Microsoft Corp. today released software updates to fix dozens of security vulnerabilities in its Windows operating systems and other software. This month's relatively light patch load has another added bonus for system administrators everywhere: It appears to be the first Patch Tuesday since March 2022 that isn't marred by the active exploitation of a zero-day vulnerability in Microsoft's products.

**Microsoft Corp.** today released software updates to fix dozens of security vulnerabilities in its **Windows** operating systems and other software. This month’s relatively light patch load has another added bonus for system administrators everywhere: It appears to be the first Patch Tuesday since March 2022 that isn’t marred by the active exploitation of a zero-day vulnerability in Microsoft’s products.

June’s Patch Tuesday features updates to plug at least 70 security holes, and while none of these are reported by Microsoft as exploited in-the-wild yet, Redmond has flagged several in particular as “more likely to be exploited.”

Top of the list on that front is CVE-2023-29357, which is a “critical” bug in **Microsoft SharePoint Server** that can be exploited by an unauthenticated attacker on the same network. This SharePoint flaw earned a CVSS rating of 9.8 (10.0 is the most dangerous).

“An attacker able to gain admin access to an internal SharePoint server could do a lot of harm to an organization,” said **Kevin Breen**, director of cyber threat research at **Immersive Labs**. “Gaining access to sensitive and privileged documents, stealing and deleting documents as part of a ransomware attack or replacing real documents with malicious copies to further infect users in the organization.”

There are at least three other vulnerabilities fixed this month that earned a collective 9.8 CVSS score, and they all concern a widely-deployed component called the **Windows Pragmatic General Multicast** (PGM), which is used for delivering multicast data — such as video streaming or online gaming.

Security firm **Action1** says all three bugs (CVE-2023-32015, CVE-2023-32014, and CVE-2023-29363) can be exploited over the network without requiring any privileges or user interaction, and affected systems include all versions of Windows Server 2008 and later, as well as Windows 10 and later.

It wouldn’t be a proper Patch Tuesday if we also didn’t also have scary security updates for organizations still using **Microsoft Exchange** for email. Breen said this month’s Exchange bugs (CVE-2023-32031 and CVE-2023-28310) closely mirror the vulnerabilities identified as part of ProxyNotShell exploits, where an authenticated user in the network could exploit a vulnerability in the Exchange to gain code execution on the server.

Breen said while Microsoft’s patch notes indicate that an attacker must already have gained access to a vulnerable host in the network, this is typically achieved through social engineering attacks with spear phishing to gain initial access to a host before searching for other internal targets.

“Just because your Exchange server doesn’t have internet-facing authentication doesn’t mean it’s protected,” Breen said, noting that Microsoft says the Exchange flaws are not difficult for attackers to exploit.

For a closer look at the patches released by Microsoft today and indexed by severity and other metrics, check out the always-useful Patch Tuesday roundup from the **SANS Internet Storm Center**. And it’s not a bad idea to hold off updating for a few days until Microsoft works out any kinks in the updates: AskWoody.com usually has the lowdown on any patches that may be causing problems for Windows users.

As always, please consider backing up your system or at least your important documents and data before applying system updates. And if you run into any problems with these updates, please drop a note about it here in the comments.

Microsoft Patch Tuesday, June 2023 Edition

Piyanas version 0.1 suffers from a cross site request forgery vulnerability.

    ====================================================================================================================================| # Title     : Piyanas v0.1 User Login Page CSRF Vulnerability                                                                    || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0(32-bit)                                               | | # Vendor    : http://www.piyanassystem.com/                                                                                      |  | # Dork      :                                                                                                                    |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] infected file : /add_user.php[+] Use Payload : /admin/add_user.php[+]  http://127.0.0.1/piyanassystemcom/piyanasmember/admin/add_user.phpGreetings to :=========================================================================================================================                                                                                                                                      |jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* moncet                                     |                                                                                                                                              |=======================================================================================================================================

Piyanas 0.1 Cross Site Request Forgery

The Alaris Infusion Central software, versions 1.1 to 1.3.2, may contain a recoverable password after the installation. No patient health data is stored in the database, although some site installations may choose to store personal data.

BD communicates with our customers about cybersecurity vulnerabilities to enable healthcare providers to manage potential risks through awareness and guidance.  

This notification provides product security information and recommendations related to a security vulnerability found within specified versions of Alaris™ Infusion Central, **which is not sold in the U.S.**

Alaris™ Infusion Central is a standalone software, separate from the pumps, that allows healthcare providers to monitor infusion data sent from BD Alaris™ Plus and BD Alaris™ neXus pumps on a computer.

As a routine practice, BD has voluntarily shared this vulnerability with the U.S. Food and Drug Administration (FDA), the U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) and Information Sharing and Analysis Organizations (ISAOs) where BD participates. Read Coordinated Vulnerability Disclosure to learn more about our disclosure process.

This notification applies to the following Alaris™ Infusion Central products:

*   Alaris™ Infusion Central, versions 1.1 to 1.3.2

**Please note: The product listed above is not sold in the U.S. This vulnerability does not impact customers who use BD Alaris™ PCU 8015 or BD Alaris™ Systems Manager.**

*    **CVE-2022-47376** – The Alaris™ Infusion Central software, versions 1.1 to 1.3.2, may contain a recoverable password after the installation. No patient health data is stored in the database, although some site installations may choose to store personal data. 

BD is authorized as a Common Vulnerability and Exposures (CVE) Numbering Authority (CNA) by the CVE® Program. As a CNA, BD is authorized to assign CVE identification numbers to newly discovered vulnerabilities in its software-enabled products, which includes using the Common Weakness Enumeration (CWE™) system to classify vulnerability types and applying the Common Vulnerability Scoring System (CVSS) to communicate vulnerability characteristics and severity. BD assigned the following CVSS score to this vulnerability:

**CVSS: 7.3 (High)** CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

**Rationale:** A threat actor requires local access to the Alaris™ Infusion Central server which limits the attack surface. A successful attack would require the threat actor to have access to the Windows operating system on the Alaris™ Infusion Central server where the password remains recoverable. Any such attack would have high impact to confidentiality and integrity; and partial impact to availability of data, as obtaining access to the password could result in disclosure and tampering of resident personal data. 

BD assessed this vulnerability for potential patient safety impact and determined that there is a low probability of harm occurring. Alaris™ Infusion Central collects and displays medical device data and has no access to control or configure either the BD Alaris™ Plus or the BD Alaris™ neXus pump configuration or operation. 

BD is directly reaching out to the small group of customers who may be impacted by this vulnerability to initiate remediation. BD is providing this information to increase awareness. Additionally, the installation procedure has been revised to prevent this vulnerability in future installations.

BD recommends the following mitigations and compensating controls to reduce risk associated with this vulnerability:

*   Change passwords periodically per best security practice.
*   Ensure physical access controls are in place and only authorized administrators have access to the Alaris™ Infusion Central server.

For product, or site-specific concerns, contact your BD service representative.

CVE-2022-47376: Alaris™ Infusion Central – Recoverable Password Vulnerability

For the first time in four months, none of the vulnerabilities Microsoft disclosed this Patch Tuesday have been exploited in the wild.

Tuesday, June 13, 2023 14:06

Microsoft released its monthly security update Tuesday, disclosing 69 vulnerabilities across its suite of products and software. Five of these vulnerabilities are considered to be critical, 45 of them are listed as being high severity, 17 of them are medium severity and two are of low severity.

For the first time in four months, none of the vulnerabilities Microsoft disclosed this Patch Tuesday have been exploited in the wild. June is also closer to an average month for Microsoft’s security update after only disclosing 40 vulnerabilities last month, which was nearly a three-year low.

Cisco Talos discovered two vulnerabilities in Microsoft Excel that the company patched Tuesday. These are important-severity remote code execution vulnerabilities that are triggered if the targeted user opens an attacker-created file.

Three critical vulnerabilities — CVE-2023-29363, CVE-2023-32014 and CVE-2023-32015 — in the Windows Pragmatic General Multicast (PGM) server environment with a severity score of 9.8 could lead to remote code execution. In a Windows Pragmatic General Multicast (PGM)  server environment where the Windows message queuing service is running, an attacker could send a specially crafted file over the network to achieve remote code execution and attempt to trigger malicious code. Microsoft has advised users to refer to a setting, standard configuration, or general best practice existing in a default state that could reduce the severity of exploitation of this vulnerability.

CVE-2023-29357 is an elevation of privilege vulnerability in Microsoft SharePoint Server that also has a severity score of 9.8. An attacker who successfully exploits this vulnerability could gain administrator-level privileges. They could have access to spoof the JSON Web Token \[JWT\] authentication tokens and use them to execute a network attack that bypasses the authentication and allows them to gain access to the privileges of an authenticated user. The attacker requires no user interaction to exploit this vulnerability. Microsoft has advised that customers should apply all updates offered for the SharePoint Enterprise server. On-premises customers can enable the AMSI feature, which protects them from this vulnerability.

Talos would also like to highlight a few high-severity vulnerabilities that Microsoft considers “more likely” to be exploited.

A high-severity remote code execution vulnerability, CVE-2023-28310, exists in Microsoft Exchange Server. An authenticated attacker on the same intranet as the Exchange Server can achieve remote code execution via a PowerShell remote session.

CVE-2023-29358, an elevation of privilege vulnerability in the Windows graphics device interface (GDI), is a use-after-free vulnerability in the Win32k kernel driver. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2023-29361 could also allow an attacker to gain SYSTEM privileges if they exploit a use-after-free issue in the Windows Cloud Files Mini Filter Driver.

Microsoft Exchange server contains a high-severity remote code execution vulnerability, CVE-2023-32031, with a severity score of 8.8. An attacker successfully exploiting this vulnerability could target the server accounts in an arbitrary or remote code execution. As an authenticated user, the attacker could attempt to trigger malicious code in the context of the server's account through a network call.

Another elevation of privilege vulnerability, though only considered "important," CVE-2023-29371, exists in the Windows Win32k kernel driver. An attacker could modify a curve without updating the cCurves values, which leads to an out-of-bounds write in win32kfull when the curves’ edges get processed, ultimately giving them system privileges.

One medium-severity worth noting is CVE-2023-29352, a security feature bypass vulnerability in Windows Remote Desktop. An attacker who successfully exploited this vulnerability could bypass certificate validation during a remote desktop connection by creating a validly signed “.RDP” file to bypass warning prompts when executed.

A complete list of all the vulnerabilities Microsoft disclosed this month is available on its update page.

In response to these vulnerability disclosures, Talos is releasing a new Snort rule set that detects attempts to exploit some of them. Please note that additional rules may be released at a future date, and current rules are subject to change pending additional information. Cisco Secure Firewall customers should use the latest update to their rule set by updating their SRU. Open-source Snort Subscriber Rule Set customers can stay up to date by downloading the latest rule pack available for purchase on Snort.org.

The rules included in this release that protect against the exploitation of many of these vulnerabilities are 61907 - 61911, 61915, 61916, 61933  - 61935 and 61937 - 61939. The Snort 3 rules released for these vulnerabilities are 300592, 300593, 300595 and 300600.

Microsoft discloses 5 critical vulnerabilities in June's Patch Tuesday, no zero-days

Windows Snipping Tool Information Disclosure Vulnerability

CVE-2023-28303

By Waqas
Ofcom, the UK communications regulator, is the latest victim of the infamous Cl0p extortion gang, who have been exploiting MOVEit vulnerabilities to target high-profile firms.
This is a post from HackRead.com Read the original post: UK’s Ofcom confirms cyber attack as PoC exploit for MOVEit is released

The PoC exploit for MOVEit was released on Friday, June 9th, while OfCom announced the cyber attack on Wednesday, June 12th.

Ofcom, the UK communications regulator, has fallen victim to the widespread Cl0p extortion campaign, which targets a zero-day **vulnerability in MOVEit software**. In an official statement, Ofcom confirmed that although its own systems remained uncompromised, threat actors were able to gain access to information belonging to both regulated companies and Ofcom employees.

It is worth noting that while the Cl0p gang is conducting a widespread campaign targeting organizations exploiting MOVEit vulnerability, security researchers have taken the initiative to **release** a proof-of-concept (PoC) exploit for a specific vulnerability known as CVE-2023-34362.

During the attack, according to **Ofcom’s statement**, a limited amount of information, including confidential data, of certain regulated companies and personal data of 412 Ofcom employees was downloaded by the attackers. Ofcom took immediate action by suspending the use of the compromised MOVEit service and implementing recommended security measures.

Additionally, they promptly notified all affected companies under their regulation and continue to provide support and assistance to their colleagues.

In a comment to Hackread.com, **Chris Hauk**, consumer privacy champion at Pixel Privacy said that “This is just the latest in a recent series of cyberattacks using vulnerabilities in the MOVEit Transfer file transfer application. While short-term we can certainly expect to see more of these attacks, hopefully, there will be a long-term reduction in the attacks, thanks to the patch released by Progress Software a few days ago.”

This incident comes shortly after the Irish health service (HSE) **disclosed** that it had also been impacted by the same data-stealing campaign. The HSE reported that an external partner, EY, working on a recruitment automation project had detected a cyberattack targeting the MOVEit technology they were utilizing.

However, the breach was limited in scope, with only information pertaining to approximately 20 individuals involved in recruitment processes being accessed. The compromised data included names, addresses, mobile numbers, positions on the recruitment panel, and general information about the posts being recruited. Importantly, no personal identification or financial data was compromised.

The Clop ransomware group’s affiliate has been attributed to this campaign, which exploited a zero-day vulnerability (**CVE-2023-34362**) in the popular file transfer software, allowing them to exfiltrate data from numerous global companies.

Following the release of a proof-of-concept exploit last Friday, the risk of copycat attacks has potentially increased. Organizations still operating unpatched, internet-exposed servers are strongly advised to promptly update their systems to mitigate potential vulnerabilities.

RELATED ARTICLES

1.  Researcher release PoC exploit for 0-day in Chrome browser
2.  PoC: IoT Devices Hacked to Install Ransomware on OT Networks
3.  Hackers Publish PoC of 0-day Vulnerability in Windows on Twitter

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

UK’s Ofcom confirms cyber attack as PoC exploit for MOVEit is released

Hutool v5.8.17 and below was discovered to contain an information disclosure vulnerability via the File.createTempFile() function at /core/io/FileUtil.java.

There may has a temporary file information disclosure vulnerability by use File.createTempFile().  

File file = File.createTempFile(prefix, suffix, mkdir(dir)).getCanonicalFile();

**Preamble**

The system temporary directory is shared between all users on most unix-like systems (not MacOS, or Windows). Thus, code interacting with the system temporary directory must be careful about file interactions in this directory, and must ensure that the correct file permissions are set.

The chain of calls was detected in this repository in a way that leaves this project vulnerable.  
File.createTempFile(..) -> file.delete() -> file.createNewFile().

**Impact**

This vulnerability can have one of two impacts depending upon which vulnerability it is.

1.Temporary Directory Information Disclosure - Information in this directory is visable to other local users, allowing a malicious actor co-resident on the same machine to view potentially sensitive files.  
2.Temporary Directory Hijacking Vulnerability - Same impact as 1. above, but also, ther local users can manipulate/add contents to this directory. If code is being executed out of this temporary directory, it can lead to local priviledge escalation.

**Other Examples**

CVE-2020-15250 - junit-team/junit  
CVE-2021-21364 - swagger-api/swagger-codegen  
CVE-2022-24823 - netty/netty  
CVE-2022-24823 - netty/netty

**The Fix**

The fix has been to convert the logic above to use the following API that was introduced in Java 1.7.  
File tmpDir = Files.createTempFile(prefix, suffix).toFile();  
The API both created the directory securely, ie with a random, non-conflicting name, with directory permissions that only allow the currently executing user to read or write the contents of this directory.

CVE-2023-33695: Temporary File Information Disclosure Vulnerability  · Issue #3103 · dromara/hutool

A novel multi-stage loader called DoubleFinger has been observed delivering a cryptocurrency stealer dubbed GreetingGhoul in what's an advanced attack targeting users in Europe, the U.S., and Latin America.
"DoubleFinger is deployed on the target machine, when the victim opens a malicious PIF attachment in an email message, ultimately executing the first of DoubleFinger's loader stages,"

Crimeware / Cryptocurrency

A novel multi-stage loader called **DoubleFinger** has been observed delivering a cryptocurrency stealer dubbed GreetingGhoul in what's an advanced attack targeting users in Europe, the U.S., and Latin America.

"DoubleFinger is deployed on the target machine, when the victim opens a malicious PIF attachment in an email message, ultimately executing the first of DoubleFinger's loader stages," Kaspersky researcher Sergey Lozhkin said in a Monday report.

The starting point of the attacks is a modified version of espexe.exe – which refers to Microsoft Windows Economical Service Provider application – that's engineered to execute shellcode responsible for retrieving a PNG image file from the image hosting service Imgur.

The image employs steganographic trickery to conceal an encrypted payload that triggers a four-stage compromise chain which eventually culminates in the execution of the GreetingGhoul stealer on the infected host.

A notable aspect of GreetingGhoul is its use of Microsoft Edge WebView2 to create counterfeit overlays on top of legitimate cryptocurrency wallets to siphon credentials entered by unsuspecting users.

DoubleFinger, in addition to dropping GreetingGhoul, has also been spotted delivering Remcos RAT, a commercial trojan that has been widely used by threat actors to strike European and Ukrainian entities in recent months.

The analysis "reveals a high level of sophistication and skill in crimeware development, akin to advanced persistent threats (APTs)," Lozhkin noted.

"The multi-staged, shellcode-style loader with steganographic capabilities, the use of Windows COM interfaces for stealthy execution, and the implementation of process doppelgänging for injection into remote processes all point to well-crafted and complex crimeware."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Beware: New DoubleFinger Loader Targets Cryptocurrency Wallets with Stealer

As a result of user applications increasingly registering actual “.zip” files as URLs, these filenames may trigger unintended DNS queries or web requests, thereby revealing possibly sensitive or internal company data in a file’s name to any actor monitoring the associated DNS server

Tuesday, June 13, 2023 08:06

*   Google’s recent offering of the “.zip” top-level domain (TLD) has led security researchers and likely threat actors to register numerous domains for red teaming and phishing attacks, respectively, causing new challenges for organizations and cybersecurity professionals.
*   As a result of user applications increasingly registering actual “.zip” files as URLs, these filenames may trigger unintended DNS queries or web requests, thereby revealing possibly sensitive or internal company data in a file’s name to any actor monitoring the associated DNS server.
*   Leaked filenames can be extremely valuable to advanced adversaries who may use this information in a variety of ways, including in lures masquerading as internal company documents and archives for social engineering and infecting targets.

**Top-level domains and file extensions**

As a result of Google’s announced sale of new TLDs that are also popular file extension formats, there is an increased risk with the deployment of the “.zip” domain that threat actors will develop new vectors for compromising victims. In early May 2023, Google released eight new TLDs, marketing the “.zip” domain as a way of letting an audience know that a domain’s owner is “fast, efficient, and ready to move.” However, the move presents serious concern that domains using the “.zip” filename format could be confused with legitimate filenames, and vice versa, compounding the problem of users recognizing potential phishing attempts.

_Google Domains page_ _for the new “.zip” TLD showing prices to acquire a new domain._

In a very short period of time, the general availability of the “.zip” TLD has led to a suspiciously high volume of domains being registered that resemble a wide variety of internal company filenames. Owning and controlling these domains can benefit attackers by leaking filenames via automatic DNS resolutions or using these domains as launch points for potential exploits and malware artifacts. Cisco’s Umbrella telemetry and open-source research indicate that many of these domains may be used for malicious attacks in the future.

Aggregate data for new domains registered under the TLDs offered by Google since May 3, 2023, shows that “.zip” is the most popular extension by a large margin:

_Domaintools statistics_ _of new domains registered for each new TLD offered by Google since May 3, 2023, show the “.zip” TLD outpacing all others._

The significantly greater popularity of the “.zip” TLD is likely due to the fact that “.zip” is a common file format used in phishing attacks and malware delivery. Security researchers have already highlighted several recently registered “.zip” TLDs with domain names commonly used in phishing attacks:

_A_ _list of domains_ _likely registered by security researchers or possible threat actors, likely with the intention to use as phishing domains._

_Security research group VX-Underground_ _showing an example_ _of a domain that can be used for phishing._

**How URLs based on filenames can leak information**

Talos assesses that domains employing “.zip” and similar TLDs increase the likelihood of sensitive information disclosures through unintended DNS queries or web requests. With the availability of the new “.zip” TLDs, messaging applications like Telegram or internet browsers began reading strings ending in “.zip” as URLs and automatically hyperlinking them. This is especially problematic in chat applications, which sometimes trigger a DNS or web request to show a thumbnail of the linked page. For example, the following chat application changed what was meant to be the name of a file “update\[.\]exe\[.\]zip” to a hyperlink pointing to the URL “https\[://\]update.exe\[.\]zip”:

_Chat application changing a filename to a URL._

In this case, even mentioning a valid filename in a chat could trigger a DNS lookup and leak internal filenames to whoever controls that domain’s DNS server. In other cases, if the user searches for a “.zip” file that doesn’t exist in Windows Explorer, the application will search online for the file and may reach the domain instead.

_Researcher_ _disclosing an issue with Windows Explorer_ _opening “.zip” files as a URL._

In an information leak scenario, a malicious user in control of a “.zip” domain’s DNS server filters requests by the network of the companies they’re targeting and collects internal filenames, providing possible leverage during an actual attack. MITRE even describes some of these activities in the ATT&CK Framework as part of the Reconnaissance Tactics, like T1589 and T1591, which describe techniques to gather information about a target user and the corporation itself.

**Observations in the wild**

When Google announced its offering in early May 2023, Talos began monitoring telemetry data for occurrences of “.zip” usage in URLs. We observed a wealth of filenames being queried against various “.zip” domain names containing all kinds of information. For example, Cisco Umbrella DNS data reveals many filenames that could indicate phishing attempts, like the domain “secure-access-4a907q5xsg5q5354\[.\]fbmsg\[.\]xyz\[.\]zip”, as well as many file names similar to the ones used in malware campaigns (e.g., “report\_<random\_numbers>\[.\]pdf\[.\]zip”).

_Snippet of Cisco Umbrella DNS data showing queries for “.zip” domains in a 24-hour period._

Our data shows occurrences of real filename resolutions containing potentially internal and sensitive information, such as project names, personally identifiable information (PII), geography and order or contract names and numbers – basically anything that can be used in an effective lure by threat actors in a future attack, judging from DNS query data.

Filename

Possible information leaked 

Expressvpn\_windows\_12.49.0.4\_release.\*\*\*.zip

Old versions of applications in use inside the corporate network

Hsbc\_tradinghub\_equity\_orders\_20230511.\*\*\*.zip

Potential business relationships

Sx\_corporateaction\_id000xxxxxxx\_0.\*\*\*.zip

Employee/User ID

Djsb\_labour\_market\_data\_-\_employment\_data\_summary\_sa4\_2018.\*\*\*.zip

Corporate information

fitbitcofceva\_000xxxxxxx\_20230303\_xxxxxxxxxx.\*\*\*.zip

Personal user identification information

Examples of filenames found in DNS query data. Some information has been obfuscated to avoid showing potential identifying information.

**What users can do**

Many cybersecurity professionals currently recommend that companies completely block “.zip” domains at their firewalls. Although this tactic may be currently sufficient since the usage of the “.zip” TLD is not yet widespread, that may not be the case in the future. As more companies begin adopting “.zip” domains, blocking an entire TLD would not be feasible. In any case, SOC operators will need to be aware of the risks of information leaks and phishing attempts using these domains and will have to adapt their tools to monitor for such events.

Umbrella, Cisco's secure internet gateway (SIG), blocks users from connecting to malicious domains, IPs and URLs, whether users are on or off the corporate network. Sign up for a free trial of Umbrella here. Cisco’s Umbrella customers may use wildcards in destination lists to block the “.zip” TLD and open specific domains on a case-by-case situation depending on their users' needs. More information about this can be found in Umbrella documentation.

Open-source Snort Subscriber Rule Set customers can stay up to date by downloading the latest rule pack available for purchase on Snort.org.  
The following Snort SIDs are applicable to this threat: **61861 - 61864.**

".Zip" top-level domains draw potential for information leaks

Code injection vulnerability exists in Chatwork Desktop Application (Mac) 2.6.43 and earlier. If this vulnerability is exploited, a non-administrative user of the Mac where the product is installed may store and obtain audio and image data from the product without the user's consent.

**使用方法**

下記ボタンから新規会員登録をおこなうことで、無料アカウントを発行できます。  
パソコンからブラウザにアクセスすることで、Chatworkをご利用いただけます。

**動作推奨ブラウザ**

*   Google Chrome
*   Firefox
*   Safari
*   Microsoft Edge（Chromiumベース）

最新バージョンをご使用ください。  
（詳しい動作環境はヘルプページをご覧ください。）

※Internet Explorerは2021/09/22（水）にサポート終了しました。詳しくはヘルプページをご確認ください。

※スマホ・タブレットからご利用したいユーザーは、モバイル版Chatworkアプリをご使用ください。

**Chatworkアプリのご紹介**

**デスクトップ版アプリ（Windows/Mac）**

デスクトップ版アプリでは、一度に複数のChatworkアカウントにログインすることができ、GmailやSkypeなど他社のコミュニケーションサービスも1ヶ所にまとめて利用できます。

*   **Windows**
    
    Windows 10 以上
    
     
*   **Mac**
    
    OS X 10.13 (High Sierra) 以上
    

※macOS 版は Intel プロセッサおよび Apple プロセッサ (Apple M1 チップ) を搭載した Mac をサポートしています。

**Chatworkアプリのご紹介****モバイル版アプリ（iOS/Android）**

モバイル版アプリをインストールすることで、お手持ちのスマホ・タブレットから快適にChatworkを閲覧・操作することができます。

動作保証環境については各アプリストアのページをご参照ください。

 

※ スマートフォン以外の携帯電話（フィーチャーフォン）は、現在対応しておりません。

Tag

#windows