CVE-2025-14963

A vulnerability identified in the HX Agent driver file fekern.sys allowed a threat actor with local user access the ability to gain elevated system privileges. Utilization of a Bring Your Own Vulnerable Driver BYOVD was leveraged to gain access to the critical Windows process memory lsass.exe Loc...

EUVD-2001-1103

Malware in sbrugna...

CVE-1999-0227

Access violation in LSASS.EXE LSA/LSARPC program in Windows NT allows a denial of service...

June 11, 2024—KB5039227 (OS Build 20348.2527)

June 11, 2024—KB5039227 OS Build 20348.2527 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server 2022, see its update history page. Note Follow @WindowsUpdate to find out when n...

June 11, 2024—KB5039225 (OS Build 10240.20680) - EXPIRED

June 11, 2024—KB5039225 OS Build 10240.20680 - EXPIRED EXPIRATION NOTICEIMPORTANT As of January 27, 2026, this update is no longer available from the Microsoft Update Catalog or other release channels. We recommend that you update your devices to the latest version of Windows. --- 12/8/20 For...

June 11, 2024—KB5039217 (OS Build 17763.5936) - EXPIRED

June 11, 2024—KB5039217 OS Build 17763.5936 - EXPIRED EXPIRATION NOTICEIMPORTANT As of March 31, 2026, this update is no longer available from the Microsoft Update Catalog or other release channels. We recommend that you update your devices to the latest version of Windows. 11/17/20 For informati...

June 11, 2024—KB5039212 (OS Builds 22621.3737 and 22631.3737)

June 11, 2024—KB5039212 OS Builds 22621.3737 and 22631.3737 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 11, version 23H2, see its update history page. Note Follow @WindowsUpda...

June 11, 2024—KB5039236 (OS Build 25398.950)

June 11, 2024—KB5039236 OS Build 25398.950 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server, version 23H2, see its update history page. Improvements This security update...

June 11, 2024—KB5039213 (OS Build 22000.3019)

June 11, 2024—KB5039213 OS Build 22000.3019 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 11, version 21H2, see its update history page. Note Follow @WindowsUpdate to find out...

January 9, 2024—KB5034127 (OS Build 17763.5329) - EXPIRED

January 9, 2024—KB5034127 OS Build 17763.5329 - EXPIRED EXPIRATION NOTICEIMPORTANT As of March 31, 2026, this update is no longer available from the Microsoft Update Catalog or other release channels. We recommend that you update your devices to the latest version of Windows. ​​​​​​​ 11/17/20 For...

December 13, 2022—KB5021303 (Security-only update)

December 13, 2022—KB5021303 Security-only update Summary Learn more about this security-only update, including improvements, any known issues, and how to get the update. REMINDERWindows Server 2012 has reached the end of mainstream support and is now in extended support. Starting in July 2020,...

December 13, 2022—KB5021293 (Security-only update)

December 13, 2022—KB5021293 Security-only update Summary Learn more about this security-only update, including improvements, any known issues, and how to get the update. REMINDER Windows Server 2008 Service Pack 2 SP2 has reached the end of mainstream support and are now in extended support...

Exploit for CVE-2022-26809

CVE-2022-26809 This repo just simply research for the CVE, f...

Magic Hound Exploiting Old Microsoft Exchange ProxyShell Vulnerabilities

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here APT35 aka Magic Hound, an Iranian-backed threat group, has begun using Microsoft Exchange ProxyShell vulnerabilities as an initial attack vector and to execute code through multiple web shells. The group has primarily targeted...

Moses Staff Hackers Targeting Israeli Organizations for Cyber Espionage

The politically motivated Moses Staff hacker group has been observed using a custom multi-component toolset with the goal of carrying out espionage against its targets as part of a new campaign that exclusively singles out Israeli organizations. First publicly documented in late 2021, Moses Staff...

Detecting and Preventing Critical ZeroLogon Windows Server Vulnerability

If you're administrating Windows Server, make sure it's up to date with all recent patches issued by Microsoft, especially the one that fixes a recently patched critical vulnerability that could allow unauthenticated attackers to compromise the domain controller. Dubbed 'Zerologon' CVE-2020-1472...

July 14, 2020—KB4565489 (OS Build 17134.1610)

July 14, 2020—KB4565489 OS Build 17134.1610 NEW IMPORTANT Windows 10, version 1803 has reached the end of mainstream support and is now in extended support. Starting in July 2020, there will no longer be optional, non-security releases known as "C" releases for this operating system. Operating...

Microsoft Windows 10.0.17134.648 - HTTP -> SMB NTLM Reflection Leads to Privilege Elevation

VULNERABILITY DETAILS It's possible to use the NTLM reflection attack to escape a browser sandbox in the case where the sandboxed process is allowed to create TCP sockets. In particular, I was able to combine the issues mentioned below with a bug in Chromium to escape its sandbox. HTTP - SMB NTLM...

Microsoft Windows 10.0.17134.648 - HTTP - SMB NTLM Reflection Leads to Privilege Elevation

Microsoft Windows 10.0.17134.648 - HTTP - SMB NTLM Reflection Leads to Privilege Elevation VULNERABILITY DETAILS It's possible to use the NTLM reflection attack to escape a browser sandbox in the case where the sandboxed process is allowed to create TCP sockets. In particular, I was able to combi...

Microsoft Windows: MS Security Guide: WDigest Authentication

When WDigest authentication is enabled, Lsass.exe retains a copy of the user SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...