This is additional research regarding a mitigation bypass in Windows Defender. Back in 2022, the researcher disclosed how it could be easily bypassed by passing an extra path traversal when referencing mshtml but that issue has since been mitigated. However, the researcher discovered using multiple commas can also be used to achieve the bypass. This issue was addressed. The fix was short lived as the researcher has found yet another third trivial bypass.
09eed6afe6c6a0d197c6fce088deb76b497d50bef2a85bdfb38c66cb355c03b0
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.
958bd5996f543d91779b1a4e7e952dcd7b0245fe82194202c3333a8f78795811
This is additional research regarding a mitigation bypass in Windows Defender. Back in 2022, the researcher disclosed how it could be easily bypassed by passing an extra path traversal when referencing mshtml but that issue has since been mitigated. However, the researcher discovered using multiple commas can also be used to achieve the bypass.
e971dc3b534b295048fd3f54dd5db062074da676f542175f826bc2b31edb7eb1
Sumatra PDF version 3.5.2 suffers from a DLL hijacking vulnerability.
260431c4bf718f16940d65c7a74690e935f1132e5750593158b7961d93c3e061
Trojan.Win32 BankShot malware suffers from a buffer overflow vulnerability.
2b3c4192b5308c166c2374b9f23ce4208ceaa4819ae053e8b33695622996db4a
TrojanSpy Win32 Nivdort malware suffers from an insecure permissions vulnerability.
07b40fbb6021397864a451ae058f9ce4a25bc6a349ce285a033ab5429f0d1070
Predefined keys in the Microsoft Windows Registry may lead to confused deputy problems and local privilege escalation.
a4c3435d9c5e52f576c70ff4db3da2de108e219bbd349f1ce79de1a81c042945
Backdoor.Win32 Carbanak (Anunak) malware creates 8 named pipes used for C2 and interprocess communications and grants RW access to the Everyone user group.
025b315fe5e6131bdb0582d4066dabd2e50db6a7fe60aaa367ddf178890a85fb
Gom Player version 2.3.92.5362 suffers from a dll hijacking vulnerability.
3b86a83865a5eabbeaa6e7374d0b4994c1e422270e96ab7244267a22d93adcaf
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.
9e3672be8c6caf9279a5a13582d6711ab699ae2a79323e92a99409c1ead98521
When an unpatched Windows 11 host loads a theme file referencing an msstyles file, Windows loads the msstyles file, and if that file's PACKME_VERSION is 999, it then attempts to load an accompanying dll file ending in _vrf.dll. Before loading that file, it verifies that the file is signed. It does this by opening the file for reading and verifying the signature before opening the file for execution. Because this action is performed in two discrete operations, it opens the procedure for a time of check to time of use vulnerability. By embedding a UNC file path to an SMB server we control, the SMB server can serve a legitimate, signed dll when queried for the read, but then serve a different file of the same name when the host intends to load/execute the dll.
44f044cbc901c8010a0b6712cedc87c1cc39134506044dd22466b8aac564f4b8
Any unprivileged, local user in Microsoft Windows can disclose whether a specific file, directory or registry key exists in the system or not, even if they do not have the open right to it or enumerate right to its parent.
eba081f5682137a596749db83d8591dfa5e5d9dffadba5ca011381bdd72018c4
Prior work from this researcher disclosed how PowerShell executes unintended files or BASE64 code when processing specially crafted filenames. This research builds on their PSTrojanFile work, adding a PS command line single quote bypass and PS event logging failure. On Windows CL tab, completing a filename uses double quotes that can be leveraged to trigger arbitrary code execution. However, if the filename got wrapped in single quotes it failed, that is until now.
135e14fd69533eeb6ad57b35ae864360f36364f43f82818935023a4f7ee929ca
The Microsoft Windows Kernel has an issue with bad locking in registry virtualization that can result in race conditions.
8cf51c7afd8e880ffabc644d09f791fed4bac36689d7102f629eb746b2c13124
Red Hat Security Advisory 2023-7710-03 - An update for windows-machine-config-operator-bundle-container and windows-machine-config-operator-container is now available for Red Hat OpenShift Container Platform 4.12. Issues addressed include a privilege escalation vulnerability.
4e89f8f7651a9810f876dec5813ba86b156d36d066086078eef0b81450bd11fb
Red Hat Security Advisory 2023-7709-03 - The components for Red Hat OpenShift for Windows Containers 8.1.1 are now available. This product release includes bug fixes and security updates for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle. Issues addressed include a privilege escalation vulnerability.
4b5eaf4b2fd61ddad5b506d12cbe3158e1fd3213f401166f513fa4b8226b9c80
Red Hat Security Advisory 2023-7623-03 - Red Hat JBoss Web Server 5.7.7 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Windows Server. Issues addressed include denial of service and open redirection vulnerabilities.
9eeeb1d83f92911fcab08d74c3348b42f709ece879296718ea2e47b537942fbb
The Microsoft Windows Kernel has a time-of-check / time-of-use issue in verifying layered key security which may lead to information disclosure from privileged registry keys.
d827eb89d09814af2562b27f8d81aceb5f4a617c3fbb070846fd5b39ebfaa03e
Red Hat Security Advisory 2023-7662-03 - An update for windows-machine-config-operator-bundle-container and windows-machine-config-operator-container is now available for Red Hat OpenShift Container Platform 4.11. Issues addressed include a privilege escalation vulnerability.
19acb4ebf134be7c4286bc8a2c4b51d0be3f892338bc35a1232128400bf11eff
Red Hat Security Advisory 2023-7515-01 - The components for Red Hat OpenShift for Windows Containers 9.0.0 are now available. This product release includes bug fixes and security updates for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle. Issues addressed include a privilege escalation vulnerability.
22fd27567fa73b0487fa3e141834c87327890531494fe84f9dc73b1c9657ef21
Webfwlog is a Web-based firewall log reporting and analysis tool. It allows users to design reports to use on logged firewall data in whatever configuration they desire. Included are sample reports as a starting point. Reports can be sorted with a single click, or "drilled-down" all the way to the packet level, and saved for later use. Supported log formats are netfilter, ipfilter, ipfw, ipchains, and Windows XP. Netfilter support includes ulogd MySQL or PostgreSQL database logs using the iptables ULOG target.
724c22317e7ce1e7013ae1b752c091860a18eae1c3aa2a3edb49c88616e8824b
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.
0e428492f4c3625d61a7ccff008dc0e429d16ab8caccad4403157ea92b48a75b
EzViz Studio version 2.2.0 suffers from a dll hijacking vulnerability.
d6647010f93e517c65461fc94e2488783e4a7647feb496353818cb592c2d1194
The Microsoft Windows kernel suffers from a containerized registry escape through integer overflows in VrpBuildKeyPath and other weaknesses.
c1feae840787713bb89848cc8ba310ff0f5a1d43e23d59e1de207223ba6d1278
Red Hat Security Advisory 2023-6207-01 - Red Hat JBoss Web Server 5.7.6 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Windows Server. Issues addressed include an information leakage vulnerability.
abfe353a4153220478a12ebf4190e605d9fd486499b64472429d468325c61d7b