“Seven or eight” zero-days: The failed race to fix Kaseya VSA, with Victor Gevers, Lock and Code S02E13

Kaseya VSA included at least “seven or eight” privately known zero-day vulnerabilities before it suffered a widespread ransomware attack that impacted hundreds of businesses, said Victor Gevers, chair of the Dutch Institute for Vulnerability Disclosure, or DIVD, a volunteer-run organization that...

redpill

This is a PowerShell module repository called "redpill" that provides various post-exploitation tools for Windows systems. The repository contains several scripts that can be used to perform different tasks such as: Bypassing AppLocker restrictions Hijacking browser cookies Downloading and...

CVE-2021-34464

Microsoft Defender Remote Code Execution Vulnerability...

Remote code execution

Microsoft Defender Remote Code Execution Vulnerability...

CVE-2021-34464 Microsoft Defender Remote Code Execution Vulnerability

...

CVE-2021-34464

CVE-2021-34464 affects the Microsoft Windows Defender Malware Protection Engine (Windows Defender) and is a remote code execution vulnerability in that engine. The OpenVAS/Nessus entries describe multiple RCE vulnerabilities in the Defender/Malware Protection Engine, with exploitation leading to ...

Security Update for Windows Defender (July 2021)

The Malware Protection Engine version of Microsoft Windows Defender installed on the remote Windows host is prior to 1.1.18242.0. It is, therefore, affected by multiple remote code execution vulnerabilities. An attacker can exploit one of these vulnerabilities to bypass authentication and execute...

CVE-2021-34522

Microsoft Defender Remote Code Execution Vulnerability...

CVE-2021-34522

Microsoft Defender Remote Code Execution Vulnerability...

Remote code execution

Microsoft Defender Remote Code Execution Vulnerability...

CVE-2021-34522 Microsoft Defender Remote Code Execution Vulnerability

...

CVE-2021-34522

CVE-2021-34522 is a Microsoft Defender vulnerability in the Microsoft Malware Protection Engine used by Windows Defender. Reports describe it as a Remote Code Execution issue with a local attack vector and high impact on confidentiality, integrity, and availability. Exploitation is conditioned on...

Microsoft delivers comprehensive solution to battle rise in consent phishing emails

Microsoft threat analysts are tracking a continued increase in consent phishing emails, also called illicit consent grants, that abuse OAuth request links in an attempt to trick recipients into granting attacker-owned apps permissions to access sensitive data. This blog offers a look into the...

Microsoft delivers comprehensive solution to battle rise in consent phishing emails

Microsoft threat analysts are tracking a continued increase in consent phishing emails, also called illicit consent grants, that abuse OAuth request links in an attempt to trick recipients into granting attacker-owned apps permissions to access sensitive data. This blog offers a look into the...

Microsoft discovers threat actor targeting SolarWinds Serv-U software with 0-day exploit

Microsoft has detected a 0-day remote code execution exploit being used to attack SolarWinds Serv-U FTP software in limited and targeted attacks. The Microsoft Threat Intelligence Center MSTIC attributes this campaign with high confidence to DEV-0322, a group operating out of China, based on...

Microsoft discovers threat actor targeting SolarWinds Serv-U software with 0-day exploit

Microsoft has detected a 0-day remote code execution exploit being used to attack SolarWinds Serv-U FTP software in limited and targeted attacks. The Microsoft Threat Intelligence Center MSTIC attributes this campaign with high confidence to DEV-0322, a group operating out of China, based on...

Microsoft Crushes 116 Bugs, Three Actively Exploited

Three bugs under active exploit were squashed by Microsoft Tuesday, part of its July security roundup of fixes for Windows, Microsoft Office, SharePoint Server and Exchange Server. In all, Microsoft patched 116 bugs. Twelve bugs are rated critical, 103 rated important and one classified as modera...

Microsoft Defender Remote Code Execution Vulnerability

...

Microsoft Defender Remote Code Execution Vulnerability

...

Microsoft Windows Defender 代码注入漏洞

Microsoft Windows Defender is a suite of antivirus software that comes with Windows systems from Microsoft Corporation USA. A code injection vulnerability exists in Microsoft Windows Defender. The following products and versions are affected: Microsoft Malware Protection Engine...