Detects attempts and successful exploitation of CVE-2022-26809, a remote code execution vulnerability over DCE/RPC. This package is described in detail in this Corelight blogpost. This package generates the following notices:
The first is generated when an attack is attempted, but does not necessarily
succeed. The second is fired only when a successful exploit is detected and
should be investigated immediately. No new logs are generated. This package can
be installed with
zkg using the following commands:
$ zkg refresh $ zkg install cve-2022-26809
Corelight customers can install it by updating the CVE bundle.