Tag Archives: WebDAV

August episode of “In The Trend of VM”: 5 vulnerabilities in Microsoft Windows and one in WordPress

Leave a reply

August episode of “In The Trend of VM”: 5 vulnerabilities in Microsoft Windows and one in WordPress. We have branched off from Seclab news videos and started releasing separate episodes. Hooray! 🥳😎 If we get enough views, we will continue to release them in the future. It’s up to you, please follow the link to the video platform and click “Like” button and/or leave a comment. 🥺

📹 Video “In The Trend of VM” on YouTube
🗞 A post on Habr (rus) a slightly expanded script of the video
🗒 A compact digest (rus) on the official PT website

List of vulnerabilities:

🔻 00:48 Remote Code Execution – Windows Remote Desktop Licensing Service “MadLicense” (CVE-2024-38077)
🔻 02:22 Security Feature Bypass – Windows Mark of the Web “Copy2Pwn” (CVE-2024-38213)
🔻 03:23 Elevation of Privilege – Windows Ancillary Function Driver for WinSock (CVE-2024-38193), Windows Kernel (CVE-2024-38106), Windows Power Dependency Coordinator (CVE-2024-38107)
🔻 04:50 Unauthenticated Elevation of Privilege – WordPress LiteSpeed Cache Plugin (CVE-2024-28000)

English voice over was generated by my open source utility subtivo (subtitles to voice over)

06:39 Check out the final jingle I generated using AI services 😉 (ToolBaz for lyrics and Suno for music)

На русском

Security Feature Bypass – Windows Mark of the Web “Copy2Pwn” (CVE-2024-38213)

Leave a reply

Security Feature Bypass - Windows Mark of the Web Copy2Pwn (CVE-2024-38213)

Security Feature Bypass – Windows Mark of the Web “Copy2Pwn” (CVE-2024-38213). The vulnerability was released as part of the August Microsoft Patch Tuesday (although ZDI writes that MS fixed it earlier, in June).

The vulnerability allows attackers to bypass the SmartScreen security feature, which protects users from running potentially malicious files downloaded from the Internet.

What is it about? There is a set of extensions over HTTP for collaborative work with files – WebDAV.

🔹 The WebDAV share can be accessed via a web browser::

http://10_.37.129.2/example_webdav_folder/somefile

🔹 Or you can do it via Windows Explorer (like SMB):

\\10_.37.129.2@80\example_webdav_folder

When copying from the WebDAV share via Windows Explorer, the Mark-of-the-Web label was not set. 🤷‍♂️ That’s why the name is “Copy2Pwn”. 😏

According to ZDI, the vulnerability has been exploited by the DarkGate malware operator since at least March 2024.

На русском

Microsoft Patch Tuesday April 2020: my classification script, confusing RCE in Adobe Type Manager and updates for older vulnerabilities

1 Reply

Microsoft Patch Tuesday April 2020: my classification script, confusing RCE in Adobe Type Manager and updates for older vulnerabilities. Making the reviews of Microsoft Patch Tuesday vulnerabilities should be an easy task. All vulnerability data is publicly available. Even better, dozens of reviews have already been written. Just read them, combine and post. Right?

Microsoft Patch Tuesday April 2020: my classification script, confusing RCE in Adobe Type Manager and updates for older vulnerabilities

Not really. In fact it is quite boring and annoying. It may be fun to write about vulnerabilities that were already used in some real attacks. But this is a very small part of all vulnerabilities. What about more than a hundred others? They are like “some vulnerability in some component may be used in some attack (or may be not)”. If you describe each of them, no one will read or listen this.

You must choose what to highlight. And when I am reading the reports from Tenable, Qualys and ZDI, I see that they choose very different groups of vulnerabilities, pretty much randomly.

My classification script

That’s why I created a script that takes Patch Tuesday CVE data from microsoft.com and visualizes it giving me helicopter view on what can be interesting there. With nice grouping by vulnerability type and product, with custom icons for vulnerability types, coloring based on severity, etc.

Continue reading