Posts tagged Windows

5 min Exploits

Revisiting an Info Leak

Today an interesting tweet [] from Greg Linares [] (who has been posting awesome analysis on twitter lately!) came to our attention, concerning the MS15-080 [] patch: This patch (included in MS15-080) may have been intended stop one of the Window kernel bugs exploited by Hacking Team. But, after our analysis, it appears that there is

3 min Microsoft

Update Tuesday, August 2015

This month's update includes 14 Microsoft security bulletins (52 CVEs), with three being rated as critical. One of these vulnerabilities has already affected MS office (MS15-081) and has been detected as being exploited in the wild. As per the norm, Adobe has also released a high priority Air\Flash security patch (APSB15-19) to address 34 CVEs on multiple affected platforms (IE, Edge, Windows, Macintosh, Android and iOS). Microsoft seems to have implemented a new strategy for Windows 10, as the

9 min Windows

Reducing Windows Attack Surface with User Rights Assignment

As we know, attackers leverage legitimate credentials to move through systems, escalate privileges or get access to data. Managing privileged accounts such as administrator accounts, shared accounts and service accounts is a difficult problem to solve. Even if service account passwords are managed securely, they still remain at risk of being compromised through exploitation of services using them, lack of support for encrypted configuration files on some systems, pass-the-hash attacks, or the

2 min Microsoft

A Closer Look at February 2015's Patch Tuesday

This month's Patch Tuesday covers nine security bulletins from Microsoft, including what seems like a not-very-unusual mix of remote code execution (RCE) vulnerabilities and security feature bypasses. However, two of these bulletins – MS15-011 [] and MS15-014 [] – require a closer look, both because of the severity of the vulnerabilities that they address and the changes Mi

8 min Windows

12 Days of HaXmas: Does it Blend Like a Duck?

This post is the fifth in a series, 12 Days of HaXmas, where we take a look at some of more notable advancements and events in the Metasploit Framework over the course of 2014._ Writing portable software is not hard. It's just like walking through a minefield! Getting to the other side, that's the tricky part. Sure, if you target C, Unix-like systems and GCC or LLVM, you may not run into too many hassles these days. There are still a few annoying differences between BSDs and Linux, but POSIX a

2 min Windows

Mitigating Service Account Credential Theft

I am excited to announce a new whitepaper, Mitigating Service Account Credential Theft [] on Windows. This paper was a collaboration between myself, Joe Bialek of Microsoft, and Ashwath Murthy of Palo Alto Networks. The executive summary is shown below, Over the last 15 years, the Microsoft Windows ecosystem has expanded with the meteoric rise of the internet, business technology, and computing in gene

3 min Metasploit

Federal Friday - 4.11.14 - Another Quiet Week...

Can you believe how quiet it was this week? Nothing going on, everyday slowly dragging on, the tick, tick tick of the clock getting louder and louder by the second. Reminds me of the late-night drip from your faucet but more annoying because you're stuck at work. Oh wait, totally forgot this was a cybersecurity blog and mistook it for my crochet blog. You, much like us here at R7, were probably pretty busy this week. In that case let me officially say, happy freaking Friday, Federal friends! I'

3 min Microsoft

It's the end of XP as we know it, April Patch Tuesday 2014, and, oh yeah... heartbleed.

So this is it, the last hurrah for the once beloved XP, the last kick at the can for patching up the old boat.  Sure, by today's standards it's a leaky, indefensible, liability, but… hey, do you even remember Windows 98?  Or (*gasp*) ME?  At least we can all finally put IE 6 to rest, once and for all, the final excuse for corporate life-support has been pulled… except for legacy apps built so poorly that they depend on IE 6 and are “too costly” to replace. As everyone should know by now, ther

2 min Metasploit

Federal Friday - 3.21.14 - A Day of Reckoning

Friday at last... Hello federal friends! I'm pleased to announce that the sun is setting here in Boston at 6:58pm tonight and there is major League Baseball being played this weekend. Spring officially happened yesterday which should make those of you in DC put Monday's snow-day out of sight and out of mind. Did my ominous title catch your attention? Don't worry, this is not the end of times, or even the end of days [] for that matter (thank goodness) and mo

3 min Microsoft

Patch Tuesday, Sept 2013

September's Patch Tuesday is live! The 14 bulletins predicted were cut to 13, with the .NET patch landing on the cutting room floor. A patch getting pulled after the advance notice is up usually indicates that late testing revealed an undesired interaction with another product or component. Of the 13 bulletins remaining they are split 7/6 between the MS Office family and Windows OS patches, if we are counting the Internet Explorer patch as part of the OS patching, anti-trust lawsuits notwiths

6 min Metasploit

Abusing Windows Remote Management (WinRM) with Metasploit

Late one night at Derbycon [], Mubix [] and I were discussing various techniques of mass ownage. When Mubix told me about the WinRM service, I wondered: "Why don't we have any Metasploit modules for this yet?" After I got back , I began digging. WinRM/WinRS WinRM is a remote management service for Windows that is installed but not enabled by default in Windows XP and higher versions, but you can install it on older operating systems as well. Win

1 min Microsoft

Microsoft Releases Windows Server Update Services (WSUS) Update

Microsoft has released an update for Windows Server Update Services (WSUS) 3.0 Service Pack 2 (SP2): By hardening the Windows Server Update Services (WSUS), Microsoft is attempting to assure their customers that they can trust the update process. From a security perspective, Flame isn't a mass threat to most organizations; however, this is a way to ensure the integrity of the update process. It is apparent that Microsoft was working on many of these upda

5 min Metasploit

Adventures in the Windows NT Registry: A step into the world of Forensics and Information Gathering

As of a few days ago [], the Metasploit Framework has full read-only access to offline registry hives. Within Rex you will now find a Rex::Registry namespace that will allow you to load and parse offline NT registry hives (includes Windows 2000 and up), implemented in pure Ruby. This is a great addition to the framework because it allows you to be sneakier and more stealthy while gathering information on a remote computer. You no longer need

2 min Patch Tuesday

January Patch Tuesday Roundup

So I know we all were hoping to see a fix for some of this Windows Graphic Rendering Engine [http://] nastiness...but no go. For now, you'll need to resort to the good ol' FixIt [] option or if you wanna get your hands dirty, you can modify the ACL on shimgvw.dll directly. Either way, if you're running IE, you'll have to patiently wait for the official patch release. So this monthly release was lean-n-mean, Microsoft released (2) bulletins, addressing (3)