Red Hat Security Advisory 2024-0954-03 - The components for Red Hat OpenShift for Windows Containers 10.15.0 are now available. This product release includes bug fixes and security updates for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle. Issues addressed include a privilege escalation vulnerability.
b30c62396fd2061eed0ac23a59b4a56c6bf20a79bab17aaa66538177c1f1e0e8Backdoor.Win32.AutoSpy.10 malware suffers from a remote command execution vulnerability.
01433d0ad222e5da0927202b151b19c29afd6ce5f59f4e0b3302a97ed91a29bbTosibox Key Service versions 3.3.0 and below suffer from an unquoted search path issue impacting the service Tosibox Key Service for Windows. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system.
7820f9f7d9af81913956c26707d4acc215ad499c129864227adf8ac1f2345e47Backdoor.Win32.Armageddon.r malware suffers from a hardcoded credential vulnerability.
a63aee2a17b2de0fd0b66bd203d4a2c97938d4d3f44312228c88c11909ae9131Back in 2022, the researcher released a proof of concept to bypass the Backdoor:JS/Relvelshe.A detection in Windows Defender but it no longer works as it was mitigated. However, adding a simple javascript try catch error statement and eval'ing the hex string, it executes as of the time of this post.
7ab1d57cbbb29f8168521971a747af06eab9ef184d9f61ee316413db3f71e0c9This is additional research regarding a mitigation bypass in Windows Defender. Back in 2022, the researcher disclosed how it could be easily bypassed by passing an extra path traversal when referencing mshtml but that issue has since been mitigated. However, the researcher discovered using multiple commas can also be used to achieve the bypass. This issue was addressed. The fix was short lived as the researcher found yet another third trivial bypass. Previously, the researcher disclosed 3 bypasses using rundll32 javascript, but this example leverages the VBSCRIPT and ActiveX engines.
59fee3164e2fd340144dd80b39280328ebce07f8d7f86686261fc6d4a98c71ebThis is additional research regarding a mitigation bypass in Windows Defender. Back in 2022, the researcher disclosed how it could be easily bypassed by passing an extra path traversal when referencing mshtml but that issue has since been mitigated. However, the researcher discovered using multiple commas can also be used to achieve the bypass. This issue was addressed. The fix was short lived as the researcher has found yet another third trivial bypass.
09eed6afe6c6a0d197c6fce088deb76b497d50bef2a85bdfb38c66cb355c03b0Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.
958bd5996f543d91779b1a4e7e952dcd7b0245fe82194202c3333a8f78795811This is additional research regarding a mitigation bypass in Windows Defender. Back in 2022, the researcher disclosed how it could be easily bypassed by passing an extra path traversal when referencing mshtml but that issue has since been mitigated. However, the researcher discovered using multiple commas can also be used to achieve the bypass.
e971dc3b534b295048fd3f54dd5db062074da676f542175f826bc2b31edb7eb1Sumatra PDF version 3.5.2 suffers from a DLL hijacking vulnerability.
260431c4bf718f16940d65c7a74690e935f1132e5750593158b7961d93c3e061Trojan.Win32 BankShot malware suffers from a buffer overflow vulnerability.
2b3c4192b5308c166c2374b9f23ce4208ceaa4819ae053e8b33695622996db4aTrojanSpy Win32 Nivdort malware suffers from an insecure permissions vulnerability.
07b40fbb6021397864a451ae058f9ce4a25bc6a349ce285a033ab5429f0d1070Predefined keys in the Microsoft Windows Registry may lead to confused deputy problems and local privilege escalation.
a4c3435d9c5e52f576c70ff4db3da2de108e219bbd349f1ce79de1a81c042945Backdoor.Win32 Carbanak (Anunak) malware creates 8 named pipes used for C2 and interprocess communications and grants RW access to the Everyone user group.
025b315fe5e6131bdb0582d4066dabd2e50db6a7fe60aaa367ddf178890a85fbGom Player version 2.3.92.5362 suffers from a dll hijacking vulnerability.
3b86a83865a5eabbeaa6e7374d0b4994c1e422270e96ab7244267a22d93adcafWireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.
9e3672be8c6caf9279a5a13582d6711ab699ae2a79323e92a99409c1ead98521When an unpatched Windows 11 host loads a theme file referencing an msstyles file, Windows loads the msstyles file, and if that file's PACKME_VERSION is 999, it then attempts to load an accompanying dll file ending in _vrf.dll. Before loading that file, it verifies that the file is signed. It does this by opening the file for reading and verifying the signature before opening the file for execution. Because this action is performed in two discrete operations, it opens the procedure for a time of check to time of use vulnerability. By embedding a UNC file path to an SMB server we control, the SMB server can serve a legitimate, signed dll when queried for the read, but then serve a different file of the same name when the host intends to load/execute the dll.
44f044cbc901c8010a0b6712cedc87c1cc39134506044dd22466b8aac564f4b8Any unprivileged, local user in Microsoft Windows can disclose whether a specific file, directory or registry key exists in the system or not, even if they do not have the open right to it or enumerate right to its parent.
eba081f5682137a596749db83d8591dfa5e5d9dffadba5ca011381bdd72018c4Prior work from this researcher disclosed how PowerShell executes unintended files or BASE64 code when processing specially crafted filenames. This research builds on their PSTrojanFile work, adding a PS command line single quote bypass and PS event logging failure. On Windows CL tab, completing a filename uses double quotes that can be leveraged to trigger arbitrary code execution. However, if the filename got wrapped in single quotes it failed, that is until now.
135e14fd69533eeb6ad57b35ae864360f36364f43f82818935023a4f7ee929caThe Microsoft Windows Kernel has an issue with bad locking in registry virtualization that can result in race conditions.
8cf51c7afd8e880ffabc644d09f791fed4bac36689d7102f629eb746b2c13124Red Hat Security Advisory 2023-7710-03 - An update for windows-machine-config-operator-bundle-container and windows-machine-config-operator-container is now available for Red Hat OpenShift Container Platform 4.12. Issues addressed include a privilege escalation vulnerability.
4e89f8f7651a9810f876dec5813ba86b156d36d066086078eef0b81450bd11fbRed Hat Security Advisory 2023-7709-03 - The components for Red Hat OpenShift for Windows Containers 8.1.1 are now available. This product release includes bug fixes and security updates for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle. Issues addressed include a privilege escalation vulnerability.
4b5eaf4b2fd61ddad5b506d12cbe3158e1fd3213f401166f513fa4b8226b9c80Red Hat Security Advisory 2023-7623-03 - Red Hat JBoss Web Server 5.7.7 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Windows Server. Issues addressed include denial of service and open redirection vulnerabilities.
9eeeb1d83f92911fcab08d74c3348b42f709ece879296718ea2e47b537942fbbThe Microsoft Windows Kernel has a time-of-check / time-of-use issue in verifying layered key security which may lead to information disclosure from privileged registry keys.
d827eb89d09814af2562b27f8d81aceb5f4a617c3fbb070846fd5b39ebfaa03eRed Hat Security Advisory 2023-7662-03 - An update for windows-machine-config-operator-bundle-container and windows-machine-config-operator-container is now available for Red Hat OpenShift Container Platform 4.11. Issues addressed include a privilege escalation vulnerability.
19acb4ebf134be7c4286bc8a2c4b51d0be3f892338bc35a1232128400bf11eff
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed