Windows Persistence via UserInitMprLogonScript

This module establishes persistence by setting the UserInitMprLogonScript value in HKCU\Environment. During user logon, userinit.exe checks this value and executes the specified command or binary. The module writes a payload executable to disk and points UserInitMprLogonScript to that payload...

EUVD-2006-4335

Malware in sbrugna...

EUVD-2020-12045

Malware in sbrugna...

Error - "Your Logon has expired. Please logon again to continue".

An error is seen logging on to Storefront. "Your logon has expired. Please log on again to continue" Error is only seen when logging on as a user from a different domain to that of the Storefront server...

Citrix Workspace app timeout Notification is shown

After the end user logon Citrix DaaS session using native Citrix Workspace app, if there is no activity within the Citrix Workspace app window for the specified interval of time, Citrix Workspace app timeout Notification will be shown. The Warning Message is "Your session is about to expire. You...

Teams - Error "Your Admin has restricted Access to the New Teams" in ICA session

When launching New Teams within Remote PC / ICA session, it seems to logon fine the first time. But when the user logs out and logs back in again to Teams the second time and any subsequent attempt, they see the following error message: "Your Admin has restricted Access to the New Teams"...

Your Logon Has Expired. Please Log on Again to Continue

Whenspecific users logon to Storefront Workspace App for web without Netscaler gateway, after typing the username/password, the below error appears: Your logon has expired. Please log on again to continue...

First User Logon via Citrix Workspace App Since Command Line Deployment Receiving "Citrix Workspace is Setting up your store...”

Citrix Workspace app for Windows via Command Line and configured store URL in the process. During first user logon via Workspace App since reboot the following dialog is displayed"Citrix Workspace is setting up your store. this process will take few minutes”...

CVE-2020-16916

An elevation of privilege vulnerability exists when Windows improperly handles COM object creation. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit this vulnerability, an attacker would first have to log on to the system. An...

The logon process for new users takes significantly longer as the number of user profiles increases in Windows

The logon process for new users takes significantly longer as the number of user profiles increases in Windows Symptoms Consider the following scenario: You have a Windows Server 2012 R2 or Windows Server 2008 R2-based domain environment that contains Windows 8.1 or Windows 7 domain clients. The...

User logon gets stuck at " Please wait for the group policy Client" with UPM

When trying to log into a session with a UPM profile process hangs at " Please wait for the Group policy client"...

WEM 4.4 -Transformer autologon is not launching the Agent at logon

WEM Transformer does not auto-launch after an end user logs onto a WEM Agent machine...

August 8, 2017—KB4034668 (OS Build 10240.17533)

August 8, 2017—KB4034668 OS Build 10240.17533 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addressed issue where some of the event data for user logon events ID 4624 from Domain...

Conexant Systems MicTray64 Information Disclosure Vulnerability

Conexant Systems MicTray64 is an application that Conexant Systems USA installs with the Conexant Audio Driver package and registers as a Microsoft Scheduled Task to run after each user logs on. The program monitors all keystrokes taken by the user to capture and respond to functions such as...

UPM 5.5 - You are logged in with a temporary profile

We see the following error in eventvwr : The Citrix Profile Management driver could not be loaded. Processing can not continue. The user will be given a temporary profile. Cause: The Citrix Profile Management Service on this computer could not connect to the driver while processing a user logon...

Windows Modern Apps are not launching with Profile Management enabled

Certain Windows 8.x Modern Apps such as PC Settings are not launching with Profile management UPM enabled. If UPM is disabled via Policy and a new user logs on to the PC, the Modern App for PC Settings launches as expected...

NetScaler Gateway Stuck at cgi/setclient After Log On

NetScaler Gateway stuck at cgi/setclient after log on...

Windows Multiple - Registry Only Persistence Exploit

Exploit for windows platform in category local exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'msf/core/exploit/powershell' require 'msf/core/post/file' class Metasploit4 'Windows...

Windows Registry Only Persistence

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'msf/core/exploit/powershell' require 'msf/core/post/file' class Metasploit4 'Windows Registry Only Persistence', 'Description' = %q This modul...

Schneider Electric StruxureWare Building Expert Plaintext Credentials Vulnerability

OVERVIEW Independent researcher Artyom Kurbatov has identified a cleartext transmission vulnerability in Schneider Electric’s StruxureWare Building Expert product. Schneider Electric has produced a new firmware version that mitigates this vulnerability. Artyom Kurbatov has tested the new firmware...