EoP – Qualys ThreatPROTECT

Windows Kernel Elevation of Privilege Vulnerability: CVE-2018-8611

Posted by Deepak Shanker on December 12, 2018

An elevation of privilege vulnerability in the Kernel Transaction Manager (KTM) driver . It is exploited via a race condition that occurs when file transaction in the kernel mode are not handled properly. Successful exploitation can lead to remote code execution on the target via browsers. it can be leveraged sandbox escape in browsers. CVE-2018-8611 has been assigned … Continue reading “Windows Kernel Elevation of Privilege Vulnerability: CVE-2018-8611”

Windows Win32k Elevation of Privilege Vulnerability: CVE-2018-8589

Posted by Deepak Shanker on November 14, 2018November 14, 2018

An elevation of privilege vulnerability has been disclosed in the Windows OS. The issue affects Windows 7, Server 2008 (R2) both core and non-core versions. CVE-2018-8589 has been assigned to track this vulnerability. Microsoft has addressed this issue in November 2018 patch release. However a patched target may still crash (BSOD) if the exploit is triggered. For exploiting … Continue reading “Windows Win32k Elevation of Privilege Vulnerability: CVE-2018-8589”

IBM QRadar Authentication Bypass: CVE-2018-1418

Posted by Deepak Shanker on May 29, 2018May 29, 2018

Multiple vulnerabilities in IBM QRadar have been disclosed. Upon successful exploitation an attacker can bypass authentication and achieve remote code execution. CVE-2018-1418 has been assigned to track this vulnerability. IBM Qradar is an SIEM tool used to detect and analyze security anomalies. The issue affects QRadar SIEM 7.3.0 to 7.3.1 Patch 2 and 7.2.0 to 7.2.8 … Continue reading “IBM QRadar Authentication Bypass: CVE-2018-1418”

Win32k Elevation of Privilege : CVE-2018-8120

Posted by Deepak Shanker on May 18, 2018July 10, 2018

A null pointer deference vulnerability in Win32k.sys has been disclosed to Microsoft. CVE-2018-8120 has been assigned to track this vulnerability. The attacker needs to be able to execute a crafted application on the target machine to be able to exploit this vulnerability. Upon successful exploitation the attacker can achieve arbitrary code execution with system level … Continue reading “Win32k Elevation of Privilege : CVE-2018-8120”

Mishandling of Debug Exceptions Leading to Elevation of Privilege : CVE-2018-8897

Posted by Deepak Shanker on May 15, 2018May 15, 2018

An elevation of privilege attack was discovered in the stack change mechanism in Intel and AMD. On exploitation an attacker can execute user level code in kernel context or cause DoS. The vulnerability resulted due to misinterpretation of the documents describing the stack change process. CVE-2018-8897 has been assigned to track this vulnerability. The researchers … Continue reading “Mishandling of Debug Exceptions Leading to Elevation of Privilege : CVE-2018-8897”

[Zero Day] Memory Leak and Buffer Overflow Vulnerability in GNU C Library Dynamic Loader

Posted by Deepak Shanker on December 11, 2017January 30, 2018

Qualys Vulnerability and Malware Research Labs has uncovered vulnerabilities in the Linux operating system specifically in glibc’s ld.so shared object. CVE-2017-1000408 is a Memory Leak vulnerability and CVE-2017-1000409 is a Buffer overflow vulnerability which is not exploitable if /proc/sys/fs/protected_hardlinks is enabled on the machine. The targets are not vulnerable to either of these vulnerabilities if … Continue reading “[Zero Day] Memory Leak and Buffer Overflow Vulnerability in GNU C Library Dynamic Loader”

Stack-Clash Vulnerability

Posted by Deepak Shanker on June 19, 2017December 11, 2017

The security research team at Qualys has discovered multiple vulnerabilities in guard-page implementations in various Linux versions. This bug can be exploited by local users to gain root privileges by compromising memory regions pertaining to other application and shared libraries. Qualys has disclosed these vulnerabilities to vendors and has been working with them for a … Continue reading “Stack-Clash Vulnerability”

CVE-2017-5689: Intel Elevation Of Privilege Vulnerability

Posted by Deepak Shanker on May 9, 2017May 9, 2017

An Elevation of privilege vulnerability in Intel’s Management solutions, was confirmed by Intel who released INTEL-SA-00075 for the same. The vulnerability can allow an unprivileged attacker to take over the management features. This vulnerability is assigned ID CVE-2017-5689, it rated as critical for affected targets. It is important to note that this bug does not affect … Continue reading “CVE-2017-5689: Intel Elevation Of Privilege Vulnerability”

Windows GDI Elevation of Privilege Vulnerability: CVE-2017-0005

Posted by Deepak Shanker on March 29, 2017

An Elevation of Privilege vulnerability in the Windows GDI component was reported to Microsoft by Lockheed Martin Computer Incident Response Team. The vulnerability is assigned Id – CVE-2017-0005 “Windows GDI Elevation of Privilege Vulnerability”. The bug was addressed in MS17-0013 along with other GDI targeted EoP vulnerabilities. According to Microsoft this exploit is used by the … Continue reading “Windows GDI Elevation of Privilege Vulnerability: CVE-2017-0005”

Windows Disk Cloning Vulnerability CVE-2016-7224

Posted by Deepak Shanker on November 22, 2016November 29, 2016

Introduction: Microsoft has released many fixes in the month of November, MS16-138 focuses on the virtual hard disk driver(VHD) vulnerabilities. In article we will be focusing on the CVE-2016-7224, Google Project Zero disclosed this vulnerability to microsoft. The vulnerability also compromises confidentiality as it leaks information. We will first provide some background about virtual disks … Continue reading “Windows Disk Cloning Vulnerability CVE-2016-7224”