Microsoft patched 126 vulnerabilities in their January 2022 Patch Tuesday release. Out of these, nine are rated as critical severity. As of this writing, none of the 126 vulnerabilities are known to be actively exploited. Microsoft has fixed problems in their software including Remote Code Execution (RCE) vulnerabilities, privilege escalation security flaws, spoofing bugs, … Continue reading “Microsoft Windows security update for January 2022 addresses 126 Vulnerabilities with 9 rated as Critical”
Tag: Privilege Escalation
Microsoft Active Directory Domain Services (AD DS) Privilege Escalation Vulnerability (CVE-2021-42278 & CVE-2021-42287)
Following the release of a proof-of-concept (PoC) tool on December 12, Microsoft is advising users to repair two security vulnerabilities (tracked as CVE-2021-42287 and CVE-2021-42278) in Active Directory domain controllers that it addressed in November. Both flaws are categorized as “Windows Active Directory domain service privilege-escalation” flaws with a CVSS criticality score of 7.5 out of … Continue reading “Microsoft Active Directory Domain Services (AD DS) Privilege Escalation Vulnerability (CVE-2021-42278 & CVE-2021-42287)”
Azure Open Management Infrastructure Remote Code Execution (RCE) Vulnerability (OMIGOD, CVE-2021-38647)
As part of its monthly Patch Tuesday security updates, Microsoft has patched a collection of four vulnerabilities in OMI (Open Management Infrastructure), a mostly unknown application that the company has been silently installing on most Linux-based Azure virtual machines and related systems. OMI (Open Management Infrastructure) OMI, the app is the Linux equivalent of Microsoft’s … Continue reading “Azure Open Management Infrastructure Remote Code Execution (RCE) Vulnerability (OMIGOD, CVE-2021-38647)”
SolarWinds Full System Control Vulnerabilities (CVE-2021-25274, CVE-2021-25275, CVE-2021-25276)
Three critical vulnerabilities were observed in SolarWinds products. All these severe bugs allow remote code execution with high privileges. At the time of this blog being published, there has been no active PoC in the wild. CVE-2021-25274 – MSMQ Remote Code Execution SolarWinds Collector Service uses MSMQ (Microsoft Message Queue), and it doesn’t set permissions … Continue reading “SolarWinds Full System Control Vulnerabilities (CVE-2021-25274, CVE-2021-25275, CVE-2021-25276)”
Microsoft Windows Netlogon Privilege Escalation Vulnerability (CVE-2020-1472)
A severe bug identified as CVE-2020-1472 with a criticality of 10 is being exploited publicly in the wild. This bug can take over Windows Servers running as Domain Controllers with domain-level privileges from a remote unauthenticated user. A Dutch team, collectively known as Secura, has published an exploit on Github with a technical writeup. According … Continue reading “Microsoft Windows Netlogon Privilege Escalation Vulnerability (CVE-2020-1472)”
Microsoft Windows Privilege Escalation Vulnerability(CVE-2020-1054)
Overview: On May 2020, Microsoft has fixed an Out of Bound Write vulnerability CVE-2020-1054, found in the DrawIconEx function of windows driver file. The bug was reported by CheckPoint Security Researcher Yoav Alon and Netanel Ben-Simon. Vulnerability occurs due to the Windows kernel-mode driver fails to properly handle objects in memory. This flaw allows local … Continue reading “Microsoft Windows Privilege Escalation Vulnerability(CVE-2020-1054)”
Docker Desktop Privilege Escalation Vulnerability(CVE-2020-11492)
Vulnerability Overview: Recently, a vulnerability has been discovered in Docker Desktop. This flaw allows a local user to escalate privilege on the system. Vulnerability exist in the docker Desktop service. Before looking into vulnerability, understand few concepts Docker Desktop and named pipe. Docker Desktop for Windows provides an environment for building, shipping, and running dockerized … Continue reading “Docker Desktop Privilege Escalation Vulnerability(CVE-2020-11492)”
CISCO ANYCONNECT secure mobility client on Windows Privilege Escalation Vulnerability (CVE-2020-3153)
Summary: Recently,a critical vulnerability was observed in wild in Cisco AnyConnect Secure Mobility Client on Windows. Its a privilege escalation vulnerability occurs with a manipulation with an unknown input. Classified as CWE-427 impacting the CIA triad. Description: This vulnerability is exploitable only by an authenticated as well as local attacker. It allows an attacker to … Continue reading “CISCO ANYCONNECT secure mobility client on Windows Privilege Escalation Vulnerability (CVE-2020-3153)”
Parallels Desktop Privilege Escalation And Out-Of-Bounds Vulnerability(CVE-2020-8871)
Overview: On May 2020, Parallels company has released security patch to fix the vulnerability CVE-2020-8871. Vulnerability could allow local user on the guest OS to escalate privileges and execute code on the host. Bug present in Parallels Desktop for Mac, product of Parallels. Parallels Desktop for Mac is software providing hardware virtualization for Mac. To … Continue reading “Parallels Desktop Privilege Escalation And Out-Of-Bounds Vulnerability(CVE-2020-8871)”
Symantec Endpoint Protection Privilege Escalation Vulnerability(CVE-2020-5837)
Overview A Privilege Escalation vulnerability has found in the Symantec Endpoint Protection (SEP) which allows attacker to create file anywhere in the system. Description Symantec Endpoint Protection create scanning log at “C:\Users\%username%\AppData\Local\Symantec\Symantec Endpoint Protection\Logs” with high privileges It’s possible to save scanning logs at different location using symbolic link. In windows to create symbolic link … Continue reading “Symantec Endpoint Protection Privilege Escalation Vulnerability(CVE-2020-5837)”