by CIRT Team
PetitPotam: Microsoft Windows Server NTLM Relay Attacks on Active Directory Certificate Services (AD CS)
Description:A new NTLM relay attack called PetitPotam has been discovered that allows threat actors to take over a domain controller, and thus an entire Windows domain.Many organizations utilize Microsoft Active Directory Certificate Services, which is a public key infrastructure (PKI) server that can be used to authenticate users, services, and machines on a Windows domain.PetitPotam’ that performs an NTLM relay attack that does not rely...
Read More
by CIRT Team
Sequoia: CVE-2021-33909- Local Privilege Escalation Vulnerability in Linux’s Filesystem Layer
Description:fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05. Impact: Successful exploitation of this vulnerability allows any unprivileged user to gain root privileges on the vulnerable host. Mitigation: Updates are available. Please see the references or vendor advisory for...
Read More
by CIRT Team
Windows SeriousSAM vulnerability: CVE-2021-36934 Local Privilege Escalation Vulnerability in Microsoft Windows
An elevation of privilege vulnerability exists because of overly permissive Access Control Lists (ACLs) on multiple system files, including the Security Accounts Manager (SAM) database.An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker must have the ability to execute...
Read More
by CIRT Team
A Vulnerability in SolarWinds Serv-U Could Allow for Remote Code Execution
DESCRIPTION:A vulnerability has been discovered in SolarWinds Serv-U, which couldresult in remote code execution. SolarWinds Serv-U is an FTP serversoftware for secure file transfer. Successful exploitation of thisvulnerability could allow for remote code execution within the contextof a privileged process. Depending on the privileges associated withthis application, an attacker could then install programs; view, change,or delete data; or create new accounts with full user rights....
Read More
by CIRT Team
Multiple Vulnerabilities in Kaseya VSA Could Allow for Arbitrary Code Execution
DESCRIPTION:Multiple vulnerabilities have been discovered in Kaseya VSA that couldallow for arbitrary code execution. Kaseya VSA is a software used byMSPs to remotely manage networks and endpoints. Successful exploitationof these vulnerabilities could result in arbitrary code execution withinthe context of the application, an attacker gaining the same privilegesas the logged-on user, or the bypassing of security restrictions.Depending on the permission associated with the application running...
Read More
by CIRT Team
Multiple Vulnerabilities in Google Android OS Could Allow for Arbitrary Code Execution
DESCRIPTION:Multiple vulnerabilities have been discovered in the Google Androidoperating system (OS), the most severe of which could allow forarbitrary code execution. Android is an operating system developed byGoogle for mobile devices, including, but not limited to, smartphones,tablets, and watches. Successful exploitation of the most severe ofthese vulnerabilities could allow for arbitrary code execution withinthe context of a privileged process. Depending on the privilegesassociated with this...
Read More
by CIRT Team
UPDATED – Critical Patches Issued for Microsoft Products, June 8, 2021
DESCRIPTION:Multiple vulnerabilities have been discovered in Microsoft products, themost severe of which could allow for arbitrary code execution in thecontext of the logged-on user. Depending on the privileges associatedwith the user, an attacker could then install programs; view, change, ordelete data; or create new accounts with full user rights. Users whoseaccounts are configured to have fewer user rights on the system could beless impacted than...
Read More
by CIRT Team
Millions of Dell Devices at Risk for Remote BIOS Attacks – CVE-2021-21571, CVE-2021-21572, CVE-2021-21573, CVE-2021-21574
Description:Eclypsium researchers have identified multiple vulnerabilities affecting the BIOSConnect feature within Dell Client BIOS.This chain of vulnerabilities has a cumulative CVSS score of 8.3 (High) because it allows a privileged network adversary to impersonate Dell.com andgain arbitrary code execution at the BIOS/UEFI level of the affected device. Such an attack would enable adversaries to control the device’s boot process andsubvert the operating system and higher-layer...
Read More
by CIRT Team
PrintNightmare(CVE-2021-34527): Microsoft Releases Out-of-Band Security Updates
Microsoft has released the KB5004945 emergency security update to fix the actively exploited PrintNightmare zero-day vulnerability in the Windows Print Spooler service impacting all Windows versions. However, the patch is incomplete and the vulnerability can still be locally exploited to gain SYSTEM privileges. The remote code execution bug (tracked as CVE-2021-34527) allows attackers to take over affected servers via remote code execution (RCE) with SYSTEM...
Read More
by CIRT Team
CVE-2021-3560 – Polkit – Local Privilege Escalation
Description:It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user.This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to dataconfidentiality and integrity as well as system availability. Impact:The vulnerability enables an unprivileged local...
Read More
