Microsoft Patch Tuesday, October 2020 Edition

Its Cybersecurity Awareness Month! In keeping with that theme, if you abuse Microsoft Windows computers you should be aware the company shipped a bevy of software updates today to fix at least 87 security problems in Windows and programs that run on top of the operating system. That means its onc...

Zerologon Patches Roll Out Beyond Microsoft

UPDATE The “perfect” Windows vulnerability known as the Zerologon bug is getting a patch assist from two non-Microsoft sources, as they strive to fill in the gaps that the official fix doesn’t address. They roll out as Microsoft announced that it is tracking active exploitation in the wild. “We...

Microsoft Patch Tuesday August 2020: vulnerabilities with Detected Exploitation, useful for phishing and others

This time I would like to review not only the vulnerabilities that were published in the last August Microsoft Patch Tuesday, but also the CVEs that were published on other, not Patch Tuesday, days. Of course, if there are any. But lets start with the vulnerabilities that were presented on MS Pat...

This Week in Security News: Trend Micro Research Discovers Cybercriminal Turf War on Routers and a Massive Twitter Breach Compromises Some of the World’s Most Prominent Accounts

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, read about Trend Micro’s report on the botnet battle for IoT territory and how attacker groups are trying to gain control of vulnerable...

BSA-2020-1051

Security Advisory ID : BSA-2020-1051 Component : Windows DNS Revision : 1.0: Final A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests. An attacker who successfully exploited the vulnerability could run arbitrary code in th...

Threat Source newsletter for June 11, 2020

Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. We are back this week with new content, mainly around Microsoft Patch Tuesday. We have our complete breakdown of all the vulns here, as well as in-depth information on two remote code execution vulnerabilities one of our researche...

Looking at Big Threats Using Code Similarity. Part 1

Today, we are announcing the release of KTAE, the Kaspersky Threat Attribution Engine. This code attribution technology, developed initially for internal use by the Kaspersky Global Research and Analysis Team, is now being made available to a wider audience. You can read more about KTAE in our...

Microsoft Patch Tuesday April 2020: my classification script, confusing RCE in Adobe Type Manager and updates for older vulnerabilities

Easiest task ever? Making the reviews of Microsoft Patch Tuesday vulnerabilities should be an easy task. All vulnerability data is publicly available. Even better, dozens of reviews have already been written. Just read them, combine and post. Right? Not really. In fact it is quite boring and...

Threat Source newsletter for April 16, 2020

Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. It’s what — week 5 of this quarantine in the U.S.? Week 6? We’ve lost count. And so did the Beers with Talos guys. But lucky for you, th...

CVE-2020-1094

An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka ‘Windows Work Folder Service Elevation of Privilege Vulnerability’. Recent assessments: bac2binary at April 15, 2020 4:47pm UTC reported: The attack complexity is very less,...

Threat Analysis: CVE-2020-0796 – EternalDarkness (ghostSMB)

On March 10, 2020 analysis of a SMB vulnerability was inadvertently shared, under the assumption that Microsoft was releasing a patch for that vulnerability CVE-2020-0796. As of March 12, Microsoft has since released a patch for CVE-2020-0796, which is a vulnerability specifically affecting SMB3...

Threat Source newsletter (March 12, 2020)

Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. Obviously, COVID-19 is dominating headlines everywhere, and for good reason. We hope everyone out there is staying safe and healthy and...

SMBGhost – Analysis of CVE-2020-0796

ARCHIVED STORY SMBGhost – Analysis of CVE-2020-0796 By Eoin Carrol - March 12, 2020 The Vulnerability The latest vulnerability in SMBv3 is a “wormable” vulnerability given its potential ability to replicate or spread over network shares using the latest version of the protocol SMB 3.1.1. As of...

March 2020 Patch Tuesday – 115 Vulns, 26 Critical, Microsoft Word and Workstation Patches

This month’s Microsoft Patch Tuesday addresses 115 vulnerabilities with 26 of them labeled as Critical. Of the 26 Critical vulns, 17 are for browser and scripting engines, 4 are for Media Foundation, 2 are for GDI+ and the remaining 3 are for LNK files, Microsoft Word and Dynamics Business...

This Week in Security News: February 2020 Patch Tuesday Update and Misconfigured AWS S3 Bucket Leaks 36,000 Inmate Records

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about the more than 140 February Patch Tuesday updates from Microsoft and Adobe. Also, read about how an unsecured and unencrypted...

Microsoft Patch Tuesday — Oct. 2019: Vulnerability disclosures and Snort coverage

By Jon Munshaw. Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday discloses 60 vulnerabilities, nine of which are considered "critical," with the rest being deemed "important." This month’s security...

CVE-2019-1182

creationtimestamp| type| source ---|---|--- 2019-08-13 05:00:00+00:00| seen| https://msrc.microsoft.com/blog/2019/08/patch-new-wormable-vulnerabilities-in-remote-desktop-services-cve-2019-1181-1182/ 2019-08-13 23:12:13+00:00| seen| https://t.me/cybershit/558 2019-08-14 04:00:00+00:00| seen|...

PT-2019-4073 · Linux +9 · Linux +9

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Intel CPUs affected versions not specified AMD CPUs affected versions not specified ARM CPUs affected versions not specified Linux affected versions not specified Description: An information disclosure...

Working BlueKeep Exploit Developed by DHS

The Department of Homeland Security has confirmed it has developed a working exploit for the “wormable” BlueKeep vulnerability. The agency issued an alert on Monday urging Windows users to update their machines as soon as possible. The alert heightens concerns that malicious actors could soon als...

Nearly 1 Million Computers Still Vulnerable to "Wormable" BlueKeep RDP Flaw

Nearly 1 million Windows systems are still unpatched and have been found vulnerable to a recently disclosed critical, wormable, remote code execution vulnerability in the Windows Remote Desktop Protocol RDP—two weeks after Microsoft releases the security patch. If exploited, the vulnerability cou...