Windows Vulnerability

Windows Privilege Escalation Vulnerability (CVE-2021-36934) Threat Alert

agosto 24, 2021

Overview Recently, NSFOCUS CERT discovered a critical security bulletin released by Microsoft to disclose a privilege escalation vulnerability (CVE-2021-36934) in Windows. A privilege escalation vulnerability exists because of overly permissive Access Control Lists (ACLs) on multiple system files (including the Security Account Manager (SAM) database). When a built-in administrator account is enabled in the system, […]

Microsoft’s July 2021 Security Updates Fix Multiple Products’ High-Risk Vulnerabilities

julho 28, 2021

Overview According to NSFOCUS CERT’s monitoring, Microsoft released July 2021 Security Updates on July 14 to fix 117 vulnerabilities, including high-risk remote code execution and privilege escalation, in widely used products like Windows, Microsoft Office, Microsoft Edge, Visual Studio, and SharePoint Server. In the vulnerabilities fixed by this month’s security updates, there are 13 critical […]

Windows Print Spooler RCE Vulnerabilities (CVE-2021-1675/CVE-2021-34527) Mitigation Guide

julho 13, 2021

Overview On July 7, 2021, Beijing time, Microsoft released a security patch on the PrintNightmare vulnerability (CVE-2021-34527). NSFOCUS CERT recommends that users install this patch as soon as possible. On June 29, NSFOCUS CERT found that a security researcher published an exploit of the Windows Print Spooler remote code execution (RCE) vulnerability (PrintNightmare) on GitHub. […]

Microsoft February Security Updates for Multiple High-Risk Product Vulnerabilities

fevereiro 25, 2021

Vulnerability Description On February 10, 2021, Beijing time, Microsoft released February 2021 Security Updates that fix 56 vulnerabilities, including high-risk ones like remote code execution and privilege escalation in various widely used products such as Microsoft Windows, Microsoft Office, Microsoft Exchange Server, Visual Studio, and Microsoft .NET Framework. In these security updates, Microsoft fixes 11 […]

Windows Network File System Vulnerabilities (CVE-2020-17051, CVE-2020-17056) Threat Alert

dezembro 2, 2020

Overview

On November 10, 2020 local time, Microsoft fixed two vulnerabilities in the Windows Network File System (NFS) in its monthly security updates, which are CVE-2020-17051 and CVE-2020-17056.

CVE-2020-17051 is a remote code execution vulnerability on the nfssvr.sys driver. It is said that the vulnerability can be reproduced to cause an immediate BSOD (Blue Screen of Death) within the driver [3].

CVE-2020-17056 is a remote out-of-bounds read vulnerability on the nfssvr.sys driver, which can lead to an address space layout randomization (ASLR) bypass.

(mais…)

Windows TCP/IP Remote Code Execution Vulnerability (CVE-2020-16898) Threat Alert

novembro 2, 2020

Overview

On October 13, 2020 (local time), Microsoft fixed a critical vulnerability dubbed Bad Neighbor (CVE-2020-16898) in the Windows TCP/IP stack in its latest monthly patch update. An attacker might execute arbitrary code on a remote system by sending maliciously crafted ICMPv6 Router Advertisement packets.

McAfee said the proof-of-concept code shared with MAPP (Microsoft Active Protection Program) members is both simple and reliable and can result in an immediate BSOD (Blue Screen of Death)

(mais…)

Windows Remote Desktop Services Remote Code Execution Vulnerability (CVE-2019-0708) Exploit Disclosure Threat Alert

setembro 25, 2019

  1. Exploit Disclosure

In the early morning of September 7, Beijing time, a developer disclosed a Metasploit exploit module for the Windows remote desktop services remote code execution vulnerability (CVE-2019-0708) on GitHub. The initial public exploit module (BlueKeep) for the CVE-2019-0708 vulnerability could cause old versions of Windows (Windows 7 SP1 x64 and Windows 2008 R2 x64) to execute code remotely without user interaction. This vulnerability, like WannaCry, will propagate widely, having constituted security threats in the wild.

  (mais…)

Windows NTLM Tampering Vulnerability (CVE-2019-1040) Threat Alert

junho 17, 2019

1 Vulnerability Overview

On June 12, 2019, Beijing time, Microsoft released security patches for the Windows NTLM tampering vulnerability (CVE-2019-1040), which exists in Windows operating systems and allows attackers to bypass the NTLM MIC (Message Integrity Check) protection. (mais…)