OS-WINDOWS Microsoft Windows PsmSrvDisconnect privilege escalation attempt
This event is generated when an executable attempting to exploit CVE-2019-1175 is detected.
Code execution with elevated privileges
- Windows 10 v1809 (build 17763.475) and earlier.
Ease of attack
Isolate the affected system and remediate it in accordance with your organization's incident response policies. Afterward, apply the latest stable security updates to your Windows installation.
- Cisco Talos Intelligence Group