EUVD-2024-19140

Malicious code in bioql PyPI...

Exploit for Untrusted Pointer Dereference in Microsoft

CVE-2024-21338 Local Privilege Escalation from Admin to Kernel...

Exploit for Untrusted Pointer Dereference in Microsoft

CVE-2024-21338 Local Privilege Escalation from Admin to Kernel...

CVE-2024-21431

CVE-2024-21431 is a Microsoft Windows vulnerability titled “Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability.” Connected sources identify this as a local, high-severity issue affecting the HVCI mechanism, with a CVSS score in the high range (confidentiality, integr...

CVE-2024-21431 Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability

...

Security feature bypass

Hypervisor-Protected Code Integrity HVCI Security Feature Bypass Vulnerability...

CVE-2024-21305

CVE-2024-21305 is a Hypervisor-Protected Code Integrity (HVCI) security feature bypass affecting Windows; the CVE entry notes a local attack surface with high privileges required and no user interaction (per CVSS details). Connected Microsoft documentation confirms the vulnerability and lists it ...

Exploit for Incorrect Permission Assignment for Critical Resource in Microsoft

CVE-2024-21305 This repo contains the report and PoC of CVE-...

Guidance for investigating attacks using CVE-2022-21894: The BlackLotus campaign

This guide provides steps that organizations can take to assess whether users have been targeted or compromised by threat actors exploiting CVE-2022-21894 via a Unified Extensible Firmware Interface UEFI bootkit called BlackLotus. UEFI bootkits are particularly dangerous as they run at computer...

Guidance for investigating attacks using CVE-2022-21894: The BlackLotus campaign

This guide provides steps that organizations can take to assess whether users have been targeted or compromised by threat actors exploiting CVE-2022-21894 via a Unified Extensible Firmware Interface UEFI bootkit called BlackLotus. UEFI bootkits are particularly dangerous as they run at computer...

Guidance on Microsoft Signed Drivers Being Used Maliciously

Executive Summary: Microsoft was recently informed that drivers certified by Microsoft’s Windows Hardware Developer Program were being used maliciously in post-exploitation activity. Microsoft has completed its investigation and determined that the activity was limited to the abuse of several...

New Windows 11 security features are designed for hybrid work

Attackers are constantly evolving, becoming increasingly sophisticated and destructive—the median time for an attacker to access your private data if you fall victim to a phishing email is 1 hour, 12 minutes.1 Microsoft tracks more than 35 ransomware families and more than 250 unique nation-state...

Exploit for Exposed IOCTL with Insufficient Access Control in Dell Dbutil

CVE-2021-21551 A PoC that exploits Dell's dbutil23 driver...

New Surface PCs enable virtualization-based security (VBS) by default to empower customers to do more, securely

VBS and HVCI-enabled devices help protect from advanced attacks Escalation of privilege attacks are a malicious actor’s best friend, and they often target sensitive information stored in memory. These kinds of attacks can turn a minor user mode compromise into a full compromise of your OS and...

New Surface PCs enable virtualization-based security (VBS) by default to empower customers to do more, securely

VBS and HVCI-enabled devices help protect from advanced attacks Escalation of privilege attacks are a malicious actor’s best friend, and they often target sensitive information stored in memory. These kinds of attacks can turn a minor user mode compromise into a full compromise of your OS and...

System Management Mode deep dive: How SMM isolation hardens the platform

Ensuring that the platform firmware is healthy and trustworthy is fundamental to guaranteeing that powerful platform security features like Hypervisor-protected code integrity HVCI and Windows Defender Credential Guard are functioning as expected. Windows 10 achieves this by leveraging a...

Security feature bypass

Microsoft Windows 10 Gold and 1511 allows local users to bypass the Virtual Secure Mode Hypervisor Code Integrity HVCI protection mechanism and perform RWX markings of kernel-mode pages via a crafted application, aka "Hypervisor Code Integrity Security Feature Bypass."...

CVE-2016-0181

Microsoft Windows 10 Gold and 1511 allows local users to bypass the Virtual Secure Mode Hypervisor Code Integrity HVCI protection mechanism and perform RWX markings of kernel-mode pages via a crafted application, aka "Hypervisor Code Integrity Security Feature Bypass."...

CVE-2016-0181

CVE-2016-0181 describes a local security feature bypass in Windows 10 Gold and 1511 where a crafted application could bypass Virtual Secure Mode Hypervisor Code Integrity (HVCI) and mark kernel-mode pages as RWX. Several connected sources (CNVD-2016-03091, NVD/NVD mirror, MSRC/MS16-066, and OpenV...

Hypervisor Code Integrity Security Feature Bypass

A security feature bypass vulnerability exists when Windows incorrectly allows certain kernel-mode pages to be marked as Read, Write, Execute RWX even with Hypervisor Code Integrity HVCI enabled. To exploit this vulnerability, an attacker could run a specially crafted application to bypass code...