6 matches found
Plex Media Server < 1.18.2 Privilege Escalation
According to its self-reported version number, the version of Plex Media Server installed on the remote Windows host is prior to 1.18.2. It is, therefore, affected by a local privilege escalation vulnerability. The vulnerability exists in the Plex Update Service due to exposed functionality over ...
Microsoft Windows Text Services Framework MSCTF - Multiple Vulnerabilities
The msctf subsystem is part of the Text Services Framework, The TSF manages things like input methods, keyboard layouts, text processing and so on. There are two main components, the ctfmon server and the msctf client. The ctfmon service creates an ALPC port in a well known location, to which...
Microsoft Windows 10 19031809 - RPCSS Activation Kernel Security Callback Privilege Escalation
Microsoft Windows 10 19031809 - RPCSS Activation Kernel Security Callback Privilege Escalation Windows: RPCSS Activation Kernel Security Callback EoP Platform: Windows 10 1903/1809 not tested earlier Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User...
Microsoft Windows 10 1809 / 1709 - CSRSS SxSSrv Cached Manifest Privilege Escalation
Windows: CSRSS SxSSrv Cached Manifest EoP Platform: Windows 10 1809, 1709 Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary and others Summary: The SxS manifest cache in CSRSS uses a weak key allowing an attacker to fill a cache entry for a syste...
Microsoft Windows 10 1809 1709 - CSRSS SxSSrv Cached Manifest Privilege Escalation
Microsoft Windows 10 1809 1709 - CSRSS SxSSrv Cached Manifest Privilege Escalation Windows: CSRSS SxSSrv Cached Manifest EoP Platform: Windows 10 1809, 1709 Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary and others Summary: The SxS manifest...
Monitoring Windows Console Activity (Part 1)
Introduction While performing incident response, Mandiant encounters attackers actively using systems on a compromised network. This activity often includes using interactive console programs via RDP such as the command prompt, PowerShell, and sometimes custom command and control C2 console tools...