Overview On February 27 (local time), Cisco officially released a security advisory to announce a critical security vulnerability (CVE-2019-1663) in Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router. This vulnerability exists in the web-based management interface of the preceding products, which...
Category: Emergency Response
Microsoft’s Security Bulletin for March Patches That Fix 68 Security Vulnerabilities Threat Alert
Overview  Microsoft released the March 2019 security patch on Tuesday that fixes 68 vulnerabilities ranging from simple spoofing attacks to remote code execution in various products, including Active Directory, Adobe Flash Player, Azure, Internet Explorer, Microsoft Browsers, Microsoft Edge, Microsoft Graphics Component, Microsoft JET Database Engine, Microsoft Office, Microsoft Office...
Resource-based Constrained Delegation Allows Obtaining of System Privileges of Any Domain Hosts Threat Alert
1 Vulnerability Overview Recently, the NSFOCUS M01N team released the Analysis of Privilege Escalation Attacks by Exploiting Resource-based Constrained Delegation, in which they describe the principle of attacks launched by exploiting the resource-based constrained delegation, so as to escalate privileges of domain hosts. For details, click the following link: http://blog.nsfocus.net/analysis-attacks-entitlement-resource-constrained-delegation/...
Windows Domain Machines Local Privilege Escalation Attack Threat Alert
Overview A security researcher from Shenanigans Labs disclosed a method of attacking the Active Directory by abusing resource-based constrained delegation. This would impose a serious threat to domain environments as an attacker could make a common domain user access services on local computers as a domain administrator, thus escalating local...
Chrome and Windows 7 32-Bit Vulnerabilities Threat Alert
Overview On March 7 (local time), Google released a security advisory to announce the existence of a Microsoft Windows vulnerability. According to Google, this local privilege escalation vulnerability could be exploited together with the vulnerability (CVE-2019-5786) in Google Chrome announced last week, to take control of the machine of the...
Resource-based Constrained Delegation Allows Obtaining of System Privileges of Any Domain Hosts Threat Alert
1 Vulnerability Overview Recently, the NSFOCUS M01N team released the Analysis of Privilege Escalation Attacks by Exploiting Resource-based Constrained Delegation, in which they describe the principle of attacks launched by exploiting the resource-based constrained delegation, so as to escalate privileges of domain hosts. For details, click the following link: (more…)
