The notorious Lazarus Group actors exploited a recently patched privilege escalation flaw in the Windows Kernel as a zero-day to obtain kernel-level access and disable security software on compromised hosts. The vulnerability in question is CVE-2024-21338 (CVSS score: 7.8), which can permit an attacker to gain SYSTEM privileges. It was resolved by Microsoft earlier this […]
WinTapix is a driver developed by Microsoft for Windows.Donut is a position-independent shellcode that is used by this driver. It loads.NET Assemblies, PE files, and other Windows payloads from memory and then executes them with arguments. According to the findings of the analysis conducted by Fortinet specialists on the sample, the component in question is […]
Patch diffing is a common technique of comparing two binary builds of the same code – a known-vulnerable one and one containing a security fix. It is often used to determine the technical details behind ambiguously-worded bulletins, and to establish the root causes, attack vectors and potential variants of the vulnerabilities in question. The approach […]
According to security researchers, there is a decade old bug in Windows kernel that can be easily exploited to prevent security apps from identifying malicious programs loaded at runtime. The bug is so old that it dates back to Windows 2000 and is found in all the subsequent Windows OS versions including the most recent […]
Malware developers can abuse a programming error in the Windows kernel to prevent security software from identifying if, and when, malicious modules have been loaded at runtime. The bug affects PsSetLoadImageNotifyRoutine, one of the low-level mechanisms some security solutions use to identify when code has been loaded into the kernel or user space. The problem […]
The Windows kernel privilege escalation vulnerability CVE-2016-7255 has received a lot of media attention. On November’s Patch Tuesday, Microsoft released a fix for this vulnerability as part of bulletin MS16-135. CVE-2016-7255 was used to perform a targeted attack and a sample was found in the wild, according to Microsoft. Google and Microsoft have already confirmed […]
Executive vice president of Microsoft’s Windows and Devices group revealed that Windows Kernel zero-day recently disclosed was used by the Fancy Bear APT. On Oct. 31, the Google Threat Analysis Group publicly disclosed a vulnerability in the Windows kernelthat is actively being exploited by threat actors in the wild. The zero-day could be exploited by […]
A Windows zero-day vulnerability is being used in an unknown number of attacks, Google disclosed today, 10 days after it privately reported the issue to Microsoft. Google’s disclosure follows its internal policy, which states that companies should fix or publicly report flaws that are under attack after seven days. Microsoft has yet to issue an advisory—or […]
The two zero-days were fixed in the summer of 2015.Project Zero researchers revealed this week that they helped Microsoft patch 16 security issues relating to how font processing operations are handled in the Windows kernel, 2 of which were zero-day vulnerabilities at the time they were discovered. Project Zero is an initiative to help improve […]
A Microsoft Windows policy loophole has been observed being exploited primarily by native Chinese-speaking threat actors to forge signatures on kernel-mode drivers. “Actors are leveraging multiple open-source tools that alter the signing date of kernel mode drivers to load malicious and unverified drivers signed with expired certificates,” Cisco Talos said in an exhaustive two-part report […]
Microsoft’s recent associations with Linux and other open source software have certainly attracted the attention of developers. Starting with the initial release of Windows Subsystem of Linux (WSL) that allowed Windows 10 users to run Bash in Ubuntu in Windows 10, Microsoft surprised its Build 2019 audience by announcing that the WSL 2 will ensure […]
On Fossbytes, we keep covering different developments that have the power to change the course of open source software evolution and adoption of the Linux operating system. Microsoft’s love affair with Linux is a continuous development that keeps drawing the attention of open source enthusiasts who are skeptical of Redmond’s intentions. If we ignore the […]
In my previous post, I showed a number of ways of gaining SYSTEM privileges. The post ended up being a lot more successful than I thought it would, so thanks to everyone who checked it out ? In this post I wanted to take a look at something which I touched on previously, and that […]
A new feature added in test snapshots for OpenBSD releases will create a unique kernel every time an OpenBSD user reboots or upgrades his computer. This feature is named KARL — Kernel Address Randomized Link — and works by relinking internal kernel files in a random order so that it generates a unique kernel binary […]
Back in 2011 when Windows 7 Service Pack 1 was king of the hill and I was just starting to learn to program (via Harvard’s epic CS50), j00ru published a whitepaper on various ways to access Windows kernel pointers from User Mode: Windows Security Hardening Through Kernel Address Protection. I decided to revisit the techniques […]
LAS VEGAS–Microsoft’s Windows 10 includes many innovative security features that are intended to help minimize risk and improve user experience. One such feature is Credential Guard, which aims to protect users against attacks. However, according to security firm Bromium, many risks remain.In a video interview with eWEEK ahead of a session on Aug. 4 at […]