#windows

Microsoft zero-days, dark web forum takedowns and Pentagon leaks on Discord in this week's newsletter.

File Replication Pro version 7.5.0 suffers from having insecure directory permissions that can allow a local attacker the ability to escalate privileges.

The Microsoft Windows Kernel has insufficient validation of new registry key names in transacted NtRenameKey.

The Microsoft Windows Kernel suffers from multiple issues in the prepare/commit phase of a transactional registry key rename.

Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.3.

1. EXECUTIVE SUMMARY CVSS v3 6.2 ATTENTION: Low attack complexity   Vendor: Siemens Equipment: Adaptec maxView Application Vulnerability: Exposure of Sensitive Information to an Unauthorized Actor  2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local attacker to decrypt intercepted local traffic between the browser and the application. A local attacker could perform a machine-in-the-middle attack to modify data in transit.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following software from Siemens is affected:  SIMATIC IPC1047: All versions   SIMATIC IPC1047E: All versions with Adaptec maxView Storage Manager prior to 4.09.00.25611 on Windows  SIMATIC IPC647D: All versions  SIMATIC IPC647E: All versions with Adaptec maxView Storage Manager prior to 4.09.00.25611 on Windows  SIMATIC IPC847D: All versions  SIMATIC IPC847E: All versions with Adaptec maxView Storage Manager prior to 4.09.00.25611 on Windows  3.2 VULNERABILITY OVERVIEW 3.2.1 EXPOSURE OF S...

Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2023 Q1 Security Researcher Leaderboard are: Kai Lu (@K3vinLuSec), Yuki Chen, and wh1tc & Edwardzpeng! Check out the full list of researchers recognized this quarter here.

Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

InCopy versions 18.1 (and earlier), 17.4 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Adobe Digital Editions version 4.5.11.187303 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.