system.
CVE Additional Information