Think you have a false positive on this rule?

Sid 1-45649

Message

OS-WINDOWS Microsoft Windows win32k.sys privilege escalation attempt

Summary

This event is generated when an attempt to exploit CVE-2018-0742 is detected.

Impact

Attempted User Privilege Gain

Detailed information

Affected systems

Ease of attack

False positives

False negatives

Corrective action

Investigate host for possible compromise. Apply necessary patches and upgrade system as soon as possible.

Contributors

  • Cisco's Talos Intelligence Group

Additional References

  • portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-0742