Lucene search
K

12 matches found

The Hacker News
The Hacker News
added 2023/06/23 9:13 a.m.80 views

NSA Releases Guide to Combat Powerful BlackLotus Bootkit Targeting Windows Systems

The U.S. National Security Agency NSA on Thursday released guidance to help organizations detect and prevent infections of a Unified Extensible Firmware Interface UEFI bootkit called BlackLotus. To that end, the agency is recommending that "infrastructure owners take action by hardening user...

6.7CVSS5.3AI score0.10561EPSS
Exploits1
Microsoft Secure
Microsoft Secure
added 2023/04/11 5:0 p.m.62 views

Guidance for investigating attacks using CVE-2022-21894: The BlackLotus campaign

This guide provides steps that organizations can take to assess whether users have been targeted or compromised by threat actors exploiting CVE-2022-21894 via a Unified Extensible Firmware Interface UEFI bootkit called BlackLotus. UEFI bootkits are particularly dangerous as they run at computer...

4.9CVSS7.1AI score0.06567EPSS
Exploits1
GithubExploit
GithubExploit
added 2022/08/18 11:45 p.m.117 views

Exploit for Incorrect Authorization in Microsoft

PoC exploit for CVE-2022-21894, a vulnerability in a Windows ker...

4.9CVSS7.2AI score0.06567EPSS
Exploits1
Circl
Circl
added 2022/01/12 12:17 a.m.36 views

CVE-2022-21894

creationtimestamp| type| source ---|---|--- 2022-01-12 00:17:56+00:00| seen| https://t.me/cibsecurity/35295 2022-08-18 13:42:44+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/2984 2022-08-18 15:53:26+00:00| seen| https://t.me/crackcodes/1040 2022-08-18 15:56:07+00:00| seen|...

4.9CVSS6.4AI score0.06567EPSS
Exploits1References19
OSV
OSV
added 2022/01/11 9:15 p.m.2 views

CVE-2022-21894

Secure Boot Security Feature Bypass Vulnerability...

4.4CVSS7.3AI score0.06567EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/01/11 9:15 p.m.458 views

CVE-2022-21894

Secure Boot Security Feature Bypass Vulnerability...

4.9CVSS6.3AI score0.06567EPSS
In wildExploits1References4Affected Software19
Vulnrichment
Vulnrichment
added 2022/01/11 8:22 p.m.23 views

CVE-2022-21894 Secure Boot Security Feature Bypass Vulnerability

...

4.4CVSS7.1AI score0.06567EPSS
Exploits1References1
CVE
CVE
added 2022/01/11 8:22 p.m.403 views

CVE-2022-21894

CVE-2022-21894 is a Secure Boot security feature bypass exploited by the BlackLotus UEFI bootkit. It bypasses Secure Boot to load malicious EFI components, enabling persistence, disabling HVCI and Defender, and prior to OS load. Attack requires elevated privileges or physical access; bootkit impl...

4.9CVSS6.2AI score0.06567EPSS
In wildExploits1References2Affected Software7
Cvelist
Cvelist
added 2022/01/11 8:22 p.m.43 views

CVE-2022-21894 Secure Boot Security Feature Bypass Vulnerability

...

4.4CVSS7.1AI score0.06567EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2022/01/11 12:0 a.m.96 views

KB5009595: Windows 8.1 and Windows Server 2012 R2 Security Updates (January 2022)

The remote Windows host is missing security update 5009595 or cumulative update 5009624. It is, therefore, affected by multiple vulnerabilities: - A denial of service DoS vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services...

9.3CVSS7.9AI score0.25019EPSS
Exploits3References54
Tenable Nessus
Tenable Nessus
added 2022/01/11 12:0 a.m.52 views

KB5009543: Windows 10 Version 20H2 / 21H1 / 21H2 Security Update (January 2022)

The remote Windows host is missing security update 5009543. It is, therefore, affected by multiple vulnerabilities: - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. CVE-2022-21849, CVE-2022-21850,...

10CVSS7.8AI score0.9279EPSS
Exploits33References82
Tenable Nessus
Tenable Nessus
added 2022/01/11 12:0 a.m.98 views

KB5009557: Windows 10 Version 1809 and Windows Server 2019 Security Update (January 2022)

The remote Windows host is missing security update 5009557. It is, therefore, affected by multiple vulnerabilities: - A session spoofing vulnerability exists. An attacker can exploit this to perform actions with the privileges of another user. CVE-2022-21836 - A denial of service DoS vulnerabilit...

10CVSS7.8AI score0.9279EPSS
Exploits33References83
Rows per page
Query Builder