Tag
This rule detects suspicious processes spawned by the Microsoft Exchange Server Unified Messaging (UM) service, potentially indicating exploitation of CVE-2021-26857 and leading to unauthorized process execution and system compromise.