Exploit for Protection Mechanism Failure in Microsoft

CVE-2024-29988-exploit Exploit for Microsoft SmartScreen malic...

Microsoft SmartScreen Prompt Security Feature Bypass Vulnerability

Microsoft SmartScreen Prompt contains a security feature bypass vulnerability that allows an attacker to bypass the Mark of the Web MotW feature. This vulnerability can be chained with CVE-2023-38831 and CVE-2024-21412 to execute a malicious file...

Update now! Microsoft fixes two zero-days on February Patch Tuesday

Microsoft has issued patches for 73 security vulnerabilities in its February 2024 Patch Tuesday. Among these vulnerabilities are two zero-days that are reportedly being used in the wild. The two zero-day vulnerabilities have already been added to the Cybersecurity & Infrastructure Security Agency...

ThemeBleed exploit is another reason to patch Windows quickly

Included in the September 2023 Patch Tuesday updates was a fix for a vulnerability which has been dubbed ThemeBleed. A Proof-of-Concept PoC exploit has been released by Gabe Kirkpatrick, one of the researchers acknowledged for reporting the vulnerability. The Common Vulnerabilities and Exposures...

Beware of MalDoc in PDF: A New Polyglot Attack Allowing Attackers to Evade Antivirus

Cybersecurity researchers have called attention to a new antivirus evasion technique that involves embedding a malicious Microsoft Word file into a PDF file. The sneaky method, dubbed MalDoc in PDF by JPCERT/CC, is said to have been employed in an in-the-wild attack in July 2023. "A file created...

Microsoft Windows Search Remote Code Execution Vulnerability

Microsoft Windows Search contains an unspecified vulnerability that could allow an attacker to evade Mark of the Web MOTW defenses via a specially crafted malicious file, leading to remote code execution...

Microsoft Patch Tuesday March 2023: Outlook EoP, MOTW Bypass, Excel DoS, HTTP/3 RCE, ICMP RCE, RPC RCE

Hello everyone! This episode will be about Microsoft Patch Tuesday for March 2023, including vulnerabilities that were added between February and March Patch Tuesdays. Alternative video link for Russia: As usual, I use my open source Vulristics project to analyse and prioritize vulnerabilities. I...

Microsoft Windows SmartScreen Security Feature Bypass Vulnerability

Microsoft Windows SmartScreen contains a security feature bypass vulnerability that could allow an attacker to evade Mark of the Web MOTW defenses via a specially crafted malicious file...

Evasion Techniques Uncovered: An Analysis of APT Methods

By Christiaan Beek, with special thanks to Matt Green DLL search order hijacking is a technique used by attackers to elevate privileges on the compromised system, evade restrictions, and/or establish persistence on the system. The Windows operating system uses a common method to look for required...

Bluenoroff Bypasses MoTW to Target Japanese Organizations

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Bluenoroff is known for targeting financial institutions and government organizations and has been active since at least 2014. From September onwards Bluenoroff threat actors added a new feature, that...

BlueNoroff APT Hackers Using New Ways to Bypass Windows MotW Protection

BlueNoroff, a subcluster of the notorious Lazarus Group, has been observed adopting new techniques into its playbook that enable it to bypass Windows Mark of the Web MotW protections. This includes the use of optical disk image .ISO extension and virtual hard disk .VHD extension file formats as...

BlueNoroff introduces new methods bypassing MoTW

BlueNoroff group is a financially motivated threat actor eager to profit from its cyberattack capabilities. We have published technical details of how this notorious group steals cryptocurrency before. We continue to track the groups activities and this October we observed the adoption of new...

Update now! Two zero-days fixed in 2022's last patch Tuesday

In numbers, the patch Tuesday of December 2022 is a relatively light one for Windows users. Microsoft patched 48 vulnerabilities with only six considered critical. But numbers are only half the story. Two of the updates are zero-days with one of them known to be actively exploited. Windows...

Microsoft Defender SmartScreen Security Feature Bypass Vulnerability

Microsoft Defender SmartScreen contains a security feature bypass vulnerability that could allow an attacker to evade Mark of the Web MOTW defenses via a specially crafted malicious file...

Microsoft Patch Tuesday November 2022: Exchange ProxyNotShell RCE, JScript9, MoTW, OpenSSL, Edge, CNG, Print Spooler

Hello everyone! This episode will be about Microsoft Patch Tuesday for November 2022, including vulnerabilities that were added between October and November Patch Tuesdays. As usual, I use my open source Vulristics project to create the report. Alternative video link for Russia: The most importan...

Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability

Microsoft Windows Mark of the Web MOTW contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features...

Unofficial Patch Released for New Actively Exploited Windows MotW Vulnerability

An unofficial patch has been made available for an actively exploited security flaw in Microsoft Windows that makes it possible for files signed with malformed signatures to sneak past Mark-of-the-Web MotW protections. The fix, released by 0patch, arrives weeks after HP Wolf Security disclosed a...

7-Zip gets Mark of the Web feature, increases protection for users

One of the most popular zip programs around, 7-Zip, now offers support for "Mark of the Web" MOTW, which gives users better protection from malicious files. This is good news. But what does that actually mean? In the bad old days, opening up a downloaded document could be a fraught exercise...

Microsoft takes macros out of the equation for five Office apps

Microsoft says it is going to disable macros in five Office apps by default. Besides Excel 4.0 macros, which were disabled by default last month, now VBA macros obtained from the Internet will be blocked by default as well. The change will begin rolling out in Version 2203, starting with Current...

Microsoft Windows Explorer Preview Pane Security Bypass

Exploit Title: Windows Explorer Preview Pane WMV/WMA media Automatic URI Opening Vulnerability Google Dork: n/a Date: December 25th, 2021 Exploit Author: Eduardo Braun Prado Vendor Homepage: http://www.microsoft.com/ Software Link: http://www.microsoft.com/ Version: Windows 7, 8.1, 10, 11 x86/x64...