Sigma rule to detect CVE-2021-40444 exploitation activity
- Office program with control.exe child seems to be stable enough (1 exception)
- also works for the RTF vector https://twitter.com/WLesicki/status/1435691458980352012
- control.exe + .cpl isn't good enough
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!