Category Archives: Topics

August Microsoft Patch Tuesday

Leave a reply

August Microsoft Patch Tuesday

August Microsoft Patch Tuesday. 130 CVEs, of which 45 were added since July MSPT.

In the TOP suddenly is RCE – OpenSSH “regreSSHion” (CVE-2024-6387), which MS fixed in Azure. 🙂

6 vulnerabilities with signs of exploitation in the wild. 😱 It’s been a long time since we’ve seen so many. I will write about them in separate posts.

🔻 EoP – Windows Kernel (CVE-2024-38106), Windows Ancillary Function Driver for WinSock (CVE-2024-38193), Windows Power Dependency Coordinator (CVE-2024-38107)
🔻 Security Feature Bypass – Windows Mark of the Web (CVE-2024-38213)
🔻 RCE – Microsoft Project (CVE-2024-38189)
🔻 RCE – Scripting Engine (CVE-2024-38178)

Other:

🔸 AuthBypass – Windows Update Stack (CVE-2024-38202) – the vulnerability was recently presented at BlackHat
🔹 Interesting RCEs – Windows TCP/IP (CVE-2024-38063) and LPD (CVE-2024-38199)
🔹 A lot of EoPs in Windows components (~26)

🗒 Full Vulristics report

На русском

Remote Code Execution – Windows Remote Desktop Licensing Service “MadLicense” (CVE-2024-38077)

Leave a reply

Remote Code Execution - Windows Remote Desktop Licensing Service MadLicense (CVE-2024-38077)

Remote Code Execution – Windows Remote Desktop Licensing Service “MadLicense” (CVE-2024-38077). The vulnerability was fixed in July Patch Tuesday. An unauthenticated attacker can get RCE by sending messages to RDL. CVSS 9.8. Updates for Win Server from 2008 to 2022.

What is the RDL service? By default, Remote Desktop Services allow only two simultaneous RDP connections to a Windows server. If you need more, you need to purchase additional licenses. These licenses are managed by the RDL service. Often, admins enable RDL on Win servers where it is not needed. 🙄🤷‍♂️

On August 9, a write-up and PoC for Server 2025 were posted on GitHub. So far, it’s only Python pseudo-code without critical parts.

They write that 170,000 hosts with RDL are accessible from the Internet. 🤷‍♂️ And there should be countless of them on intranets.

❗️ Looks like a long-running trending vulnerability story.

Researchers promise us BadLicense and DeadLicense as well. 😉

На русском

What is known about the 0.0.0.0_Day vulnerability?

Leave a reply

What is known about the 0.0.0.0_Day vulnerability?

What is known about the 0.0.0.0_Day vulnerability? The original post was published on August 7 by Oligo Security. Last year, this Israeli company released research about ShellTorch vulnerability. This time, another research on local services accessible from the outside.

When a victim visits a malicious website, this site can interact with web services on the victim’s localhost at 0.0.0.0_ using JS. The trick works with Chromium, Firefox, and Safari on MacOS and Linux. This is not cool, browsers should block requests to localhost.

So, let’s say the site interacts with some services on localhost (if any), so what? Well, if the service is poorly written, then this can very potentially lead to RCE. 🤷‍♂️ For demonstration, the researchers took an exploited in the wild vulnerability in the Ray AI framework (ShadowRay) and attacked the local Ray server through 0.0.0.0_Day. 🤔

So far, it doesn’t look like 0.0.0.0_Day will become a trending vulnerability.

На русском

Qualys announced the TotalAI module for artificial intelligence (AI) and large language models (LLM) security

Leave a reply

Qualys announced the TotalAI module for artificial intelligence (AI) and large language models (LLM) security

Qualys announced the TotalAI module for artificial intelligence (AI) and large language models (LLM) security. The module will be available in Q4 2024 as part of the Enterprise TruRisk platform.

Announced features:

🔹 Detection and monitoring of the AI ​​infrastructure of organizations. To avoid “shadow LLM”.

🔹 Vulnerability Management with a focus on AI threats. Especially on countering theft (extraction) of data and models. They will offer a variety of ways to fix vulnerabilities.

🔹 Specialized LLM scanning focussed on prompt injection, model theft, and disclosure of confidential information.

🔹 Compliance Management and risk management. They emphasize combating data leaks and mention GDPR, PCI, CCPA.

There is a screenshot of the interface with statistics on models and related threats. We can also see statistics on threats related to assets and interesting informers for AI Workloads, AI Software and GPU.

На русском

I also made a meme with the cool Yusuf Dikeç

Leave a reply

I also made a meme with the cool Yusuf Dikeç

I also made a meme with the cool Yusuf Dikeç. 😅

🔹 Every vulnerability existing in the infrastructure must be detected.
🔹 For each detected vulnerability, a patching task must be created.

This is the base. And when they tell you that you don’t have to do this because there is some super-modern vulnerability assessment and prioritization tool, you should be skeptical. 😉

На русском

Regarding the Qualys Patch Management event that took place yesterday

Leave a reply

Regarding the Qualys Patch Management event that took place yesterday

Regarding the Qualys Patch Management event that took place yesterday.

I liked:

✅ Cool report by Eran Livne about Patch Management capabilities in Qualys. 👍 Especially about creating linked patching tasks (first for a test scope, and a week later for a full scope) and about the ability to isolate hosts as a mitigation option (access remains only from the Qualys cloud). The part about new TruRisk Eliminate was also interesting.
✅ Adam Gray beautifully justified the need for mandatory patching (since prevention doesn’t really work 🤷‍♂️).

I didn’t like:

❌ Most speakers focused on other information security topics rather than patch management. I think it would have been possible to select more thematic reports for this event.
❌ I simply can’t accept theses like “you don’t need to patch all vulnerabilities”. 🤷‍♂️ My position: you need to patch everything. And workarounds are good for a while UNTIL a patch is installed.

На русском