Tag Archives: Copy2Pwn

August episode of “In The Trend of VM”: 5 vulnerabilities in Microsoft Windows and one in WordPress

August episode of “In The Trend of VM”: 5 vulnerabilities in Microsoft Windows and one in WordPress. We have branched off from Seclab news videos and started releasing separate episodes. Hooray! 🥳😎 If we get enough views, we will continue to release them in the future. It’s up to you, please follow the link to the video platform and click “Like” button and/or leave a comment. 🥺

📹 Video “In The Trend of VM” on YouTube
🗞 A post on Habr (rus) a slightly expanded script of the video
🗒 A compact digest (rus) on the official PT website

List of vulnerabilities:

🔻 00:48 Remote Code Execution – Windows Remote Desktop Licensing Service “MadLicense” (CVE-2024-38077)
🔻 02:22 Security Feature Bypass – Windows Mark of the Web “Copy2Pwn” (CVE-2024-38213)
🔻 03:23 Elevation of Privilege – Windows Ancillary Function Driver for WinSock (CVE-2024-38193), Windows Kernel (CVE-2024-38106), Windows Power Dependency Coordinator (CVE-2024-38107)
🔻 04:50 Unauthenticated Elevation of Privilege – WordPress LiteSpeed Cache Plugin (CVE-2024-28000)

English voice over was generated by my open source utility subtivo (subtitles to voice over)

06:39 Check out the final jingle I generated using AI services 😉 (ToolBaz for lyrics and Suno for music)

На русском

Security Feature Bypass – Windows Mark of the Web “Copy2Pwn” (CVE-2024-38213)

Leave a reply

Security Feature Bypass – Windows Mark of the Web “Copy2Pwn” (CVE-2024-38213). The vulnerability was released as part of the August Microsoft Patch Tuesday (although ZDI writes that MS fixed it earlier, in June).

The vulnerability allows attackers to bypass the SmartScreen security feature, which protects users from running potentially malicious files downloaded from the Internet.

What is it about? There is a set of extensions over HTTP for collaborative work with files – WebDAV.

🔹 The WebDAV share can be accessed via a web browser::

http://10_.37.129.2/example_webdav_folder/somefile

🔹 Or you can do it via Windows Explorer (like SMB):

\\10_.37.129.2@80\example_webdav_folder

When copying from the WebDAV share via Windows Explorer, the Mark-of-the-Web label was not set. 🤷‍♂️ That’s why the name is “Copy2Pwn”. 😏

According to ZDI, the vulnerability has been exploited by the DarkGate malware operator since at least March 2024.

На русском

This is my personal blog. The opinions expressed here are my own and not of my employer. All product names, logos, and brands are property of their respective owners. All company, product and service names used here for identification purposes only. Use of these names, logos, and brands does not imply endorsement. You can freely use materials of this site, but it would be nice if you place a link on https://avleonov.com and send message about it at me@avleonov.com or contact me any other way.

Alexander V. Leonov

Vulnerability Management and more

Tag Archives: Copy2Pwn

August episode of “In The Trend of VM”: 5 vulnerabilities in Microsoft Windows and one in WordPress

Security Feature Bypass – Windows Mark of the Web “Copy2Pwn” (CVE-2024-38213)