18 matches found
web-app-security-owasp-zap
🔐 Web Application Security Testing with OWASP ZAP Author:...
Unable to run WSL2 on the W11 VDI machine
When customers attempt to install the WSL 2 Ubuntu distribution on Windows 11 VDIs , they encounter the following message: Installing, this may take a few minutes. Error observedWslRegisterDistribution failed with error: 0xe000020b Error: 0xe000020b null...
"WSL/Service/CreateInstance/CreateVm/ConfigureNetworking/HNS/0xe000020b” installing WSL2 in MCS VMs
...
qemu-kvm bug fix update
An update is available for qemu-kvm. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Kernel-based Virtual Machine KVM is a full virtualization solution for Linux...
Security Updates for Windows Subsystem for Linux (WSL2) Elevation of Privilege (December 2022)
The wsl2 installation on the remote host is missing a security update. It is, therefore, affected by an elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid169974;...
KB5021233: Windows 10 Version 20H2 / 21H1 / 21H2 / 22H2 Security Update (December 2022)
The remote Windows host is missing security update 5021233. It is, therefore, affected by multiple vulnerabilities - PowerShell Remote Code Execution Vulnerability CVE-2022-41076 - Windows Subsystem for Linux WSL2 Kernel Elevation of Privilege Vulnerability CVE-2022-44689 - A remote code executio...
KB5021237: Windows 10 version 1809 / Windows Server 2019 Security Update (December 2022)
The remote Windows host is missing security update 5021237. It is, therefore, affected by multiple vulnerabilities - PowerShell Remote Code Execution Vulnerability CVE-2022-41076 - Windows Subsystem for Linux WSL2 Kernel Elevation of Privilege Vulnerability CVE-2022-44689 - A remote code executio...
CVE-2022-44689
CVE-2022-44689 affects Windows Subsystem for Linux (WSL2) kernel, enabling local elevation of privilege. The NVD entry lists a local attack vector with low complexity and low privileges required, resulting in high impact to confidentiality, integrity, and availability. Connected sources corrobora...
KB5021249: Windows Server 2022 Security Update (December 2022)
The remote Windows host is missing security update 5021249. It is, therefore, affected by multiple vulnerabilities - PowerShell Remote Code Execution Vulnerability CVE-2022-41076 - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorize...
CVE-2022-38014
Windows Subsystem for Linux WSL2 Kernel Elevation of Privilege Vulnerability...
CVE-2022-38014 Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability
...
CVE-2022-38014
CVE-2022-38014 affects Windows Subsystem for Linux (WSL2) kernel components. The CVSSv3 metrics in the initial record indicate a Local, Privilege-Required (Low), No User Interaction, with Confidentiality, Integrity, and Availability impacts all High, resulting in a base score of 7.0 (HIGH). The v...
Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability
...
KLA20043 PE vulnerability in Microsoft Open Source Software
Elevation of privilege vulnerability was found in Microsoft Open Source Software. Malicious users can exploit this vulnerability to gain privileges. Original advisories CVE-2022-38014 Related products Microsoft-Windows CVE list CVE-2022-38014 high KB list Solution Install necessary updates from t...
Implications of Windows Subsystem for Linux for Adversaries & Defenders (Part 1)
This post is the first of a multi-part blog series that will explore and highlight the different risks that Windows Subsystem for Linux WSL poses to an enterprise IT environment. Here we examine a new Microsoft feature for GNU\Linux that increases the attack surface and introduces a lot more...
Procrustes - A Bash Script That Automates The Exfiltration Of Data Over Dns In Case We Have A Blind Command Execution On A Server Where All Outbound Connections Except DNS Are Blocked
A bash script that automates the exfiltration of data over dns in case we have a blind command execution on a server where all outbound connections except DNS are blocked. The script currently supports sh, bash and powershell and is compatible with exec style command execution e.g...
Kali Linux 2020.3 Release - Penetration Testing and Ethical Hacking Linux Distribution
Time for another Kali Linux release! Quarter 3 – Kali Linux 20202.3. This release has various impressive updates. A quick overview of what’s new since the last release in May 2020: New Shell – Starting the process to switch from “Bash” to “ZSH “ The release of “Win-Kex ” – Get readyWSL2 Automatin...
Microsoft Windows Subsystem For Linux Local Privilege Escalation
define GNUSOURCE include include include include include include include include include include include include include include include define RINGSIZE 0x2000000 define PIPESIZE 0xb8 define PTRSIZE 0x8 define STRHDRSIZE 0x18 define LEAKOFFSET 0x68 define SHELLCODEOFFSET 0x200 define...