Earlier this week, Microsoft released an emergency patch for a critical PrintNightmare bug recently discovered in Windows Print Spooler (spoolsv.exe), but it was ineffective. Microsoft assigned the bug ID CVE-2021-34527, and also confirmed that the problem allows arbitrary code to be executed remotely with SYSTEM privileges and allows an attacker to install programs, view, modify… Continue reading The official patch for the PrintNightmare vulnerability was ineffective
Tag: Exploit
Microsoft releases unscheduled patch for PrintNightmare vulnerability
Microsoft has prepared an emergency patch for a critical PrintNightmare bug that was recently discovered in Windows Print Spooler (spoolsv.exe). The PrintNightmare issue caused much confusion, as Microsoft initially combined two vulnerabilities under one identifier (CVE-2021-1675). But the official patch released in June only fixed part of the problem, leaving a critical RCE bug unpatched.… Continue reading Microsoft releases unscheduled patch for PrintNightmare vulnerability
Unofficial patch published for PrintNightmare vulnerability
Last week I talked about a PoC exploit for the dangerous vulnerability CVE-2021-34527 in Windows Print Spooler (spoolsv.exe), which researchers named PrintNightmare, and now an unofficial patch for this problem has been published. When the exploit was published, the researchers found that the patch released in June did not completely fix the problem. Moreover, the… Continue reading Unofficial patch published for PrintNightmare vulnerability
Exploit for dangerous PrintNightmare problem in Windows has been published online
A PoC exploit for the dangerous PrintNightmare vulnerability in Windows Print Spooler (spoolsv.exe) has been published online. This bug has ID CVE-2021-1675 and was patched by Microsoft just a couple of weeks ago, as part of June’s Patch Tuesday. Windows Print Spooler Service is a universal interface between OS, applications, and local or network printers,… Continue reading Exploit for dangerous PrintNightmare problem in Windows has been published online
Six 0-day vulnerabilities fixed in Windows, including a commercial exploit issue
As part of June Patch Tuesday, 50 vulnerabilities in Microsoft products were fixed, including six 0-day vulnerabilities in Windows. Vulnerabilities that have been patched were found in Microsoft Office, .NET Core and Visual Studio, Edge browser, Windows Cryptographic Services, SharePoint, Outlook and Excel. Six zero-day vulnerabilities that were already under attack were also addressed, with… Continue reading Six 0-day vulnerabilities fixed in Windows, including a commercial exploit issue
GitHub will remove exploits for vulnerabilities under attack
Last week the GitHub management announced that they are making changes to the anti-malware rules and will remove exploits that are under attack. Let me remind you that the revision of the rules is a direct consequence of the scandal that erupted in March 2021. That time, Microsoft, which owns GitHub, reported a series of… Continue reading GitHub will remove exploits for vulnerabilities under attack
GitHub Developers Review Exploit Posting Policy Due to Recent Scandal
The GitHub developers review the exploit posting policy and want to discuss with the information security community a series of changes to the site rules. These rules determine how employees deal with malware and exploits uploaded to the platform. The proposed changes imply that GitHub will establish clearer rules about what counts as code that… Continue reading GitHub Developers Review Exploit Posting Policy Due to Recent Scandal
Fresh vulnerability in Chrome exploited to attack WeChat users in China
The Record reports that the Chinese cybersecurity company Qingteng Cloud Security has detected attacks on WeChat users, in which is used a fresh vulnerability in Chrome. The attackers used an exploit published last week. The attacks were extremely simple: malicious links were sent to Chinese WeChat users (only Windows versions of the application). If the… Continue reading Fresh vulnerability in Chrome exploited to attack WeChat users in China
Google experts published PoC exploit for Specter that is targeting browsers
Google engineers published a PoC exploit to demonstrate the effectiveness of using the Specter vulnerability in browsers to access information in memory. This PoC exploit is reported to work with a wide range of architectures, operating systems, and hardware generations. It proves in practice that the protective mechanisms that developers have added to their browsers… Continue reading Google experts published PoC exploit for Specter that is targeting browsers
GitHub removed ProxyLogon exploit and has been criticized
The administration of the GitHub service has removed a real working exploit for the ProxyLogon vulnerabilities in Microsoft Exchange, though information security specialists have sharply criticized GitHub. Yesterday we wrote that an independent information security researcher from Vietnam published on GitHub the first real PoC exploit for a serious set of ProxyLogon vulnerabilities recently discovered… Continue reading GitHub removed ProxyLogon exploit and has been criticized