Rule Library
Sigma Rules
3 rules found for "CVE-2021-41379"
3,731Total
3,132Detection
457Emerging
139Hunting
Emerging Threatcriticaltest
InstallerFileTakeOver LPE CVE-2021-41379 File Create Event
Detects signs of the exploitation of LPE CVE-2021-41379 that include an msiexec process that creates an elevation_service.exe file
WindowsFile Event
Florian Roth (Nextron Systems)Mon Nov 222021
Emerging Threatcriticaltest
Potential CVE-2021-41379 Exploitation Attempt
Detects potential exploitation attempts of CVE-2021-41379 (InstallerFileTakeOver), a local privilege escalation (LPE) vulnerability where the attacker spawns a "cmd.exe" process as a child of Microsoft Edge elevation service "elevation_service" with "LOCAL_SYSTEM" rights
WindowsProcess Creation
Florian Roth (Nextron Systems)Mon Nov 222021
Emerging Threathightest
LPE InstallerFileTakeOver PoC CVE-2021-41379
Detects PoC tool used to exploit LPE vulnerability CVE-2021-41379
Windowsapplication
Florian Roth (Nextron Systems)Mon Nov 222021