Архив метки: PGM

Традиционный аудио/видео эпизод по итогам июльского Microsoft Patch Tuesday

1 комментарий

Традиционный аудио/видео эпизод по итогам июльского Microsoft Patch Tuesday. В этом месяце получилось и уязвимости разобрать, и доработать Vulristics. 😇 В августе буду в основном всякими образовательными инициативами заниматься. 🤫 Следите за обновлениями. 🙂

------

Hello everyone! This episode will be about Microsoft Patch Tuesday for July 2023, including vulnerabilities that were added between June and July Patch Tuesdays.

Vulristics improvements
00:11 Works faster
01:31 Microsoft ADVs
02:45 Comments Table

TOP
04:09 Remote Code Execution – Microsoft Office (CVE-2023-36884)
05:06 Security Feature Bypass – Windows SmartScreen (CVE-2023-32049)
05:48 Security Feature Bypass – Microsoft Outlook (CVE-2023-35311)
06:37 Elevation of Privilege – Windows Error Reporting Service (CVE-2023-36874)
07:16 Elevation of Privilege – Windows MSHTML Platform (CVE-2023-32046)

Other RCEs
08:10 Remote Code Execution – Windows Active Directory Certificate Services (AD CS) (CVE-2023-35350)
09:01 Remote Code Execution – Microsoft Message Queuing (CVE-2023-32057, CVE-2023-35309)
09:44 Remote Code Execution – Windows Routing and Remote Access Service (RRAS) (CVE-2023-35365, CVE-2023-35366, CVE-2023-35367)
10:24 Remote Code Execution – Windows Layer-2 Bridge Network Driver (CVE-2023-35315)
10:57 Remote Code Execution – Microsoft SharePoint (CVE-2023-33134, CVE-2023-33157, CVE-2023-33159, CVE-2023-33160)
11:42 Remote Code Execution – Windows Pragmatic General Multicast (PGM) (CVE-2023-35297)

🎞 Video
🎞 Video2 (for Russia)
📘 Blogpost
🗒 Vulristics report

Выпустил эпизод про июньский Microsoft Patch Tuesday

1 комментарий

Выпустил эпизод про июньский Microsoft Patch Tuesday. В целом, совпало с первыми впечатлениями, но добавил спуфинг в OneNote и подсветил уязвимости с "Proof-of-Concept Exploit" в CVSS Temporal. Ну и добавил деталей, как обычно.

———

Hello everyone! This episode will be about Microsoft Patch Tuesday for June 2023, including vulnerabilities that were added between May and June Patch Tuesdays. This time there were only 3 vulnerabilities used in attacks or with a public exploit. And only one of them is more or less relevant.

TOP of the Vulristics report
00:38 Memory Corruption – Microsoft Edge (CVE-2023-3079)
01:12 Remote Code Execution – GitHub (CVE-2023-29007)
01:40 Spoofing – Microsoft OneNote (CVE-2023-33140)

02:01 10 vulnerabilities CVSS Temporal Metrics "Proof-of-Concept Exploit"

No exploits or signs of exploitation in the wild
03:10 Remote Code Execution – Windows Pragmatic General Multicast (PGM) (CVE-2023-29363, CVE-2023-32014, CVE-2023-32015)
04:02 Remote Code Execution – Microsoft Exchange (CVE-2023-32031, CVE-2023-28310)
05:27 Elevation of Privilege – Microsoft SharePoint (CVE-2023-29357)

🎞 Video
🎞 Video2 (for Russia)
📘 Blogpost
🗒 Vulristics report

Выпустил эпизод про майский Microsoft Patch Tuesday

1 комментарий

Выпустил эпизод про майский Microsoft Patch Tuesday. Первые впечатления оказались вполне верными. Добавил ещё 4 уязвимости, которые выглядят многообещающе, расширил описание и указал на пару странностей в EPSS.

———

Hello everyone! This episode will be about Microsoft Patch Tuesday for May 2023, including vulnerabilities that were added between April and May Patch Tuesdays. As usual, I use my open source Vulristics project to analyse and prioritize vulnerabilities. I took the comments about the vulnerabilities from the Qualys, Tenable, Rapid7, ZDI Patch Tuesday reviews. It's been a long time since we've had such tiny Patch Tuesday. 57 CVEs, including CVEs appeared during the month. And only 38 without them! 😄

Urgent
00:45 Memory Corruption – Microsoft Edge (CVE-2023-2033)

Critical
01:17 Security Feature Bypass – Secure Boot (CVE-2023-24932)
02:55 Memory Corruption – Microsoft Edge (CVE-2023-2136)

High
03:11 Remote Code Execution – Windows OLE (CVE-2023-29325)
04:20 Elevation of Privilege – Windows Win32k (CVE-2023-29336)
05:19 Remote Code Execution – Windows Network File System (CVE-2023-24941)
06:07 Remote Code Execution – Windows Pragmatic General Multicast (PGM) (CVE-2023-24943)
06:58 Remote Code Execution – Windows Lightweight Directory Access Protocol (LDAP) (CVE-2023-28283)
07:31 Remote Code Execution – Microsoft SharePoint (CVE-2023-24955)

🎞 Video
🎞 Video2 (for Russia)
📘 Blogpost
🗒 Vulristics report