Emerging Threats
CVE2020
CVE-2020-1048
2Rules
1References
1Folders
2024-03-25Latest
Summary
CVE-2020-1048 is tracked here through 2 Sigma detections for exploitation attempts and related post-exploitation behavior observed in 2020. Coverage centers on windows / process_creation, windows / registry_set.
Related Detections
Search this threatEmerging Threathightest
CVE-2020-1048 Exploitation Attempt - Suspicious New Printer Ports - Registry
Detects changes to the "Ports" registry key with data that includes a Windows path or a file with a suspicious extension. This could be an attempt to exploit CVE-2020-1048 - a Windows Print Spooler elevation of privilege vulnerability.
WindowsRegistry Set
TA0003 · PersistenceTA0002 · ExecutionTA0005 · StealthT1112 · Modify Registry+2
EagleEye Team+2Wed May 132020
Emerging Threathightest
Suspicious PrinterPorts Creation (CVE-2020-1048)
Detects new commands that add new printer port which point to suspicious file
WindowsProcess Creation
TA0003 · PersistenceTA0002 · ExecutionT1059.001 · PowerShellcve.2020-1048+1
EagleEye Team+1Wed May 132020
References