This is additional research regarding a mitigation bypass in Windows Defender. Back in 2022, the researcher disclosed how it could be easily bypassed by passing an extra path traversal when referencing mshtml but that issue has since been mitigated. However, the researcher discovered using multiple commas can also be used to achieve the bypass. This issue was addressed. The fix was short lived as the researcher has found yet another third trivial bypass.
09eed6afe6c6a0d197c6fce088deb76b497d50bef2a85bdfb38c66cb355c03b0Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.
958bd5996f543d91779b1a4e7e952dcd7b0245fe82194202c3333a8f78795811This is additional research regarding a mitigation bypass in Windows Defender. Back in 2022, the researcher disclosed how it could be easily bypassed by passing an extra path traversal when referencing mshtml but that issue has since been mitigated. However, the researcher discovered using multiple commas can also be used to achieve the bypass.
e971dc3b534b295048fd3f54dd5db062074da676f542175f826bc2b31edb7eb1Sumatra PDF version 3.5.2 suffers from a DLL hijacking vulnerability.
260431c4bf718f16940d65c7a74690e935f1132e5750593158b7961d93c3e061Trojan.Win32 BankShot malware suffers from a buffer overflow vulnerability.
2b3c4192b5308c166c2374b9f23ce4208ceaa4819ae053e8b33695622996db4aTrojanSpy Win32 Nivdort malware suffers from an insecure permissions vulnerability.
07b40fbb6021397864a451ae058f9ce4a25bc6a349ce285a033ab5429f0d1070Predefined keys in the Microsoft Windows Registry may lead to confused deputy problems and local privilege escalation.
a4c3435d9c5e52f576c70ff4db3da2de108e219bbd349f1ce79de1a81c042945Backdoor.Win32 Carbanak (Anunak) malware creates 8 named pipes used for C2 and interprocess communications and grants RW access to the Everyone user group.
025b315fe5e6131bdb0582d4066dabd2e50db6a7fe60aaa367ddf178890a85fbGom Player version 2.3.92.5362 suffers from a dll hijacking vulnerability.
3b86a83865a5eabbeaa6e7374d0b4994c1e422270e96ab7244267a22d93adcafWireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.
9e3672be8c6caf9279a5a13582d6711ab699ae2a79323e92a99409c1ead98521When an unpatched Windows 11 host loads a theme file referencing an msstyles file, Windows loads the msstyles file, and if that file's PACKME_VERSION is 999, it then attempts to load an accompanying dll file ending in _vrf.dll. Before loading that file, it verifies that the file is signed. It does this by opening the file for reading and verifying the signature before opening the file for execution. Because this action is performed in two discrete operations, it opens the procedure for a time of check to time of use vulnerability. By embedding a UNC file path to an SMB server we control, the SMB server can serve a legitimate, signed dll when queried for the read, but then serve a different file of the same name when the host intends to load/execute the dll.
44f044cbc901c8010a0b6712cedc87c1cc39134506044dd22466b8aac564f4b8Any unprivileged, local user in Microsoft Windows can disclose whether a specific file, directory or registry key exists in the system or not, even if they do not have the open right to it or enumerate right to its parent.
eba081f5682137a596749db83d8591dfa5e5d9dffadba5ca011381bdd72018c4Prior work from this researcher disclosed how PowerShell executes unintended files or BASE64 code when processing specially crafted filenames. This research builds on their PSTrojanFile work, adding a PS command line single quote bypass and PS event logging failure. On Windows CL tab, completing a filename uses double quotes that can be leveraged to trigger arbitrary code execution. However, if the filename got wrapped in single quotes it failed, that is until now.
135e14fd69533eeb6ad57b35ae864360f36364f43f82818935023a4f7ee929caThe Microsoft Windows Kernel has an issue with bad locking in registry virtualization that can result in race conditions.
8cf51c7afd8e880ffabc644d09f791fed4bac36689d7102f629eb746b2c13124Red Hat Security Advisory 2023-7710-03 - An update for windows-machine-config-operator-bundle-container and windows-machine-config-operator-container is now available for Red Hat OpenShift Container Platform 4.12. Issues addressed include a privilege escalation vulnerability.
4e89f8f7651a9810f876dec5813ba86b156d36d066086078eef0b81450bd11fbRed Hat Security Advisory 2023-7709-03 - The components for Red Hat OpenShift for Windows Containers 8.1.1 are now available. This product release includes bug fixes and security updates for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle. Issues addressed include a privilege escalation vulnerability.
4b5eaf4b2fd61ddad5b506d12cbe3158e1fd3213f401166f513fa4b8226b9c80Red Hat Security Advisory 2023-7623-03 - Red Hat JBoss Web Server 5.7.7 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Windows Server. Issues addressed include denial of service and open redirection vulnerabilities.
9eeeb1d83f92911fcab08d74c3348b42f709ece879296718ea2e47b537942fbbThe Microsoft Windows Kernel has a time-of-check / time-of-use issue in verifying layered key security which may lead to information disclosure from privileged registry keys.
d827eb89d09814af2562b27f8d81aceb5f4a617c3fbb070846fd5b39ebfaa03eRed Hat Security Advisory 2023-7662-03 - An update for windows-machine-config-operator-bundle-container and windows-machine-config-operator-container is now available for Red Hat OpenShift Container Platform 4.11. Issues addressed include a privilege escalation vulnerability.
19acb4ebf134be7c4286bc8a2c4b51d0be3f892338bc35a1232128400bf11effRed Hat Security Advisory 2023-7515-01 - The components for Red Hat OpenShift for Windows Containers 9.0.0 are now available. This product release includes bug fixes and security updates for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle. Issues addressed include a privilege escalation vulnerability.
22fd27567fa73b0487fa3e141834c87327890531494fe84f9dc73b1c9657ef21Webfwlog is a Web-based firewall log reporting and analysis tool. It allows users to design reports to use on logged firewall data in whatever configuration they desire. Included are sample reports as a starting point. Reports can be sorted with a single click, or "drilled-down" all the way to the packet level, and saved for later use. Supported log formats are netfilter, ipfilter, ipfw, ipchains, and Windows XP. Netfilter support includes ulogd MySQL or PostgreSQL database logs using the iptables ULOG target.
724c22317e7ce1e7013ae1b752c091860a18eae1c3aa2a3edb49c88616e8824bWireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.
0e428492f4c3625d61a7ccff008dc0e429d16ab8caccad4403157ea92b48a75bEzViz Studio version 2.2.0 suffers from a dll hijacking vulnerability.
d6647010f93e517c65461fc94e2488783e4a7647feb496353818cb592c2d1194The Microsoft Windows kernel suffers from a containerized registry escape through integer overflows in VrpBuildKeyPath and other weaknesses.
c1feae840787713bb89848cc8ba310ff0f5a1d43e23d59e1de207223ba6d1278Red Hat Security Advisory 2023-6207-01 - Red Hat JBoss Web Server 5.7.6 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Windows Server. Issues addressed include an information leakage vulnerability.
abfe353a4153220478a12ebf4190e605d9fd486499b64472429d468325c61d7b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed