#microsoft

Back in 2022, the researcher released a proof of concept to bypass the Backdoor:JS/Relvelshe.A detection in Windows Defender but it no longer works as it was mitigated. However, adding a simple javascript try catch error statement and eval'ing the hex string, it executes as of the time of this post.

This is additional research regarding a mitigation bypass in Windows Defender. Back in 2022, the researcher disclosed how it could be easily bypassed by passing an extra path traversal when referencing mshtml but that issue has since been mitigated. However, the researcher discovered using multiple commas can also be used to achieve the bypass. This issue was addressed. The fix was short lived as the researcher found yet another third trivial bypass. Previously, the researcher disclosed 3 bypasses using rundll32 javascript, but this example leverages the VBSCRIPT and ActiveX engines.

Gentoo Linux Security Advisory 202402-23 - Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of which can lead to remote code execution. Versions greater than or equal to 121.0.6167.139 are affected.

A list of topics we covered in the week of February 12 to February 18 of 2024

Plus: State-backed hackers test out generative AI, the US takes down a major Russian military botnet, and 100 hospitals in Romania go offline amid a major ransomware attack.

By Waqas The #MonikerLink security flaw in Microsoft Outlook allows hackers to execute arbitrary code on the targeted device. This is a post from HackRead.com Read the original post: New MonikerLink Flaw Exposes Outlook Users to Data Theft and Malware

Ubuntu Security Notice 6626-3 - Quentin Minster discovered that a race condition existed in the KSMBD implementation in the Linux kernel when handling sessions operations. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service.

One of Microsoft's Patch Tuesday fixes has flipped from "Likely to be Exploited" to “Exploitation Detected”.

There was about a 24-hour period where many news outlets reported on a reported DDoS attack that involved a botnet made up of thousands of internet-connected toothbrushes.

By Deeba Ahmed TicTacToe Dropper Obfuscates Code for Maximum Damage. This is a post from HackRead.com Read the original post: New TicTacToe Dropper Steals Data, Spreads Multiple Threats on Windows