Spotting CVE-2015-1769 Exploit via Event Log

[x BlueRobot]

Microsoft have generated a Event log entry which can be used to indicate that the mentioned exploit is attempted to used by an attacker. The following is an extract from the Microsoft TechNet blog:

As part of the update, we are also shipping an event log to help defenders detect attempts to use this vulnerability on their systems. The event log will be triggered every time a malicious USB that relies on this vulnerability, is mounted on the system. If such an event is recorded, it means that attempt to exploit the vulnerability is blocked. So once the update is installed, companies auditing event logs will be able to use this as detection mechanism.

Source: Defending against CVE-2015-1769: a logical issue exploited via a malicious USB stick - Security Research & Defense - Site Home - TechNet Blogs