Tag Archives: DoS

Microsoft Patch Tuesday June 2023: Edge type confusion, Git RCE, OneNote Spoofing, PGM RCE, Exchange RCE, SharePoint EoP

Microsoft Patch Tuesday June 2023: Edge type confusion, Git RCE, OneNote Spoofing, PGM RCE, Exchange RCE, SharePoint EoP. Hello everyone! This episode will be about Microsoft Patch Tuesday for June 2023, including vulnerabilities that were added between May and June Patch Tuesdays.

Alternative video link (for Russia): https://vk.com/video-149273431_456239127

As usual, I use my open source Vulristics project to analyse and prioritize vulnerabilities. I took the comments about the vulnerabilities from the Qualys, Tenable, Rapid7, ZDI Patch Tuesday reviews. This time there were only 3 vulnerabilities used in attacks or with a public exploit. And only one of them is more or less relevant.

Continue reading

Microsoft Patch Tuesday March 2023: Outlook EoP, MOTW Bypass, Excel DoS, HTTP/3 RCE, ICMP RCE, RPC RCE

Microsoft Patch Tuesday March 2023: Outlook EoP, MOTW Bypass, Excel DoS, HTTP/3 RCE, ICMP RCE, RPC RCE. Hello everyone! This episode will be about Microsoft Patch Tuesday for March 2023, including vulnerabilities that were added between February and March Patch Tuesdays.

Alternative video link (for Russia): https://vk.com/video-149273431_456239119

As usual, I use my open source Vulristics project to analyse and prioritize vulnerabilities. I took the comments about the vulnerabilities from the Qualys, Tenable, Rapid7, ZDI Patch Tuesday reviews.

Microsoft Patch Tuesday for March 2023 was quite refreshing. 😈

Continue reading

Microsoft Patch Tuesday September 2022: CLFS Driver EoP, IP packet causes RCE, Windows DNS Server DoS, Spectre-BHB

Microsoft Patch Tuesday September 2022: CLFS Driver EoP, IP packet causes RCE, Windows DNS Server DoS, Spectre-BHB. Hello everyone! Let’s take a look at Microsoft’s September Patch Tuesday. This time it is quite compact. There were 63 CVEs released on Patch Tuesday day. If we add the vulnerabilities released between August and September Patch Tuesdays (as usual, they were in Microsoft Edge), the final number is 90. Much less than usual.

Alternative video link (for Russia): https://vk.com/video-149273431_456239101

Continue reading

Gitlab OmniAuth Static Passwords and stored XSS

Gitlab OmniAuth Static Passwords and stored XSS. Hello everyone! In this episode, let’s take a look at the latest vulnerabilities in Gitlab. On March 31, the Critical Security Release for GitLab Community Edition (CE) and Enterprise Edition (EE) was released. GitLab recommends that all installations running a version affected by the issues described in the bulletin are upgraded to the latest version as soon as possible.

Alternative video link (for Russia): https://vk.com/video-149273431_456239079

Unfortunately, Gitlab, as well as some other Western companies, is currently hostile to the country where I live and work. So their calls to immediately install updates now have additional connotations. If Gitlab is so clearly politically motivated that even the logo on their site has been recolored in a certain way, then what else can be expected from their updates? Backdoors? Malicious functionality that wipes data? Quite possible. IMHO, when companies are so willing to mix geopolitical messages and business, it exposes them as unreliable vendors that should be avoided.

But let’s get back to vulnerabilities. There are 17 CVEs in the bulletin. We will start with the most critical one.

Continue reading

Vulristics: Microsoft Patch Tuesdays Q1 2021

Vulristics: Microsoft Patch Tuesdays Q1 2021. Hello everyone! It has been 3 months since my last review of Microsoft vulnerabilities for Q4 2020. In this episode I want to review the Microsoft vulnerabilities for the first quarter of 2021. There will be 4 parts: January, February, March and the vulnerabilities that were released between the Patch Tuesdays.

I will be using the reports that I created with my Vulristics tool. This time I’ll try to make the episodes shorter. I will describe only the most critical vulnerabilities. Links to the full reports are at the bottom of the blog post.

Continue reading

Microsoft Patch Tuesday May 2020: comments from VM vendors, promising stuff for phishing, troubles with SharePoint and lulz with Visual Studio

Microsoft Patch Tuesday May 2020: comments from VM vendors, promising stuff for phishing, troubles with SharePoint and lulz with Visual Studio. This will be my third Microsoft Patch Tuesday report in video and audio format. And for the third time in a row, Microsoft has addressed over a hundred vulnerabilities. With my Microsoft Patch Tuesday parser, it was possible to generate a report almost on the same day. But, of course, it takes much more time to describe the vulnerabilities manually.

Microsoft Patch Tuesday May 2020
  • All vulnerabilities: 111
  • Critical: 16
  • Important: 95
  • Moderate: 0
  • Low: 0

Last time I complained that different VM vendors release completely different reports for Microsoft Patch Tuesday. This time I decided that it’s not a bug, but a feature. I upgraded my script to not only show vulnerabilities, but also show how these vulnerabilities were mentioned in the reports of various VM vendors (Tenable, Qualys, Rapid7 and ZDI). In my opinion, it seems pretty useful.

Continue reading

Microsoft Patch Tuesday March 2020: a new record was set, SMBv3 “Wormable” RCE and updates for February goldies

Microsoft Patch Tuesday March 2020: a new record was set, SMBv3 “Wormable” RCE and updates for February goldies. Without a doubt, the hottest Microsoft vulnerability in March 2020 is the “Wormable” Remote Code Execution in SMB v3 CVE-2020-0796. The most commonly used names for this vulnerability are EternalDarkness, SMBGhost and CoronaBlue.

Microsoft Patch Tuesday for March 2020: a new record was set, SMBv3  "Wormable" RCE and updates for February goldies

There was a strange story of how it was disclosed. It seems like Microsoft accidentally mentioned it in their blog. Than they somehow found out that the patch for this vulnerability will not be released in the March Patch Tuesday. So, they removed the reference to this vulnerability from the blogpost as quickly as they could.

But some security experts have seen it. And, of course, after EternalBlue and massive cryptolocker attacks in 2017, each RCE in SMB means “OMG, this is happening again, we need to do something really fast!” So, Microsoft just had to publish an advisory for this vulnerability with the workaround ADV200005 and to release an urgent patch KB4551762.

Continue reading