PT-2026-33497

New from Eclypsium: CVE-2026-25250. A Microsoft-signed third-party bootloader that completely skips signature verification when loading drivers. Secure Boot bypass on most Windows systems. Discovered by Mickey Shkatov and Stas Lyakhov. Patch now. https://t.co/ofZmE2CVeN https://t.co/FhYKdMNdxJ...

New Fake CAPTCHA Scam Abuses Microsoft Tools to Install Amatera Stealer

Another day, another fake CAPTCHA scam, but this one abuses Microsoft’s signed tools...

K000152613: Secure Boot Bypass vulnerability CVE-2025-3052

Security Advisory Description An arbitrary write vulnerability in Microsoft signed UEFI firmware allows for code execution of untrusted software. This allows an attacker to control its value, leading to arbitrary memory writes, including modification of critical firmware settings stored in NVRAM...

CVE-2025-3052

CVE-2025-3052 is listed as an arbitrary write vulnerability affecting Microsoft-signed UEFI firmware, enabling code execution of untrusted software and potential modification of NVRAM-stored firmware settings. The CVE entry shown links CVE-2025-3052 to DT Research Inc. in the CVE List entry, and ...

shim security update

shim - 15.8-2.0.3.el7 - Set shim.ol sbat generation to 3 Orabug: 36271343 - 15.8-2.0.1.el7 - Set SBATAUTOMATICDATE to 2021030218 Orabug: 36271343 - Rebuild with Oracle certificates Orabug: 36271343 - Full list of fixed CVEs: CVE-2023-40546, CVE-2023-40547, CVE-2023-40548, CVE-2023-40549,...

Chinese Hackers Deploy Microsoft-Signed Rootkit to Target Gaming Sector

Cybersecurity researchers have unearthed a novel rootkit signed by Microsoft that's engineered to communicate with an actor-controlled attack infrastructure. Trend Micro has attributed the activity cluster to the same actor that was previously identified as behind the FiveSys rootkit, which came ...

Ransomware Attackers Use Microsoft-Signed Drivers to Gain Access to Systems

Microsoft on Tuesday disclosed it took steps to implement blocking protections and suspend accounts that were used to publish malicious drivers that were certified by its Windows Hardware Developer Program. The tech giant said its investigation revealed the activity was restricted to a number of...

High-Severity Windows UAC Flaw Enables Privilege Escalation

Researchers disclosed details of a high-severity Microsoft Windows vulnerability that could give attackers elevated privileges – ultimately allowing them to install programs, and view, change or delete data. The bug stems from User Account Control UAC, a security feature of Windows within Secure...

Applocker Evasion - Windows Presentation Foundation Host

This module will assist you in evading Microsoft Windows Applocker and Software Restriction Policies. This technique utilises the Microsoft signed binary PresentationHost.exe to execute user supplied code. This module requires Metasploit: https://metasploit.com/download Current source:...

LOLBAS - Living Off The Land Binaries And Scripts (LOLBins And LOLScripts)

The goal of the LOLBAS project is to document every binary, script, and library that can be used for Living Off The Land techniques. All the different files can be found behind a fancy frontend here: https://lolbas-project.github.io thanks @ConsciousHacker for this bit of eyecandy and the team ov...

Manipulating Microsoft WSUS to Own Enterprises

LAS VEGAS – Windows Server Update Services WSUS is your friend, if you run an enterprise IT shop, because it facilitates the download and distribution of security patches, service pack installations and hardware driver updates among others. Two researchers this week at the Black Hat conference,...

microsoft-install.txt

Juan asked me to forward this message from him to the list. He has discovered that an ActiveX control shipped with IE can be used to install software components signed by Microsoft without prompting the user. This of curse raises trust issues. Someone, not necessarily Microsoft, could use this...