Rule Library

Sigma Rules

2 rules found for "CVE-2020-1048"

3,731Total

3,132Detection

457Emerging

139Hunting

Filters

Type

Severity

Status

Product

Suspicious PrinterPorts Creation (CVE-2020-1048)

Detects new commands that add new printer port which point to suspicious file

WindowsProcess Creation

EagleEye Team+1Wed May 132020

Emerging Threathightest

CVE-2020-1048 Exploitation Attempt - Suspicious New Printer Ports - Registry

Detects changes to the "Ports" registry key with data that includes a Windows path or a file with a suspicious extension. This could be an attempt to exploit CVE-2020-1048 - a Windows Print Spooler elevation of privilege vulnerability.

WindowsRegistry Set

EagleEye Team+2Wed May 132020