Rule Category
OS-WINDOWS -- Snort has detected traffic targeting vulnerabilities in a Windows-based operating system. This does not include browser traffic or other software on the OS, but attacks against the OS itself. (such as?)
Alert Message
OS-WINDOWS Microsoft Windows Remote Access Connection Manager elevation of privilege attempt
Rule Explanation
This rule looks for bytes in a file that would elevate privileges on a Windows system.
What To Look For
This rule fires on attempts to exploit a privilege escalation vulnerability in Microsoft Windows.
Known Usage
No public information
False Positives
No known false positives
Contributors
Cisco Talos Intelligence Group
Rule Groups
MITRE::ATT&CK Framework::Enterprise::Execution::User Execution::Malicious File
An adversary may rely upon a user opening a malicious file in order to gain execution. Users may be subjected to social engineering to get them to open a file that will lead to code execution. This user action will typically be observed as follow-on behavior from Spearphishing Attachment. Adversaries may use several types of files that require a user to execute them, including .doc, .pdf, .xls, .rtf, .scr, .exe, .lnk, .pif, and .cpl.
T1204.002
MITRE::ATT&CK Framework::Enterprise::Privilege Escalation::Exploitation for Privilege Escalation
Privilege escalation includes techniques that allow an attacker to obtain a higher level of permissions on the mobile device. Attackers may enter the mobile device with very limited privileges and may be required to take advantage of a device weakness to obtain higher privileges necessary to successfully carry out their mission objectives.
T1068
Additional Links
Rule Vulnerability
Escalation of Privilege
An Escalation of Privilege (EOP) attack is any attack method that results in a user or application gaining permissions to access resources they normally would not have access to.
CVE Additional Information
This product uses data from the NVD API but is not endorsed or certified by the NVD.
CVE-2024-26211
|
Loading description
|
|
Severity | |
Base Score | |
Impact Score | |
Exploit Score | |
Confidentiality Impact | |
Integrity Impact | |
Availability Impact | |
Authentication | |
Ease of Access | |
|