Tag Archives: AFDsys

March episode “In the Trend of VM” (#13): vulnerabilities of Microsoft, PAN-OS, СommuniGate and who should patch hosts with deployed application

Leave a reply

March episode “In the Trend of VM” (#13): vulnerabilities of Microsoft, PAN-OS, СommuniGate and who should patch hosts with deployed application. I’m posting the translated video with a big delay, but it’s better than never. 😉

📹 Video on YouTube and LinkedIn
🗞 Post on Habr (rus)
🗒 Digest on the PT website

Content:

🔻 00:00 Greetings
🔻 00:31 Elevation of Privilege – Windows Ancillary Function Driver for WinSock (CVE-2025-21418)
🔻 01:12 Elevation of Privilege – Windows Storage (CVE-2025-21391)
🔻 01:53 Authentication Bypass – PAN-OS (CVE-2025-0108)
🔻 03:09 Remote Code Execution – CommuniGate Pro (BDU:2025-01331)
🔻 04:27 The VM riddle: who should patch hosts with a deployed application?
🔻 07:11 About the digest of trending vulnerabilities

На русском

August episode of “In The Trend of VM”: 5 vulnerabilities in Microsoft Windows and one in WordPress

Leave a reply

August episode of “In The Trend of VM”: 5 vulnerabilities in Microsoft Windows and one in WordPress. We have branched off from Seclab news videos and started releasing separate episodes. Hooray! 🥳😎 If we get enough views, we will continue to release them in the future. It’s up to you, please follow the link to the video platform and click “Like” button and/or leave a comment. 🥺

📹 Video “In The Trend of VM” on YouTube
🗞 A post on Habr (rus) a slightly expanded script of the video
🗒 A compact digest (rus) on the official PT website

List of vulnerabilities:

🔻 00:48 Remote Code Execution – Windows Remote Desktop Licensing Service “MadLicense” (CVE-2024-38077)
🔻 02:22 Security Feature Bypass – Windows Mark of the Web “Copy2Pwn” (CVE-2024-38213)
🔻 03:23 Elevation of Privilege – Windows Ancillary Function Driver for WinSock (CVE-2024-38193), Windows Kernel (CVE-2024-38106), Windows Power Dependency Coordinator (CVE-2024-38107)
🔻 04:50 Unauthenticated Elevation of Privilege – WordPress LiteSpeed Cache Plugin (CVE-2024-28000)

English voice over was generated by my open source utility subtivo (subtitles to voice over)

06:39 Check out the final jingle I generated using AI services 😉 (ToolBaz for lyrics and Suno for music)

На русском

About Elevation of Privilege – Windows Ancillary Function Driver for WinSock (CVE-2024-38193) and other Windows EoP vulnerabilities from August Patch Tuesday

Leave a reply

About Elevation of Privilege - Windows Ancillary Function Driver for WinSock (CVE-2024-38193) and other Windows EoP vulnerabilities from August Patch Tuesday

About Elevation of Privilege – Windows Ancillary Function Driver for WinSock (CVE-2024-38193) and other Windows EoP vulnerabilities from August Patch Tuesday. In total, in the August MSPT there were 3 EoPs with signs of exploitation in the wild. They have identical descriptions: an attacker can elevate privileges on the host to SYSTEM level. The vulnerability in Windows Kernel is more difficult to exploit, because it is necessary to win a race condition.

We only know the names of the attackers who exploited the EoP vulnerability in the Windows Ancillary Functions Driver (AFD.sys). It is exploited by the well-known group Lazarus. This was reported in a press release from Gen Digital, the company that owns Avira and Avast antiviruses. To neutralize information security products during an attack, Lazarus attackers use the Fudmodule rootkit. So, even if EDR is installed on the host, the host should be updated. 😏

На русском