none
Possible detection of CVE in PowerShell "Eventlog" but not in MMC RRS feed

  • Question

  • hi everyone,

    i came across a strange problem. I was trying to build an automated time tracking with PowerShell and the Eventlog when i came across this entry:

    Index              : 21538
    EntryType          : Information
    InstanceId         : 1
    Message            : Possible detection of CVE: 2020-04-06T05:06:16.347792900Z
                         Additional Information: 2020-04-06T05:06:16.347706800Z

                         This Event is generated when an attempt to exploit a known vulnerability
                         (2020-04-06T05:06:16.347792900Z) is detected.
                         This Event is raised by a User mode process.

    Category           : (5)
    CategoryNumber     : 5
    ReplacementStrings : {2020-04-06T05:06:16.347792900Z, 2020-04-06T05:06:16.347706800Z, 1,
                         \Device\HarddiskVolume3\Windows\System32\svchost.exe...}
    Source             : Microsoft-Windows-Kernel-General
    TimeGenerated      : 06.04.2020 07:06:16
    TimeWritten        : 06.04.2020 07:06:16
    UserName           : NT AUTHORITY\LOCAL SERVICE

    This does not sound like a good message - so i tried to find this entry in the System Log. But it is not there. (Also not as local admin of the machine).

    Anyone else with this problem?

    System was patched within the same week the patch came out. If this refers to CVE-2020-0601

    Best regards

    Stephan


    <h3>Regards Stephan</h3>

    Monday, April 6, 2020 6:29 AM

All replies