diff --git a/rules/windows/builtin/system/win_vul_cve_2021_42278_or_cve_2021_42287.yml b/rules/windows/builtin/system/win_vul_cve_2021_42278_or_cve_2021_42287.yml
index cef7ef843..fe76fdee3 100644
--- a/rules/windows/builtin/system/win_vul_cve_2021_42278_or_cve_2021_42287.yml
+++ b/rules/windows/builtin/system/win_vul_cve_2021_42278_or_cve_2021_42287.yml
@@ -30,7 +30,7 @@ fields:
     - samAccountName
 falsepositives:
     - Unknown 
-level: high
+level: medium
 tags:
     - attack.credential_access
-    - attack.t1558.003 
\ No newline at end of file
+    - attack.t1558.003