This advisory ties together older research on a contact file handling flaw on Microsoft Windows as well as recent research discovered that uses the same methodologies.
bd483c57b86b3adc56157efdf3dd779e6e9b6a498c944d78ee46fe9d56a01c00
When Microsoft released UTF-8 support for the -A interfaces of the Windows API, it appears to have introduced buffer overrun conditions.
fd54b53140cb0a9c16fc5520fcb15b03b3915d1e37bb7f97c426270dfbc79e9b
The Microsoft Windows kernel registry virtualization can be incompatible with transactions, leading to inconsistent hive state and memory corruption issues.
ad3989abfbd2b1064cf77a22452e621958457c972d00e1fb36536a6dcdb01abb
The Microsoft Windows kernel allows deletion of keys in virtualizable hives with KEY_READ and KEY_SET_VALUE access rights.
11325236787bd3fc6dfacb61396e8f2e5b81355ef8a0da87112e34d1821a1ad8
The Microsoft Windows kernel registry has a SID table poisoning problem that leads to bad locking and other issues.
c61efe9fac6bb66fd179b7a7a24132f82e660151050984d2cf1aae1c81d256ae
The Microsoft Windows kernel suffers from multiple security issues in the key replication feature of registry virtualization.
c3387e7bd189cc7e8d8449ad27e2b524a0fc939d2cc467c5961cc148cdbb9019
The Microsoft Windows kernel suffers from a use-after-free vulnerability due to a dangling registry link node under paged pool memory pressure.
54ec3add551cac7b508b2e8157d5a658c016115390f2b327d14cac78af270263
Microsoft Windows suffers from a kernel memory corruption due to an insufficient handling of predefined keys in registry virtualization.
ded3419927998aaa3da4fea3f80263227d729920c448e2a3cf6f50b41f8c867d
Red Hat Security Advisory 2022-9096-01 - Red Hat OpenShift support for Windows Containers allows you to deploy Windows container workloads running on Windows Server containers. Issues addressed include bypass and denial of service vulnerabilities.
373043494f5cbb3f8008959a5209879cea681b15be2c38e210b4ba4e9687c4a9
Razer Synapse version 3.7.0731.072516 suffers from a local privilege escalation due to a DLL hijacking vulnerability.
b44857059280bd0c0f9219f18143442834c6560bf766c7639b847e7be7cb3329
Red Hat Security Advisory 2023-0354-01 - The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. This release of the Red Hat build of OpenJDK 8 for Windows serves as a replacement for the Red Hat build of OpenJDK 8 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include a deserialization vulnerability.
bd7fde7e9fb387f3f5463e02c82d5237191b01e8597247e1b9e60d2c58ef2761
Red Hat Security Advisory 2023-0352-01 - The OpenJDK 17 packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. This release of the Red Hat build of OpenJDK 17 for Windows serves as a replacement for the Red Hat build of OpenJDK 17 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include a denial of service vulnerability.
cc5b3bb296ff18be41ec3ed8eba4d11cbc56a43d183fbc99cebb44507ea8a1b7
Red Hat Security Advisory 2023-0353-01 - The OpenJDK 11 packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. This release of the Red Hat build of OpenJDK 11 for Windows serves as a replacement for the Red Hat build of OpenJDK 11 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include a denial of service vulnerability.
16ca17574ea75dd4d41f107b809c981645c420bde5d5acbc6d88ccdb935a2980
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.
6c51e15bcc0afb93734e686dbff354ffd159f570bd2904bcbbad6f3feb7e9511
MIMEDefang is a flexible MIME email scanner designed to protect Windows clients from viruses. Includes the ability to do many other kinds of mail processing, such as replacing parts of messages with URLs. It can alter or delete various parts of a MIME message according to a very flexible configuration file. It can also bounce messages with unacceptable attachments. MIMEDefang works with the Sendmail 8.11 and newer "Milter" API, which makes it more flexible and efficient than procmail-based approaches.
af909e2c3b777831be989f9eaf0d395a85af9d54b4a69e906bbc7e2aabbd134d
The Windows Kernel suffers from a use-after-free vulnerability due to bad handling of predefined keys in NtNotifyChangeMultipleKeys.
e31318a053707141296573a167ad796cc33514ff394bc3820404fedfd9233256
SOUND4 Server Service version 4.1.102 suffers from an unquoted search path issue impacting the service SOUND4 Server for Windows. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.
0d1f43d038e2cabb1630fddce016ccf758ccc883097f7d7cdbcec19bc4cf8178
Backdoor.Win32.InCommander.17.b malware suffers from a hardcoded credential vulnerability.
099c10722a16f8ff775b1d257478160f16555c845382490673f316cc2a4f04e4
Trojan-Dropper.Win32.Decay.dxv (CyberGate 1.00.0) malware suffers from an insecure proprietary password encryption vulnerability.
327cdad4f54bb339def30383a6e9ad6ba1713e20fa30cdbaf1573da6857d4dfe
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.
f35915699f2f9b28ddb211202d40ec8984e5834d3c911483144a4984ba44411d
The HTTP server implemented in HTTP.SYS on Windows handles authentication in a system thread which bypasses PAC verification leading to escalation of privilege.
73ffca14ecbbd49fef40fa8d7691f553f1cd6ed289aaa1f61656fcd866416f5a
Drupal H5P Module versions 2.0.0 and below suffer from a traversal vulnerability when handling a zipped filename on windows.
29cd61d23f4b78dbb93cdc479cba570c70b094e72db31910170d0c3eb73d58f8
Backdoor.Win32.Delf.gj malware suffers from an information leakage vulnerability.
622118d5760b64ae86f8de28e2d430c1c15ec650e7c1db8f5920f134dd887c5e
Backdoor.Win32.Autocrat.b malware suffers from a weak hardcoded credential vulnerability.
d7a1dbe69c51797b7a119cf51d50bfdc0cf2f5d6383559a3c42e0b551d24f2ff
Win32.Ransom.Conti ransomware fails to encrypt non PE files that have a ".exe" in the filename. Creating specially crafted file names successfully evaded encryption for this malware sample.
d9c0e9406b722512df44cebb17c86eb5064420bbea72fa35eda62ac98a591282