105 matches found
Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability
Stack-based buffer overflow in Microsoft Virtual Hard Drive allows an authorized attacker to elevate privileges locally...
PT-2025-28587
Name of the Vulnerable Software and Affected Versions: Microsoft Windows Virtual Hard Disk VHDX affected versions not specified Description: An integer overflow or wraparound condition exists in Virtual Hard Disk VHDX that may allow an unauthorized attacker to elevate privileges locally. The issu...
CVE-2024-26254 Microsoft Virtual Machine Bus (VMBus) Denial of Service Vulnerability
...
Privilege escalation
Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability...
CVE-2024-20658 Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability
...
CVE-2023-36718
Microsoft Virtual Trusted Platform Module Remote Code Execution Vulnerability...
Remote code execution
Microsoft Virtual Trusted Platform Module Remote Code Execution Vulnerability...
PT-2023-6060 · Microsoft · Virtual Trusted Platform Module +1
Name of the Vulnerable Software and Affected Versions: Microsoft Virtual Trusted Platform Module affected versions not specified Description: The issue is related to insufficient input validation in the virtual trusted platform module of Windows operating systems. This can be exploited by attacke...
S4UTomato - Escalate Service Account To LocalSystem Via Kerberos
Escalate Service Account To LocalSystem via Kerberos. Traditional Potatoes Friends familiar with the "Potato" series of privilege escalation should know that it can elevate service account privileges to local system privileges. The early exploitation techniques of "Potato" are almost identical:...
Little Crumbs Can Lead To Giants
This week is the Virus Bulletin Conference in London. Part of the conference is the Cyber Threat Alliance summit, where CTA members like Rapid7 showcase their research into all kinds of cyber threats and techniques. Traditionally, when we investigate a campaign, the focus is mostly on the code of...
November 8, 2016 — KB3198585 (OS Build 10240.17190)
November 8, 2016 — KB3198585 OS Build 10240.17190 This update includes quality improvements and security updates. No new operating system features are being introduced in this update. Key changes include: Addressed issue to update the Access Point Name APN database. Addressed issue with deadlocks...
Cumulative update for Windows 10: November 8, 2016
Cumulative update for Windows 10: November 8, 2016 Summary This security update includes improvements and fixes in the functionality of Windows 10. It also resolves the following vulnerabilities in Windows: 3198467 MS16-142: Cumulative security update for Internet Explorer: November 8, 2016 31934...
Microsoft Virtual PC Hypervisor Virtual Machine Monitor Security Bypass Vulnerability
Windows Virtual PC is the latest Microsoft virtualization technology. A security bypass vulnerability exists in Microsoft Virtual PC Hypervisor Virtual Machine Monitor, which can be exploited by an attacker to bypass memory protection mechanisms and obtain sensitive information...
Microsoft Virtual Machine Manager privilege escalation
Insufficient users role checking...
Microsoft Virtual Machine Manager CVE-2015-0012 Local Privilege Escalation Vulnerability
Description Microsoft Virtual Machine Manager is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Technologies Affected Microsoft System Center Virtual Machine Manager 2012 R2 UR4 VMM Server update...
VMSA-2011-0014:VMware vCenter Update Manager fix for Jetty Web server addresses directory traversal vulnerability
VMSA-2011-0014 VMware vCenter Update Manager fix for Jetty Web server addresses directory traversal vulnerability VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2011-0014 VMware Security Advisory Synopsis: VMware vCenter Update Manager fix for Jetty Web server addresses...
How Assumptions May Be Making Us All Less Secure
In the space of a given year, untold thousands of vulnerabilities are found in operating systems, applications and plug-ins. In many cases, the affected vendors fix the flaws, either with a patch, a workaround or some other mitigation. But there’s also a huge population of security bugs that...
VulnCheck KEV: CVE-2003-0111
The ByteCode Verifier component of Microsoft Virtual Machine VM build 5.0.3809 and earlier, as used in Windows and Internet Explorer, allows remote attackers to bypass security checks and execute arbitrary code via a malicious Java applet, aka "Flaw in Microsoft VM Could Enable System Compromise....
Privilege escalation
The memory-management implementation in the Virtual Machine Monitor aka VMM or hypervisor in Microsoft Virtual PC 2007 Gold and SP1, Virtual Server 2005 Gold and R2 SP1, and Windows Virtual PC does not properly restrict access from the guest OS to memory locations in the VMM work area, which allo...
CVE-2010-1225
The memory-management implementation in the Virtual Machine Monitor aka VMM or hypervisor in Microsoft Virtual PC 2007 Gold and SP1, Virtual Server 2005 Gold and R2 SP1, and Windows Virtual PC does not properly restrict access from the guest OS to memory locations in the VMM work area, which allo...