EUVD-2011-0114

Malware in sbrugna...

Windows CLFS and five exploits used by ransomware operators

In April 2023, we published a blog post about a zero-day exploit we discovered in ransomware attacks that was patched as CVE-2023-28252 after we promptly reported it to Microsoft. In that blog post, we mentioned that the zero-day exploit we discovered was very similar to other Microsoft Windows...

The Bug Report – October Edition

ARCHIVED STORY The Bug Report – October Edition By Douglas McKee · November 02, 2021 Your Cyber Security Comic Relief Figure 1. Apache server version 2.4.50 CVE-2021-42013 Why am I here? Regardless of the origins, you’ve arrived at Advanced Threat Research team’s monthly bug digest – an overview ...

The Bug Report – October Edition

ARCHIVED STORY The Bug Report – October Edition By Douglas McKee · November 02, 2021 Your Cyber Security Comic Relief Figure 1. Apache server version 2.4.50 CVE-2021-42013 Why am I here? Regardless of the origins, you’ve arrived at Advanced Threat Research team’s monthly bug digest – an overview ...

Security News: Microsoft Patch Tuesday October 2021, Autodiscover, MysterySnail, Exchange, DNS, Apache, HAProxy, VMware vCenter, Moodle

Hello everyone! This episode will be about relatively recent critical vulnerabilities. Lets start with Microsoft Patch Tuesday for October 2021. Specifically, with the vulnerability that I expected there, but it didnt get there. Autodiscover leak discovered by Guardicore Labs "Autodiscover, a...

Microsoft Windows Kernel 'Win32k.sys' local elevation of privilege vulnerability (CNVD-2016-09367)

Microsoft Windows is the popular computer operating system. An elevation of privilege vulnerability exists when the Microsoft kernel mode driver does not properly handle memory objects. This could allow an attacker to run arbitrary code in kernel mode...

Microsoft Windows Kernel Mode Driver Information Disclosure Vulnerability (CNVD-2015-03066)

Microsoft Windows is a popular operating system. An unspecified security vulnerability in Microsoft Windows Win32k.sys allows local attackers to exploit the vulnerability to build special applications that run on the system to obtain kernel memory information...

VulnCheck KEV: CVE-2015-1701

An unspecified vulnerability exists in the Win32k.sys kernel-mode driver in Microsoft Windows Server that allows a local attacker to execute arbitrary code with elevated privileges...

PT-2014-1733 · Microsoft · Windows 8 +8

Name of the Vulnerable Software and Affected Versions: Microsoft Windows versions prior to the fixed version Windows Server 2003 SP2 Windows Vista SP2 Windows Server 2008 SP2 and R2 SP1 Windows 7 SP1 Windows 8 Windows 8.1 Windows Server 2012 Gold and R2 Windows RT Gold and 8.1 Description: The...

PT-2013-3100 · Microsoft · Windows Xp +8

Name of the Vulnerable Software and Affected Versions: Windows XP versions SP2 and SP3 Windows Server 2003 version SP2 Windows Vista version SP2 Windows Server 2008 versions SP2 and R2 SP1 Windows 7 version SP1 Windows 8 Windows Server 2012 Windows RT Description: The issue arises from the improp...

PT-2013-3027 · Microsoft · Windows Server 2003 +4

Name of the Vulnerable Software and Affected Versions: Microsoft Windows XP versions SP2 through SP3 Microsoft Windows Server 2003 version SP2 Microsoft Windows Vista version SP2 Microsoft Windows Server 2008 versions SP2 through R2 SP1 Microsoft Windows 7 versions Gold through SP1 Description: A...

PT-2013-3011 · Microsoft · Windows Server 2003 +4

Name of the Vulnerable Software and Affected Versions: Microsoft Windows XP versions SP2 through SP3 Microsoft Windows Server 2003 version SP2 Microsoft Windows Vista version SP2 Microsoft Windows Server 2008 versions SP2 through R2 SP1 Microsoft Windows 7 versions Gold through SP1 Description: A...

PT-2013-3035 · Microsoft · Windows Server 2003 +4

Name of the Vulnerable Software and Affected Versions: Microsoft Windows XP versions SP2 through SP3 Microsoft Windows Server 2003 version SP2 Microsoft Windows Vista version SP2 Microsoft Windows Server 2008 versions SP2 through R2 SP1 Microsoft Windows 7 versions Gold through SP1 Description: A...

PT-2013-3015 · Microsoft · Windows Server 2003 +4

Name of the Vulnerable Software and Affected Versions: Microsoft Windows XP versions SP2 through SP3 Microsoft Windows Server 2003 version SP2 Microsoft Windows Vista version SP2 Microsoft Windows Server 2008 versions SP2 through R2 SP1 Microsoft Windows 7 versions Gold through SP1 Description: A...

PT-2011-3525 · Microsoft · Windows Server 2003 +5

Name of the Vulnerable Software and Affected Versions: Windows XP versions SP2 and SP3 Windows Server 2003 version SP2 Windows Vista version SP2 Windows Server 2008 versions SP2, R2, and R2 SP1 Windows 7 versions Gold and SP1 Description: The issue arises from improper validation of user-mode inp...

PT-2011-2542 · Microsoft · Windows Server 2003 +4

Name of the Vulnerable Software and Affected Versions: Microsoft Windows XP versions SP2 through SP3 Microsoft Windows Server 2003 version SP2 Microsoft Windows Vista versions SP1 through SP2 Microsoft Windows Server 2008 versions Gold through R2 SP1 Microsoft Windows 7 versions Gold through SP1...

Microsoft Windows Win32k Improper User Input Validation (MS11-012; CVE-2011-0086)

The Windows kernel-mode driver win32k.sys is a kernel-mode device driver and is the kernel part of the Windows subsystem. It contains the window manager and the Graphics Device Interface GDI. It also serves as a wrapper for DirectX support. An elevation of privilege vulnerability has been...

PT-2011-2080 · Microsoft · Windows Server 2003 +5

Name of the Vulnerable Software and Affected Versions: Windows XP versions SP2 and SP3 Windows Server 2003 version SP2 Windows Vista versions SP1 and SP2 Windows Server 2008 versions Gold, SP2, and R2 Windows 7 affected versions not specified Description: The issue is related to the improper...

PT-2011-2078 · Microsoft · Windows Server 2003 +5

Name of the Vulnerable Software and Affected Versions: Windows XP versions SP2 through SP3 Windows Server 2003 version SP2 Windows Vista versions SP1 through SP2 Windows Server 2008 versions Gold through SP2 and R2 Windows 7 affected versions not specified Description: The issue arises from...

Microsoft Windows Win32k内核态驱动本地权限提升（MS09-065）

BUGTRAQ ID: 36939,36941 CVE ID: CVE-2009-1127,CVE-2009-2513 Microsoft Windows是微软发布的非常流行的操作系统。 Windows系统中的Win32k内核态驱动（Win32k.sys）没有正确地验证传送给Windows内核系统调用的参数，以及用户态通过GDI内核组件所传送的输入。拥有有效的登录凭据且能够本地登录的攻击者可以利用这些漏洞执行任意内核态代码。 Microsoft Windows XP SP3 Microsoft Windows XP SP2 Microsoft Windows Vista SP2...