Tag Archives: Win32k

October 2023: back to Positive Technologies, Vulristics updates, Linux Patch Wednesday, Microsoft Patch Tuesday, PhysTech VM lecture

2 Replies

Hello everyone! October was an interesting and busy month for me. I started a new job, worked on my open source Vulristics project, and analyzed vulnerabilities using it. Especially Linux vulnerabilities as part of my new Linux Patch Wednesday project. And, of course, analyzed Microsoft Patch Tuesday as well. In addition, at the end of October I was a guest lecturer at MIPT/PhysTech university. But first thing first.

Alternative video link (for Russia): https://vk.com/video-149273431_456239138

Back to Positive Technologies

back to Positive Technologies
back to Positive Technologies

On October 3, I joined the Positive Technologies team. There I will work on developing Vulnerability Management practices. I have already worked at PT for 6 years, from June 2009 to October 2015. And now, exactly 8 years later, I’m here again. I feel very pleasant emotions about this and have many plans. 🤩 I am sure that in the PT team I will be able to implement many cool things for the development of Vulnerability Management in Russia and abroad. 🙂

Continue reading

Microsoft Patch Tuesday May 2023: Microsoft Edge, BlackLotus Secure Boot SFB, OLE RCE, Win32k EoP, NFS RCE, PGM RCE, LDAP RCE, SharePoint RCE

1 Reply

Hello everyone! This episode will be about Microsoft Patch Tuesday for May 2023, including vulnerabilities that were added between April and May Patch Tuesdays.

Alternative video link (for Russia): https://vk.com/video-149273431_456239126

As usual, I use my open source Vulristics project to analyse and prioritize vulnerabilities. I took the comments about the vulnerabilities from the Qualys, Tenable, Rapid7, ZDI Patch Tuesday reviews.

It’s been a long time since we’ve had such tiny Patch Tuesday. 57 CVEs, including CVEs appeared during the month. And only 38 without them! 😄

Continue reading

Microsoft Patch Tuesday January 2022

Leave a reply

Hello everyone! This episode will be about Microsoft Patch Tuesday for January 2022. Traditionally, I will use my open source Vulristics tool for analysis. This time I didn’t make any changes to how connectors work. The report generation worked correctly on the first try.

python3.8 vulristics.py --report-type "ms_patch_tuesday" --mspt-year 2022 --mspt-month "January" --rewrite-flag "True"

The only thing I have improved is the detection of types of vulnerabilities and vulnerable products. “Unknown Vulnerability Type” was for two vulnerabilities, so I added the “Elevation Of Privilege” и “Cross-Site Scripting” spelling options. I added detections for 13 products and 19 Windows components. I also corrected the method for sorting vulnerabilities with the same Vulristics score. Previously, such vulnerabilities were sorted by CVE id, now they are sorted by vulnerability type and product. This allows you to see the clusters of similar vulnerabilities.

Continue reading

Vulristics: Microsoft Patch Tuesdays Q2 2021

Leave a reply

Hello everyone! Let’s now talk about Microsoft Patch Tuesday vulnerabilities for the second quarter of 2021. April, May and June. Not the most exciting topic, I agree. I am surprised that someone is reading or watching this. For me personally, this is a kind of tradition. Plus this is an opportunity to try Vulristics in action and find possible problems. It is also interesting to see what VM vendors considered critical back then and what actually became critical. I will try to keep this video short.

First of all, let’s take a look at the vulnerabilities from the April Patch Tuesday. 108 vulnerabilities, 55 of them are RCEs. Half of these RCEs (27) are weird RPC vulnerabilities. “Researcher who reported these bugs certainly found quite the attack surface”. The most critical vulnerability is RCE in Exchange (CVE-2021-28480). This is not ProxyLogon, this is another vulnerability. ProxyLogon was in March. And this vulnerability is simply related to ProxyLogon, so it is believed that it is exploited in the wild as well. In the second place this Win32k Elevation of Privilege (CVE-2021-28310). It is clearly mentioned in several sources as being used in real attacks. “Bugs of this nature are typically combined with other bugs, such as a browser bug or PDF exploit, to take over a system”. And the only vulnerability with a public exploit is the Azure DevOps Server Spoofing (CVE-2021-28459). Previously known as Team Foundation Server (​TFS), Azure DevOps Server is a set of collaborative software development tools. It is hosted on-premises. Therefore, this vulnerability can be useful for attackers.

Continue reading

Vulristics: Microsoft Patch Tuesdays Q1 2021

Leave a reply

Hello everyone! It has been 3 months since my last review of Microsoft vulnerabilities for Q4 2020. In this episode I want to review the Microsoft vulnerabilities for the first quarter of 2021. There will be 4 parts: January, February, March and the vulnerabilities that were released between the Patch Tuesdays.

I will be using the reports that I created with my Vulristics tool. This time I’ll try to make the episodes shorter. I will describe only the most critical vulnerabilities. Links to the full reports are at the bottom of the blog post.

Continue reading