In a detailed incident analysis, CrowdStrike Falcon Complete managed detection and response team demonstrated their effectiveness in identifying, triaging, and containing a remote code execution (RCE) vulnerability that was being actively exploited across multiple customer environments. The incident began with the detection of anomalous behavior on a web server, where the Internet Information Services (IIS) Worker process initiated unexpected command executions, indicating potential exploitation by a threat actor. The CrowdStrike Falcon sensor's early detection allowed the team to quickly isolate the affected systems using the "Network contain" feature, preventing further malicious activity. Through thorough investigation, the team discovered that the attacks targeted Kentico CMS web content management systems, exploiting a known vulnerability (CVE-2019-10068) in the Staging Service component. The timely containment and investigation helped protect the vulnerable systems from further exploitation without disrupting customer operations, underscoring the importance of proactive monitoring and patch management to mitigate such threats.