How To Identify And Block CVE-2021-41379 Using Only Endpoint
…Application Event Log with a package name of ‘test pkg.msi’. Using a YML file to add detection to your environment of preference: https://github.com/SigmaHQ/sigma/blob/497a9d9e2adde6b46b8870406ced239a6752f729/rules/windows/file_event/file_event_cve_2021_41379_msi_lpe.yml https://github.com/SigmaHQ/sigma/blob/497a9d9e2adde6b46b8870406ced239a6752f729/rules/windows/process_creation/win_exploit_lpe_cve_2021_41379.yml https://github.com/SigmaHQ/sigma/blob/db03d08b1105f33de763187da7681725ba70accd/rules/windows/builtin/win_vul_cve_2021_41379.yml Mitigating the attack using AppLocker…
Continue reading