Targeted Attacks against Banks in the Middle East

UPDATE Dec. 8, 2017: We now attribute this campaign to APT34, a suspected Iranian cyber espionage threat group that we believe has been active since at least 2014. Learn more about APT34 and their late 2017 targeting of a government organization in the Middle East. Introduction In the first week ...

Microsoft Windows Graphics Component Information Disclosure Vulnerability (CNVD-2016-03116)

Microsoft Windows is a series of operating systems released by Microsoft Corporation in the U.S. Graphics is one of the graphics components. An information leakage vulnerability exists in the Microsoft Windows GDI component, which arises from the program not properly disclosing the contents of...

Microsoft Windows DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability

Microsoft Windows is a series of operating systems released by the American company Microsoft. An elevation of privilege vulnerability exists in the Microsoft Windows DirectX graphics kernel subsystem dxgkrnl.sys, which arises from a program that fails to properly handle objects in memory and...

CVE-2016-1056

Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different...

The vulnerability of the Windows operating system, which allows a perpetrator to obtain confidential information

The vulnerability of the Hyper-V hardware virtualization technology in the Windows operating system is related to the lack of protection for service data. Exploiting this vulnerability can allow an attacker, operating locally, to obtain confidential information through a specially created...

Vulnerability of the Windows operating system, allowing a perpetrator to execute arbitrary code

The vulnerability of the Hyper-V hardware virtualization technology in the Windows operating system is related to lack of access control mechanisms. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially created application...

Microsoft Windows Assisted Login Privilege Elevation Vulnerability (CNVD-2016-02248)

Microsoft Windows is a series of operating systems released by Microsoft Corporation in the U.S. Secondary Logon Service is one of the secondary logon services. An elevation of privilege vulnerability exists in the Secondary Logon Service service in Microsoft Windows 10 Gold and 1511, which stems...

Microsoft Internet Explorer DLL Loading Remote Code Execution Vulnerability

Microsoft Internet Explorer IE is a Web browser developed by the American company Microsoft and is the default browser that comes with the Windows operating system. A remote code execution vulnerability exists in Microsoft IE version 11, which originates from a program that fails to properly...

PT-2016-1675 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Microsoft Windows affected versions not specified Description: The issue is related to a lack of access control in the Windows operating system kernel mode driver, which can be exploited by a local attacker to elevate privileges using a...

The vulnerability of the Windows operating system, which allows a hacker to increase their privileges

The vulnerability of the Windows operating system’s kernel mode driver is related to deficiencies in access control for certain functions. Exploiting this vulnerability can allow a local attacker to enhance their privileges through a specially created application...

Vulnerability of the Windows operating system, allowing a perpetrator to execute arbitrary code

The vulnerability of the OLE component in the Windows operating system exists due to insufficient checking of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted file...

The vulnerability of the Windows operating system, which allows a hacker to increase their privileges

The vulnerability of the Windows operating system’s kernel mode driver is related to deficiencies in access control for certain functions. Exploiting this vulnerability can allow a local attacker to enhance their privileges through a specially created application...

Microsoft Internet Explorer Memory Corruption Vulnerability (CNVD-2016-01530)

Microsoft Internet Explorer IE is a Web browser developed by the American company Microsoft and is the default browser that comes with the Windows operating system. A remote code execution vulnerability exists in Microsoft IE versions 9 through 11. Due to the program failing to properly access...

The vulnerability of the Windows operating system and the Internet Explorer browser allows attackers to increase their privileges.

The vulnerability of the Windows operating system and the Internet Explorer browser is related to errors in library loading. Exploiting this vulnerability can allow an attacker, operating locally, to increase their privileges through a specially created application...

The vulnerability of the Windows operating system, which allows a perpetrator to trigger a service failure

The vulnerability of the Sync Framework component of the Windows operating system exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures using specially crafted data...

The vulnerability of the Windows operating system, which allows a perpetrator to trigger a service failure

The vulnerability of the authentication mechanism based on forms in the ADFS component of the Windows operating system exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures using specially...

The vulnerability of the Windows operating system, which allows a perpetrator to trigger a service failure

The vulnerability of the Network Policy Server component of the Windows operating system exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service interruptions through specially crafted requests...

The vulnerability of the Windows operating system, which allows a perpetrator to bypass the authentication process

The vulnerability of the Kerberos component of the Windows operating system is related to errors in managing registration data. Exploiting this vulnerability can allow a malicious actor to bypass authentication procedures locally...

CVE-2016-0042

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka "Windows DLL Loading Remote...

CVE-2016-0041

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold and 1511, and Internet Explorer 10 and 11 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka...