Category: windows

Auto Added by WPeMatico

New Windows IPv6 Zero-Click Vulnerability

Posted on By infossl
microsoft, patching, Security technology, Uncategorized, vulnerabilities, windows

The press is reporting a critical Windows vulnerability affecting IPv6. As Microsoft explained in its Tuesday advisory, unauthenticated attackers can exploit the flaw remotely in low-complexity attacks by repeatedly sending IPv6 packets that include specially crafted packets. Microsoft also shared its exploitability assessment for this critical vulnerability, tagging it with an “exploitation more likely” label, … Read More “New Windows IPv6 Zero-Click Vulnerability” »

New Windows/Linux Firmware Attack

Posted on By infossl
bios, exploits, firmware, linux, Security technology, Uncategorized, vulnerabilities, windows

Interesting attack based on malicious pre-OS logo images: LogoFAIL is a constellation of two dozen newly discovered vulnerabilities that have lurked for years, if not decades, in Unified Extensible Firmware Interfaces responsible for booting modern devices that run Windows or Linux…. The vulnerabilities are the subject of a coordinated mass disclosure released Wednesday. The participating … Read More “New Windows/Linux Firmware Attack” »

Hacks at Pwn2Own Vancouver 2023

Posted on By infossl
adobe, cars, hacking, Security technology, Uncategorized, windows, zero-day

An impressive array of hacks were demonstrated at the first day of the Pwn2Own conference in Vancouver: On the first day of Pwn2Own Vancouver 2023, security researchers successfully demoed Tesla Model 3, Windows 11, and macOS zero-day exploits and exploit chains to win $375,000 and a Tesla Model 3. The first to fall was Adobe … Read More “Hacks at Pwn2Own Vancouver 2023” »

Critical Microsoft Code-Execution Vulnerability

Posted on By infossl
microsoft, patching, Security technology, Uncategorized, vulnerabilities, windows

A critical code-execution vulnerability in Microsoft Windows was patched in September. It seems that researchers just realized how serious it was (and is): Like EternalBlue, CVE-2022-37958, as the latest vulnerability is tracked, allows attackers to execute malicious code with no authentication required. Also, like EternalBlue, it’s wormable, meaning that a single exploit can trigger a … Read More “Critical Microsoft Code-Execution Vulnerability” »

Interesting Privilege Escalation Vulnerability

Posted on By infossl
privilege escalation, Security technology, Uncategorized, vulnerabilities, windows, zero-day

If you plug a Razer peripheral (mouse or keyboard, I think) into a Windows 10 or 11 machine, you can use a vulnerability in the Razer Synapse software — which automatically downloads — to gain SYSTEM privileges. It should be noted that this is a local privilege escalation (LPE) vulnerability, which means that you need … Read More “Interesting Privilege Escalation Vulnerability” »

Chinese Hackers Stole an NSA Windows Exploit in 2014

Posted on By infossl
china, exploits, hacking, microsoft, nsa, Security technology, Uncategorized, windows

Check Point has evidence that (probably government affiliated) Chinese hackers stole and cloned an NSA Windows hacking tool years before (probably government affiliated) Russian hackers stole and then published the same tool. Here’s the timeline: The timeline basically seems to be, according to Check Point: 2013: NSA’s Equation Group developed a set of exploits including … Read More “Chinese Hackers Stole an NSA Windows Exploit in 2014” »

Twelve-Year-Old Vulnerability Found in Windows Defender

Posted on By infossl
malware, microsoft, patching, Security technology, Uncategorized, vulnerabilities, windows

Researchers found, and Microsoft has patched, a vulnerability in Windows Defender that has been around for twelve years. There is no evidence that anyone has used the vulnerability during that time. The flaw, discovered by researchers at the security firm SentinelOne, showed up in a driver that Windows Defender — renamed Microsoft Defender last year … Read More “Twelve-Year-Old Vulnerability Found in Windows Defender” »

Attack Against PC Thunderbolt Port

Posted on By infossl
hacking, intel, linux, physicalsecurity, Security technology, vulnerabilities, windows

The attack requires physical access to the computer, but it’s pretty devastating: On Thunderbolt-enabled Windows or Linux PCs manufactured before 2019, his technique can bypass the login screen of a sleeping or locked computer — and even its hard disk encryption — to gain full access to the computer’s data. And while his attack in … Read More “Attack Against PC Thunderbolt Port” »

Critical Windows Vulnerability Discovered by NSA

Posted on By infossl
certificates, cryptography, encryption, exploits, maninthemiddleattacks, microsoft, nsa, Security technology, vulnerabilities, windows, zeroday

Yesterday’s Microsoft Windows patches included a fix for a critical vulnerability in the system’s crypto library. A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was … Read More “Critical Windows Vulnerability Discovered by NSA” »