microsoft-windows_audit_cve | Detection.FYI

Audit CVE Event

Aug 12, 2024 · attack.execution attack.t1203 attack.privilege-escalation attack.t1068 attack.defense-evasion attack.t1211 attack.credential-access attack.t1212 attack.lateral-movement attack.t1210 attack.impact attack.t1499.004 ·
Share on:

Detects events generated by user-mode applications when they call the CveEventWrite API when a known vulnerability is trying to be exploited. MS started using this log in Jan. 2020 with CVE-2020-0601 (a Windows CryptoAPI vulnerability. Unfortunately, that is about the only instance of CVEs being written to this log.

Read More