612 matches found
Exploit for Improper Authentication in Microsoft
Detailed-Analysis-and-Mitigation-Strategies-for-CVE-2024-38124...
The vulnerability of the Netlogon service in Windows operating systems allows attackers to escalate their privileges.
The vulnerability of the Netlogon service in Windows operating systems is related to deficiencies in the authentication process. Exploiting this vulnerability can allow a malicious actor to gain increased privileges remotely...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the categories of damage listed below. The most serious vulnerability has been assigned attribute CVE-2024-38124 and is located in the NETLOGON functionality...
CVE-2024-38124
Windows Netlogon Elevation of Privilege Vulnerability...
CVE-2024-38124
Windows Netlogon Elevation of Privilege Vulnerability...
CVE-2024-38124 Windows Netlogon Elevation of Privilege Vulnerability
...
CVE-2024-38124
CVE-2024-38124 is a Windows Netlogon Elevation of Privilege vulnerability. The provided exploitation context shows an attacker with network access on an AD domain can craft Netlogon messages to impersonate machines (including DCs), enabling privilege escalation and potential full AD compromise. A...
CVE-2024-38124 Windows Netlogon Elevation of Privilege Vulnerability
...
Windows Netlogon Elevation of Privilege Vulnerability
...
PT-2024-6729 · Microsoft · Windows Netlogon +1
Name of the Vulnerable Software and Affected Versions: Windows Netlogon affected versions not specified Description: The vulnerability in Windows Netlogon is related to deficiencies in the authentication procedure, allowing a remote attacker to elevate their privileges. It involves predicting the...
Microsoft Windows Netlogon 授权问题漏洞
Microsoft Windows Netlogon is an important component of Windows from Microsoft Corporation USA, whose main functions are authentication of users and machines on intra-domain networks and replication of databases for domain-controlled backups, as well as maintenance of relationships between domain...
KB5044306: Windows Server 2008 Security Update (October 2024)
The remote Windows host is missing security update 5044306. It is, therefore, affected by multiple vulnerabilities - Windows Routing and Remote Access Service RRAS Remote Code Execution Vulnerability CVE-2024-38212, CVE-2024-38261, CVE-2024-38265, CVE-2024-43453, CVE-2024-43549, CVE-2024-43564,...
KB5044293: Windows 10 Version 1607 / Windows Server 2016 Security Update (October 2024)
The remote Windows host is missing security update 5044293. It is, therefore, affected by multiple vulnerabilities - Windows Routing and Remote Access Service RRAS Remote Code Execution Vulnerability CVE-2024-38212, CVE-2024-38261, CVE-2024-38265, CVE-2024-43453, CVE-2024-43549, CVE-2024-43564,...
KB5044343: Windows Server 2012 R2 Security Update (October 2024)
The remote Windows host is missing security update 5044343. It is, therefore, affected by multiple vulnerabilities - Windows Routing and Remote Access Service RRAS Remote Code Execution Vulnerability CVE-2024-38212, CVE-2024-38261, CVE-2024-38265, CVE-2024-43453, CVE-2024-43549, CVE-2024-43564,...
KB5044342: Windows Server 2012 Security Update (October 2024)
The remote Windows host is missing security update 5044342. It is, therefore, affected by multiple vulnerabilities - Windows Routing and Remote Access Service RRAS Remote Code Execution Vulnerability CVE-2024-38212, CVE-2024-38261, CVE-2024-38265, CVE-2024-43453, CVE-2024-43549, CVE-2024-43564,...
Netlogon Weak Cryptographic Authentication
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'windowserror' class MetasploitModule 'Netlogon Weak Cryptographic Authentication', 'Description' = %q A vulnerability exists within the Netlogon authentication...
MS-NRPC Domain Users Enumeration
This module will enumerate valid Domain Users via no authentication against MS-NRPC interface. It calls DsrGetDcNameEx2 to check if the domain user account exists or not. It has been tested with Windows servers 2012, 2016, 2019 and 2022. Module Options msf use auxiliary/scanner/dcerpc/nrpcenumuse...
RHEL 5 : samba (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - samba: symlink race permits opening files outside share directory CVE-2017-2619 - samba: Netlogon elevati...
PT-2024-19160 · Veeam · Veeam Recovery Orchestrator
Name of the Vulnerable Software and Affected Versions: Veeam Recovery Orchestrator affected versions not specified Description: The issue allows a user with a low-privileged role to access the NTLM hash of the service account used by the Veeam Orchestrator Server Service. Recommendations: At the...
EulerOS Virtualization 2.9.1 : samba (EulerOS-SA-2023-3093)
According to the versions of the samba packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbinddpamauthcrap.c. When performing...