CVE-2018-8549

A security feature bypass exists when Windows incorrectly validates kernel driver signatures, aka "Windows Security Feature Bypass Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 1...

Windows Security Feature Bypass Vulnerability

A security feature bypass exists when Windows incorrectly validates kernel driver signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed drivers into the kernel. In an attack scenario, an attacker could bypass security...

KB4467703: Windows 8.1 and Windows Server 2012 R2 November 2018 Security Update

The remote Windows host is missing security update 4467703 or cumulative update 4467697. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability...

KB4467691: Windows 10 Version 1607 and Windows Server 2016 November 2018 Security Update

The remote Windows host is missing security update 4467691. It is, therefore, affected by multiple vulnerabilities : - A security feature bypass vulnerability exists in Microsoft JScript that could allow an attacker to bypass Device Guard. CVE-2018-8417 - A remote code execution vulnerability...

ASRock Drivers Privilege Escalation / Code Execution

SecureAuth - SecureAuth Labs Advisory http://www.secureauth.com/ ASRock Drivers Elevation of Privilege Vulnerabilities 1. Advisory Information Title: ASRock Drivers Elevation of Privilege Vulnerabilities Advisory ID: CORE-2018-0005 Advisory URL:...

The vulnerability of the Win32k component in Windows operating systems allows attackers to enhance their privileges and execute arbitrary code.

The vulnerability of the Win32k component win32k.sys in Windows operating systems is related to the use of memory after it has been freed. Exploiting this vulnerability can allow an attacker to enhance their privileges and execute arbitrary code using a specially created application...

Security Bulletin: NVIDIA SHIELD TV – October 2018

NVIDIA has released a software security update for SHIELD TV. This update addresses issues that may lead to information disclosure or escalation of privileges. To protect your system, download and install this software update. Go to NVIDIA Product Security. Details This section summarizes the...

Kemon - An Open-Source Pre And Post Callback-Based Framework For macOS Kernel Monitoring

An Open-Source Pre and Post Callback-Based Framework for macOS Kernel Monitoring. What is Kemon? An open-source Pre and Post callback-based framework for macOS kernel monitoring. With the power of Kemon, we can easily implement LPC communication monitoring, MAC policy filtering, kernel driver...

Microsoft Windows Information Disclosure Vulnerability (CNVD-2018-18624)

Microsoft Windows Server 2016 and others are operating systems released by Microsoft Corporation in the U.S. Microsoft Windows Server 2016 is a set of server operating systems.Windows 8.1 is a set of operating systems for personal computers. An information disclosure vulnerability exists in...

KingCloud Antivirus v2.4.2.39 Personal Edition hookbody.sys driver has a denial of service vulnerability

KingCloud Antivirus is a next-generation artificial intelligence antivirus software for personal end devices launched by Tatsunobuilder. hookbody.sys is a kernel mode driver in KingCloud Personal Antivirus. A denial of service vulnerability exists in the hookbody.sys driver of KingCloud Antivirus...

KingCloud Antivirus v2.4.2.39 Personal Edition ZySandbox.sys Driver Has Denial of Service Vulnerability

KingCloud Antivirus is a next-generation artificial intelligence antivirus for personal end devices launched by Tatsunobuilder.ZySandbox.sys is a kernel-mode driver in KingCloud Personal Antivirus. A denial of service vulnerability exists in the ZySandbox.sys driver for KingCloud Antivirus...

Double free

It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc double free in sndrawmidiinputparams and sndrawmidioutputstatus which are part of sndrawmidiioctl handler in rawmidi.c file. A malicious local attacker could possibly use this f...

CVE-2018-10902

CVE-2018-10902 is a Linux kernel local privilege-escalation flaw in the raw MIDI driver. The issue arises from a race on concurrent access in the snd_rawmidi_ioctl() path (snd_rawmidi_input_params and snd_rawmidi_output_status), causing a double-free/double-realloc in the rawmidi.c handler. Explo...

CVE-2018-10902

It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc double free in sndrawmidiinputparams and sndrawmidioutputstatus which are part of sndrawmidiioctl handler in rawmidi.c file. A malicious local attacker could possibly use this f...

An Open-Source Pre and Post Callback-Based Framework for macOS Kernel Monitoring: Kemon

If third-party vendors want to add new features to the macOS kernel, such as antivirus capabilities, ransomware blocking, data breach auditing, behavior monitoring and so on, they usually need the support of the system’s exported interfaces. At present, only two known official interfaces are...

CVE-2018-10902

It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc double free in sndrawmidiinputparams and sndrawmidioutputstatus which are part of sndrawmidiioctl handler in rawmidi.c file. A malicious local attacker could possibly use this f...

BIOS Boots What? Finding Evil in Boot Code at Scale!

The second issue is that reverse engineering all boot records is impractical. Given the job of determining if a single system is infected with a bootkit, a malware analyst could acquire a disk image and then reverse engineer the boot bytes to determine if anything malicious is present in the boot...

KingCloud Antivirus v2.4.2.39 Personal Edition hookbody.sys driver has a denial of service vulnerability

KingCloud Antivirus is a next-generation artificial intelligence antivirus software for personal end devices launched by Tatsunobuilder. hookbody.sys is a kernel mode driver in KingCloud Personal Antivirus. A denial of service vulnerability exists in the hookbody.sys driver of KingCloud Antivirus...

CVE-2018-2926

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite subcomponent: NVIDIA-GFX Kernel driver. The supported version that is affected is 11.3. Easily exploitable vulnerability allows low privileged attacker with network access via ISCSI to compromise Solaris. Successful attac...

CVE-2018-2926

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite subcomponent: NVIDIA-GFX Kernel driver. The supported version that is affected is 11.3. Easily exploitable vulnerability allows low privileged attacker with network access via ISCSI to compromise Solaris. Successful attac...