3876 matches found
VM Escape Earns Hackers $105K at Pwn2Own
Hackers managed to take down Microsoft Edge and escape a virtual machine to boot on the third day of Pwn2Own early Friday. Members from Qihoo’s 360 Security Team carried out the VM exploit, earning the group $105,000, by far the highest amount awarded to a group at the hacking challenge this week...
CVE-2017-0103
The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows Server 2012 mishandles registry objects in memory, which allows local users to gain privileges via a crafted application, aka "Windows Registry Elevation of Privilege Vulnerability."...
CVE-2017-0080
The kernel-mode drivers in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0024, CVE-2017-0026,...
CVE-2017-0079
The kernel-mode drivers in Windows 8.1; Windows Server 2012 R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." This vulnerability is different from those described in...
CVE-2017-0050
The kernel API in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7; Windows 8; Windows 10 Gold, 1511, and 1607; Windows RT 8.1; Windows Server 2012 Gold and R2; and Windows Server 2016 does not properly enforce permissions, which allows local users to spoof processes,...
CVE-2017-0056
The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allow local users to gain privileges via a crafted application, aka...
Microsoft Windows Kernel 'Win32k.sys' local elevation of privilege vulnerability (CNVD-2017-03699)
Microsoft Windows is the popular computer operating system. A local elevation of privilege vulnerability exists in Microsoft Windows Kernel 'Win32k.sys'. An attacker can exploit the vulnerability to run arbitrary code in kernel mode...
Microsoft Windows Kernel 'Win32k.sys' local boost vulnerability (CNVD-2017-03631)
Microsoft Windows is an operating system developed by the American company Microsoft. A local lift vulnerability exists in the Microsoft Windows Kernel 'Win32k.sys'. An attacker can exploit this vulnerability to execute arbitrary code with kernel privileges...
Microsoft Windows Kernel 'Win32k.sys' local boost vulnerability (CNVD-2017-03630)
Microsoft Windows is an operating system developed by the American company Microsoft. A local elevation of privilege vulnerability exists in the Microsoft Windows Kernel 'Win32k.sys'. An attacker can exploit this vulnerability to execute arbitrary code with elevated privileges in the kernel...
Microsoft Windows Kernel Local Mobilization Vulnerability (CNVD-2017-03625)
Microsoft Windows is an operating system developed by the American company Microsoft. Microsoft Windows suffers from a local elevation vulnerability. An attacker could exploit this vulnerability to execute arbitrary code with kernel privileges...
Microsoft Windows Kernel 'Win32k.sys' local boost vulnerability (CNVD-2017-03629)
Microsoft Windows is an operating system developed by the American company Microsoft. A local elevation of privilege vulnerability exists in the Microsoft Windows Kernel 'Win32k.sys'. An attacker can exploit this vulnerability to execute arbitrary code with elevated privileges in the kernel...
March 2017 Security Only Quality Update for Windows 7 SP1 and Windows Server 2008 R2 SP1
March 2017 Security Only Quality Update for Windows 7 SP1 and Windows Server 2008 R2 SP1 Summary This security update resolves the following vulnerabilities in Windows 7 SP1 and Windows Server 2008 R2 SP1: MS17-022 Security update for Microsoft XML Core Services MS17-021 Security update for...
March 2017 Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2
March 2017 Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2 Summary This security update resolves the following vulnerabilities in Windows 8.1 and Windows Server 2012 R2: MS17-022 Security update for Microsoft XML Core Services MS17-021 Security update for DirectShow MS17-0...
March 2017 Security Monthly Quality Rollup for Windows Server 2012
March 2017 Security Monthly Quality Rollup for Windows Server 2012 Summary This security update resolves the following vulnerabilities in Windows Server 2012: MS17-022 Security update for Microsoft XML Core Services MS17-019 Security update for Active Directory Federation Services MS17-018 Securi...
PT-2017-1640 · Microsoft · Windows
Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to insufficient access control in Windows kernel drivers, which can be exploited by an attacker to elevate their privileges using a specially crafted application. This...
Microsoft Windows Win32k Elevation of Privilege (MS17-018: CVE-2017-0026)
An elevation of privilege vulnerability exists in Windows Kernel. The vulnerability is caused when the Windows kernel-mode driver fails to properly handle objects in memory. A remote attacker can exploit this vulnerability by running a specially crafted application...
MS17-017: Security Update for Windows Kernel (4013081)
The remote Windows host is missing a security update. It is, therefore, affected by multiple elevation of privilege vulnerabilities : - An elevation of privilege vulnerability exists in the Windows Kernel API due to improper enforcement of permissions. A local attacker can exploit this, via a...
Microsoft Windows Kernel - 'win32k.sys NtSetWindowLongPtr' Local Privilege Escalation (MS16-135) (2)
/ Source: https://ricklarabee.blogspot.com/2017/01/virtual-memory-page-tables-and-one-bit.html Binary: https://github.com/rlarabee/exploits/raw/8b9eb646516d7f022a010f28018209f331c28975/cve-2016-7255/compiled/cve-2016-7255.exe Mirror:...
MS10-047: Vulnerabilities in Windows Kernel could allow elevation of privilege
MS10-047: Vulnerabilities in Windows Kernel could allow elevation of privilege Support for Windows Vista Service Pack 1 SP1 ends on July 12, 2011. To continue receiving security updates for Windows, make sure you're running Windows Vista with Service Pack 2 SP2. For more information, refer to thi...
MS16-034: Description of the security update for Windows kernel-mode drivers: March 8, 2016
MS16-034: Description of the security update for Windows kernel-mode drivers: March 8, 2016 Summary This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted...