Rule Category

POLICY-OTHER --

Alert Message

POLICY-OTHER Microsoft Windows Admin Center potential remote code execution attempt

Rule Explanation

This rule looks for HTTP requests being sent to the Windows Admin Center that could indicate potential attempts to exploit a vulnerability that allows for arbitrary command execution.

What To Look For

This rule fires on potential attempts to exploit a vulnerability in the Windows Admin Center.

Known Usage

No public information

False Positives

Known false positives, with the described conditions

This rule may alert on legitimate usage of certain Windows Admin Center functionality, and so network administrators should investigate all events to determine maliciousness.

Contributors

Cisco Talos Intelligence Group

Rule Groups

Rule Categories::Operating Systems::Windows

Rule Categories::Policy::Other

CVE

Additional Links

Rule Vulnerability

N/A

Not Applicable

CVE Additional Information

This product uses data from the NVD API but is not endorsed or certified by the NVD.
CVE-2026-58631
Loading description