CVE-2022-48223

An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. During SDK repair, certutil.exe is called by the Acuant installer to repair certificates. This call is vulnerable to DLL hijacking due to a race condition and insecure permissions on the executing directory...

Privilege escalation

An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. During SDK installation, certutil.exe is called by the Acuant installer to install certificates. This window is not hidden, and is running with elevated privileges. A standard user can break out of this window, obtaining a full...

CVE-2022-48223

Summary (CVE-2022-48223): A DLL hijacking race condition in Acuant AcuFill SDK (pre-10.22.02.03) during certificate repair via certutil.exe called by the installer. Causes insecure permissions on the executing directory, enabling potential unauthorized code execution or data compromise. Impact de...

CVE-2022-48223

An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. During SDK repair, certutil.exe is called by the Acuant installer to repair certificates. This call is vulnerable to DLL hijacking due to a race condition and insecure permissions on the executing directory...

CVE-2022-48222

An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. During SDK installation, certutil.exe is called by the Acuant installer to install certificates. This window is not hidden, and is running with elevated privileges. A standard user can break out of this window, obtaining a full...

PowerShell: In-Memory Injection Using CertUtil.exe

Have you ever heard the old saying," The only constant in life is change?" Nothing is truer in the world of penetration testing and information security than the certainty of change. New defenses are always emerging, and the guys and gals in the red team game are always having to evolve our effor...

Gandcrab Ransomware Walks its Way onto Compromised Sites

This blog post authored by Nick Biasini with contributions from Nick Lister and Christopher Marczewski. Despite the recent decline in the prevalence of ransomware in the threat landscape, Cisco Talos has been monitoring the now widely distributed ransomware called Gandcrab. Gandcrab uses both...

June 13, 2017 - KB4022714 (OS Build 10586.962)

June 13, 2017 - KB4022714 OS Build 10586.962 Improvements and fixes This security update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addressed issue where, after installing KB3164035, users cannot print enhanced metafil...

Microsoft Windows Multiple Vulnerabilities (KB4022727)

This host is missing a critical security update according to Microsoft KB4022727 SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GlassWire: GlassWireSetup.exe subject to EXE planting attack

GlassWire recently fixed a DLL hijacking attack whereby trojan DLLs would be loaded from the user's \Downloads\ folder. However, it appears that GlasswireSetup.exe still uses an unqualified path when running CertUtil.exe and as a consequence a trojaned CertUtil.exe will execute from the \Download...