home.social

#msrc — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #msrc, aggregated by home.social.

  1. Microsoft fesses up! SharePoint servers hacked. Hundreds of organizations have been breached.

    On July 19, Microsoft Security Response Center (MSRC) published a blog outlining active attacks against on-premises instances of SharePoint servers that exploit CVE-2025-49706, a spoofing vulnerability, and CVE-2025-49704, a remote code execution vulnerability.

    Microsoft indicated multiple actors including Chinese nation-state hackers Linen Typhoon and Violet Typhoon are working to exploit these vulnerabilities.

    The US Department of Energy confirmed that the National Nuclear Security Administration which oversees and maintains US nuclear weapons was breached.
    microsoft.com/en-us/security/b #Hackers #China #CyberSecurity #Security #SharePoint #Microsoft #MSRC #LinenTyphoon #VioletTyphoon

  2. #Fedihired

    Does anybody happen to work for the #Microsoft #Security #Response #Center #MSRC ?

    I just applied to jobs.careers.microsoft.com/glo and wanted to touch base with someone internally, to prove that I'm a real human and not a AI agent 😂

  3. The final day of #ZeroDayQuest was truly a blast 💥 While I’m still unpacking all that has happened (not to mention a baggage full of swag), I’d like to thank once again #MSRC for their warm welcome and impeccable organization.

    I’m so happy to have been part of an event that has already made history in our industry. Congratulations to all the winners! Cheers, my friends 🥂

  4. Happy to announce that, with 23 valid reports and 660 total case points, I’m 25th worldwide in this year’s #MSRC Most Valuable Researcher (#MVR) leaderboard!

    msrc.microsoft.com/leaderboard

    Stay tuned to the @hnsec blog for a comprehensive writeup. And, who knows, perhaps even a conference talk is brewing…

  5. Reporting issues in Windows. 🤡

    * August, 25, 2023: Issue reported to MSRC.

    * April 9, 2024: Fix released as CVE-2024-20693.
    * April 25, 2024: MSRC asks Microsoft Bounty Team for an update, CCing us.
    * April 26, 2024: Microsoft Bounty Team sends back a boilerplate reply that the case is under review.
    * May 17, 2024: MSRC asks Microsoft Bounty Team for an update, CCing us again.
    * May 22, 2024: Microsoft Bounty Team replies that the vulnerability is out of scope for a bounty, claiming it wasn’t reproduced on the right WIP build.

    #Microsoft #MSRC

  6. New Microsoft Security Response Center (MSRC) security advisory for Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability CVE-2024-29991 (5.0 medium). A lot of information is revealed: attack complexity=high, and MSRC says that it would need to be used in an exploit chain for an attack. An attacker must send the user a malicious file and convince them to open it. 🔗 msrc.microsoft.com/update-guid

    #CVE_2024_29991 #MSRC #Microsoft #vulnerability #Chrome

  7. Umm... Microsoft Security Response Center (MSRC) just updated 38 security advisories. Most of them are titled "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", unique CVE IDs (not duplicates in the RSS feed), and appear to be from April 2024 Patch Tuesday. I'm currently assessing what updates were made.

    cc: @campuscodi

    #MSRC #vulnerability #Microsoft #PatchTuesday

  8. Microsoft Security Response Center (MSRC) creates security advisories for the same 3 Chromium vulnerabilities identified in Google Chrome's blog post on Wednesday:

    • CVE-2024-3515 Chromium: CVE-2024-3515 Use after free in Dawn
    • CVE-2024-3516 Chromium: CVE-2024-3516 Heap buffer overflow in ANGLE
    • CVE-2024-3157 Chromium: CVE-2024-3157 Out of bounds write in Compositing

    No additional information provided. No mention of exploitation.

    #Google #Chrome #vulnerability #MSRC #Microsoft #CVE_2024_3515 #CVE_2024_3516 #CVE_2024_3517

  9. Microsoft Security Response Center (MSRC) suspiciously updated four security advisories from this week:

    • CVE-2024-26234 (Proxy Driver Spoofing Vulnerability, 6.7 medium, previously updated to confirm that it was an exploited zero-day): added acknowledgements
    • CVE-2024-29053 (Microsoft Defender for IoT Remote Code Execution Vulnerability, 8.8 high): Added FAQ
    • CVE-2024-29054 (Microsoft Defender for IoT Elevation of Privilege Vulnerability, 7.2 high): Added FAQ
    • CVE-2024-29055 (Microsoft Defender for IoT Elevation of Privilege Vulnerability, 7.2 high): Added FAQ

    Enough information in CVE-2024-29053's FAQ is provided to potentially develop an exploit without relying on a patch diffing. 29054 and 29055 are identical FAQs.

    #CVE_2024_26234 #CVE_2024_29053 #CVE_2024_29054 #CVE_2024_29055 #vulnerability #Microsoft #MSRC #PatchTuesday

  10. Microsoft Security Response Center (MSRC) suspiciously updated four security advisories from this week:

    • CVE-2024-26234 (Proxy Driver Spoofing Vulnerability, 6.7 medium, previously updated to confirm that it was an exploited zero-day): added acknowledgements
    • CVE-2024-29053 (Microsoft Defender for IoT Remote Code Execution Vulnerability, 8.8 high): Added FAQ
    • CVE-2024-29054 (Microsoft Defender for IoT Elevation of Privilege Vulnerability, 7.2 high): Added FAQ
    • CVE-2024-29055 (Microsoft Defender for IoT Elevation of Privilege Vulnerability, 7.2 high): Added FAQ

    Enough information in CVE-2024-29053's FAQ is provided to potentially develop an exploit without relying on a patch diffing. 29054 and 29055 are identical FAQs.

    #CVE_2024_26234 #CVE_2024_29053 #CVE_2024_29054 #CVE_2024_29055 #vulnerability #Microsoft #MSRC #PatchTuesday

  11. Microsoft Security Response Center (MSRC) suspiciously updated four security advisories from this week:

    • CVE-2024-26234 (Proxy Driver Spoofing Vulnerability, 6.7 medium, previously updated to confirm that it was an exploited zero-day): added acknowledgements
    • CVE-2024-29053 (Microsoft Defender for IoT Remote Code Execution Vulnerability, 8.8 high): Added FAQ
    • CVE-2024-29054 (Microsoft Defender for IoT Elevation of Privilege Vulnerability, 7.2 high): Added FAQ
    • CVE-2024-29055 (Microsoft Defender for IoT Elevation of Privilege Vulnerability, 7.2 high): Added FAQ

    Enough information in CVE-2024-29053's FAQ is provided to potentially develop an exploit without relying on a patch diffing. 29054 and 29055 are identical FAQs.

    #CVE_2024_26234 #CVE_2024_29053 #CVE_2024_29054 #CVE_2024_29055 #vulnerability #Microsoft #MSRC #PatchTuesday

  12. Microsoft Security Response Center (MSRC) suspiciously updated four security advisories from this week:

    • CVE-2024-26234 (Proxy Driver Spoofing Vulnerability, 6.7 medium, previously updated to confirm that it was an exploited zero-day): added acknowledgements
    • CVE-2024-29053 (Microsoft Defender for IoT Remote Code Execution Vulnerability, 8.8 high): Added FAQ
    • CVE-2024-29054 (Microsoft Defender for IoT Elevation of Privilege Vulnerability, 7.2 high): Added FAQ
    • CVE-2024-29055 (Microsoft Defender for IoT Elevation of Privilege Vulnerability, 7.2 high): Added FAQ

    Enough information in CVE-2024-29053's FAQ is provided to potentially develop an exploit without relying on a patch diffing. 29054 and 29055 are identical FAQs.

    #CVE_2024_26234 #CVE_2024_29053 #CVE_2024_29054 #CVE_2024_29055 #vulnerability #Microsoft #MSRC #PatchTuesday

  13. Microsoft Security Response Center (MSRC) suspiciously updated four security advisories from this week:

    • CVE-2024-26234 (Proxy Driver Spoofing Vulnerability, 6.7 medium, previously updated to confirm that it was an exploited zero-day): added acknowledgements
    • CVE-2024-29053 (Microsoft Defender for IoT Remote Code Execution Vulnerability, 8.8 high): Added FAQ
    • CVE-2024-29054 (Microsoft Defender for IoT Elevation of Privilege Vulnerability, 7.2 high): Added FAQ
    • CVE-2024-29055 (Microsoft Defender for IoT Elevation of Privilege Vulnerability, 7.2 high): Added FAQ

    Enough information in CVE-2024-29053's FAQ is provided to potentially develop an exploit without relying on a patch diffing. 29054 and 29055 are identical FAQs.

    #CVE_2024_26234 #CVE_2024_29053 #CVE_2024_29054 #CVE_2024_29055 #vulnerability #Microsoft #MSRC #PatchTuesday

  14. WILD! Microsoft Security Response Center (MSRC) releases an additional security advisory for a 2 year old vulnerability with a unique CVE ID: Intel: CVE-2022-0001 Branch History Injection (4.7 medium, CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), disclosed 08 March 2022 by Intel). Not publicly disclosed, not exploited, and exploitation less likely. 🔗 msrc.microsoft.com/update-guid

    #Microsoft #MSRC #PatchTuesday #vulnerability #CVE_2022_0001

  15. Microsoft Security Response Center (MSRC) indicated that they will adopt the Common Weakness Enumeration (CWE) industry standard when identifying a root causeof security vulnerabilities in Microsoft products and services. 🔗 msrc.microsoft.com/blog/2024/0

    #CWE #vulnerability #Microsoft #MSRC

  16. Happy Patch Tuesday from Microsoft: 155 vulnerabilities.
    EDIT: 1 vulnerability was updated to say Exploited and Publicly Disclosed: CVE-2024-26234 (6.7 medium) THIS IS AN EXPLOITED ZERO-DAY! See Sophos article for information on a malicious executable signed by a valid Microsoft Hardware Publisher Certificate: news.sophos.com/en-us/2024/04/

    Updated CVE to correct exploit status. This is an informational update only.

    cc: @campuscodi @briankrebs @todb @serghei

    #PatchTuesday #Microsoft #MSRC #Vulnerability #CVE_2024_26234 #eitw #activeexploitation

  17. Happy Patch Tuesday from Microsoft: 155 vulnerabilities.
    EDIT: 1 vulnerability was updated to say Exploited and Publicly Disclosed: CVE-2024-26234 (6.7 medium) THIS IS AN EXPLOITED ZERO-DAY! See Sophos article for information on a malicious executable signed by a valid Microsoft Hardware Publisher Certificate: news.sophos.com/en-us/2024/04/

    Updated CVE to correct exploit status. This is an informational update only.

    cc: @campuscodi @briankrebs @todb @serghei

    #PatchTuesday #Microsoft #MSRC #Vulnerability #CVE_2024_26234 #eitw #activeexploitation

  18. Happy Patch Tuesday from Microsoft: 155 vulnerabilities.
    EDIT: 1 vulnerability was updated to say Exploited and Publicly Disclosed: CVE-2024-26234 (6.7 medium) THIS IS AN EXPLOITED ZERO-DAY! See Sophos article for information on a malicious executable signed by a valid Microsoft Hardware Publisher Certificate: news.sophos.com/en-us/2024/04/

    Updated CVE to correct exploit status. This is an informational update only.

    cc: @campuscodi @briankrebs @todb @serghei

    #PatchTuesday #Microsoft #MSRC #Vulnerability #CVE_2024_26234 #eitw #activeexploitation

  19. Happy Patch Tuesday from Microsoft: 155 vulnerabilities.
    EDIT: 1 vulnerability was updated to say Exploited and Publicly Disclosed: CVE-2024-26234 (6.7 medium) THIS IS AN EXPLOITED ZERO-DAY! See Sophos article for information on a malicious executable signed by a valid Microsoft Hardware Publisher Certificate: news.sophos.com/en-us/2024/04/

    Updated CVE to correct exploit status. This is an informational update only.

    cc: @campuscodi @briankrebs @todb @serghei

    #PatchTuesday #Microsoft #MSRC #Vulnerability #CVE_2024_26234 #eitw #activeexploitation

  20. Happy Patch Tuesday from Microsoft: 155 vulnerabilities.
    EDIT: 1 vulnerability was updated to say Exploited and Publicly Disclosed: CVE-2024-26234 (6.7 medium) THIS IS AN EXPLOITED ZERO-DAY! See Sophos article for information on a malicious executable signed by a valid Microsoft Hardware Publisher Certificate: news.sophos.com/en-us/2024/04/

    Updated CVE to correct exploit status. This is an informational update only.

    cc: @campuscodi @briankrebs @todb @serghei

    #PatchTuesday #Microsoft #MSRC #Vulnerability #CVE_2024_26234 #eitw #activeexploitation

  21. Am I the only one having problems logging in with a Live account at #MSRC?

    I can use my work account, but with my #Live account I get the error "unauthorized_client: The client does not exist or is not enabled for consumers.".

  22. Microsoft Security Response Center (MSRC) published security advisories that follow the Google Chrome blog post (check original toot above this reply)

    • CVE-2024-3156 Chromium: CVE-2024-3156 Inappropriate implementation in V8
    • CVE-2024-3158 Chromium: CVE-2024-3158 Use after free in Bookmarks
    • CVE-2024-3159 Chromium: CVE-2024-3159 Out of bounds memory access in V8 New
    • CVE-2024-29981 (4.3 medium) Microsoft Edge (Chromium-based) Spoofing Vulnerability New!
    • CVE-2024-29049 (4.1 medium) Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability New!

    The last two are marked Not Exploited, Not Publicly Disclosed, and Exploitation Less Likely.

    #MSRC #Microsoft #Chrome #vulnerability #PatchTuesday

  23. DHS Cyber Safety Review Board (CSRB) absolutely savages Microsoft over the June 2023 Exchange Online breach by Chinese threat actor Storm-0558 and accessing U.S. government emails right before Secretary of State Anthony Blinken was to visit China. This 34 page PDF is written in the style of a U.S. Government Accountability Office (GAO) report. 🔗 dhs.gov/news/2024/04/02/cyber-

    Key takeways (copied verbatim, emphasis mine):

    • "Google's Threat Analysis Group was able to link at least one entity tied to this threat actor to the group responsible for the 2009 compromise of Google and dozens of other private companies in a campaign known as Operation Aurora, as well as the RSA SecurID incident."
    • "However, by the conclusion of this review, Microsoft was still unable to demonstrate to the Board that it knew how Storm-0558 had obtained the 2016 MSA key."
    • "Microsoft acknowledged to the Board in November 2023 that its September 6, 2023 blog post about the root cause was inaccurate, it did not update that post until March 12, 2024, as the Board was concluding its review and only after the Board's repeated questioning about Microsoft's plans to issue a correction;"

    #DHS #CSRB #Microsoft #MSRC #China #cyberespionage #Storm0558

  24. DHS Cyber Safety Review Board (CSRB) absolutely savages Microsoft over the June 2023 Exchange Online breach by Chinese threat actor Storm-0558 and accessing U.S. government emails right before Secretary of State Anthony Blinken was to visit China. This 34 page PDF is written in the style of a U.S. Government Accountability Office (GAO) report. 🔗 dhs.gov/news/2024/04/02/cyber-

    Key takeways (copied verbatim, emphasis mine):

    • "Google's Threat Analysis Group was able to link at least one entity tied to this threat actor to the group responsible for the 2009 compromise of Google and dozens of other private companies in a campaign known as Operation Aurora, as well as the RSA SecurID incident."
    • "However, by the conclusion of this review, Microsoft was still unable to demonstrate to the Board that it knew how Storm-0558 had obtained the 2016 MSA key."
    • "Microsoft acknowledged to the Board in November 2023 that its September 6, 2023 blog post about the root cause was inaccurate, it did not update that post until March 12, 2024, as the Board was concluding its review and only after the Board's repeated questioning about Microsoft's plans to issue a correction;"

    #DHS #CSRB #Microsoft #MSRC #China #cyberespionage #Storm0558

  25. DHS Cyber Safety Review Board (CSRB) absolutely savages Microsoft over the June 2023 Exchange Online breach by Chinese threat actor Storm-0558 and accessing U.S. government emails right before Secretary of State Anthony Blinken was to visit China. This 34 page PDF is written in the style of a U.S. Government Accountability Office (GAO) report. 🔗 dhs.gov/news/2024/04/02/cyber-

    Key takeways (copied verbatim, emphasis mine):

    • "Google's Threat Analysis Group was able to link at least one entity tied to this threat actor to the group responsible for the 2009 compromise of Google and dozens of other private companies in a campaign known as Operation Aurora, as well as the RSA SecurID incident."
    • "However, by the conclusion of this review, Microsoft was still unable to demonstrate to the Board that it knew how Storm-0558 had obtained the 2016 MSA key."
    • "Microsoft acknowledged to the Board in November 2023 that its September 6, 2023 blog post about the root cause was inaccurate, it did not update that post until March 12, 2024, as the Board was concluding its review and only after the Board's repeated questioning about Microsoft's plans to issue a correction;"

    #DHS #CSRB #Microsoft #MSRC #China #cyberespionage #Storm0558

  26. DHS Cyber Safety Review Board (CSRB) absolutely savages Microsoft over the June 2023 Exchange Online breach by Chinese threat actor Storm-0558 and accessing U.S. government emails right before Secretary of State Anthony Blinken was to visit China. This 34 page PDF is written in the style of a U.S. Government Accountability Office (GAO) report. 🔗 dhs.gov/news/2024/04/02/cyber-

    Key takeways (copied verbatim, emphasis mine):

    • "Google's Threat Analysis Group was able to link at least one entity tied to this threat actor to the group responsible for the 2009 compromise of Google and dozens of other private companies in a campaign known as Operation Aurora, as well as the RSA SecurID incident."
    • "However, by the conclusion of this review, Microsoft was still unable to demonstrate to the Board that it knew how Storm-0558 had obtained the 2016 MSA key."
    • "Microsoft acknowledged to the Board in November 2023 that its September 6, 2023 blog post about the root cause was inaccurate, it did not update that post until March 12, 2024, as the Board was concluding its review and only after the Board's repeated questioning about Microsoft's plans to issue a correction;"

    #DHS #CSRB #Microsoft #MSRC #China #cyberespionage #Storm0558

  27. DHS Cyber Safety Review Board (CSRB) absolutely savages Microsoft over the June 2023 Exchange Online breach by Chinese threat actor Storm-0558 and accessing U.S. government emails right before Secretary of State Anthony Blinken was to visit China. This 34 page PDF is written in the style of a U.S. Government Accountability Office (GAO) report. 🔗 dhs.gov/news/2024/04/02/cyber-

    Key takeways (copied verbatim, emphasis mine):

    • "Google's Threat Analysis Group was able to link at least one entity tied to this threat actor to the group responsible for the 2009 compromise of Google and dozens of other private companies in a campaign known as Operation Aurora, as well as the RSA SecurID incident."
    • "However, by the conclusion of this review, Microsoft was still unable to demonstrate to the Board that it knew how Storm-0558 had obtained the 2016 MSA key."
    • "Microsoft acknowledged to the Board in November 2023 that its September 6, 2023 blog post about the root cause was inaccurate, it did not update that post until March 12, 2024, as the Board was concluding its review and only after the Board's repeated questioning about Microsoft's plans to issue a correction;"

    #DHS #CSRB #Microsoft #MSRC #China #cyberespionage #Storm0558

  28. Microsoft Security Response Center (MSRC) published 4 Chromium security advisories (none exploited) that don't contain any additional information beyond what was already disclosed in Google Chrome's blog post:

    #Microsoft #MSRC #Chrome #PatchTuesday

  29. It appears Microsoft messed up again and forgot to publish this back in January 2024's Patch Tuesday:

    "This CVE was addressed by updates that were released in January 2024, but the CVE was inadvertently omitted from the January 2024 Security Updates."

    @mwulftange of @codewhitesec publicly disclosed the vulnerability details of "Leaking ObjRefs to Exploit HTTP .NET Remoting" on 27 February 2024: 🔗 code-white.com/blog/leaking-ob

    This concludes the case. No CVE was assigned, nor was there any acknowledgment."

    well @mwulftange, CVE-2024-29059 was assigned and you were given credit. 👍

    The same Proof of Concept was also provided at GitHub: github.com/codewhitesec/HttpRe

    #CVE_2024_29059 #vulnerability #MSRC #Microsoft

  30. Unexpected Microsoft Security Response Center (MSRC) security advisory: CVE-2024-29059 (7.5 high) .NET Framework Information Disclosure Vulnerability: An attacker who successfully exploited this vulnerability could obtain the ObjRef URI which could lead to Remote Code Execution. 🔗 msrc.microsoft.com/update-guid

    Not exploited. not publicly disclosed, exploitation more likely. Interesting that MSRC made a syntax error which reveals that they use markdown language ** to make their Questions bold.

    #CVE_2024_29059 #vulnerability #MSRC #Microsoft

  31. Microsoft Security Response Center (MSRC) Chromium security advisories are mostly the same as Google's, but includes CVE-2024-26247 (4.7 medium) Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability. (not exploited, not publicly disclosed, exploitation less likely) 🔗 msrc.microsoft.com/update-guid According to the FAQ:

    • The user would have to click on a specially crafted URL to be compromised by the attacker.
    • Integrity is impacted as XSS allows an attacker to add their malicious script to fetch victim's sensitive info or to change DOM execution.
    • Edge API is bypassed.
    • An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.

    #CVE_2024_26247 #MSRC #vulnerability #Chrome #PatchTuesday

  32. Microsoft Security Response Center (MSRC) Chromium security advisories are mostly the same as Google's, but includes CVE-2024-26247 (4.7 medium) Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability. (not exploited, not publicly disclosed, exploitation less likely) 🔗 msrc.microsoft.com/update-guid According to the FAQ:

    • The user would have to click on a specially crafted URL to be compromised by the attacker.
    • Integrity is impacted as XSS allows an attacker to add their malicious script to fetch victim's sensitive info or to change DOM execution.
    • Edge API is bypassed.
    • An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.

    #CVE_2024_26247 #MSRC #vulnerability #Chrome #PatchTuesday

  33. Microsoft Security Response Center (MSRC) Chromium security advisories are mostly the same as Google's, but includes CVE-2024-26247 (4.7 medium) Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability. (not exploited, not publicly disclosed, exploitation less likely) 🔗 msrc.microsoft.com/update-guid According to the FAQ:

    • The user would have to click on a specially crafted URL to be compromised by the attacker.
    • Integrity is impacted as XSS allows an attacker to add their malicious script to fetch victim's sensitive info or to change DOM execution.
    • Edge API is bypassed.
    • An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.

    #CVE_2024_26247 #MSRC #vulnerability #Chrome #PatchTuesday

  34. Microsoft Security Response Center (MSRC) Chromium security advisories are mostly the same as Google's, but includes CVE-2024-26247 (4.7 medium) Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability. (not exploited, not publicly disclosed, exploitation less likely) 🔗 msrc.microsoft.com/update-guid According to the FAQ:

    • The user would have to click on a specially crafted URL to be compromised by the attacker.
    • Integrity is impacted as XSS allows an attacker to add their malicious script to fetch victim's sensitive info or to change DOM execution.
    • Edge API is bypassed.
    • An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.

    #CVE_2024_26247 #MSRC #vulnerability #Chrome #PatchTuesday

  35. Microsoft Security Response Center (MSRC) Chromium security advisories are mostly the same as Google's, but includes CVE-2024-26247 (4.7 medium) Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability. (not exploited, not publicly disclosed, exploitation less likely) 🔗 msrc.microsoft.com/update-guid According to the FAQ:

    • The user would have to click on a specially crafted URL to be compromised by the attacker.
    • Integrity is impacted as XSS allows an attacker to add their malicious script to fetch victim's sensitive info or to change DOM execution.
    • Edge API is bypassed.
    • An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.

    #CVE_2024_26247 #MSRC #vulnerability #Chrome #PatchTuesday

  36. Microsoft Security Response Center (MSRC) security advisory: CVE-2024-29057 (4.3 medium) “The user would have to click on a specially crafted URL to be compromised by the attacker ... An attacker who successfully exploited this vulnerability could to [sic] cover and spoof elements of the UI. The modified information is only visual.” Not exploited, not publicly disclosed, exploitation less likely. 🔗 msrc.microsoft.com/update-guid

    #Microsoft #MSRC #Vulnerability #CVE_2024_29057 #Chrome

  37. Here is the proof of concept for CVE-2024-28916: 🔗 github.com/Wh04m1001/GamingSer

    Exploit for arbitrary folder move in GamingService component of Xbox. GamingService is not default service. If service is installed on system it allows low privilege users to escalate to system.

    During the process of changing directory the Gaming Services service will try to open C:\XboxGames\GameSave\Content\MicrosoftGame.Config file, if the file exists the gaming service will try to move whole C:\XboxGames\GameSave folder. It does that by calling MoveFileW API call while impersonating calling user.

    If gaming service fails to move folder due to access denied error it will revert impersonation and perform the move operation as system. As the C:\XboxGames folder gives modify permissions to authenticated users group (even if it does not the user can change it to directory that is fully controlled by that user) user can delete c:\xboxgames folder, create new one, drop arbitrary dll inside C:\XboxGames\GameSave folder and add deny delete ACL for itself so that move operation fails while impersonating user.

    #CVE_2024_28916 #MSRC #Microsoft #xbox #vulnerability #proofofconcept

  38. Who expected an Xbox Gaming Services Elevation of Privilege Vulnerability to be a Zero Day?! Microsoft Security Response Center (MSRC) published CVE-2024-28916 (8.8 high), marked as Publicly Disclosed. "An attacker who successfully exploited this vulnerability could gain SYSTEM privileges." Proof-of-concept exploit code is available. This must have been serious enough to release an update and advisory outside of Patch Tuesday. 🔗 msrc.microsoft.com/update-guid

    cc: @campuscodi

    #CVE_2024_28916 #MSRC #Microsoft #xbox #vulnerability #proofofconcept

  39. I've made #MSRC’s 2023 Q4 Top #Security Researchers Leaderboard!

    It was a pleasure working with @microsoft to improve the security posture of their #Azure ecosystem. Some coordinated disclosure advisories and writeups are coming, so stay tuned on the @hnsec blog.

    msrc.microsoft.com/blog/2024/0

  40. A privilege elevation bug I reported to #msrc just got fixed: msrc.microsoft.com/update-guid

    Will give a few more details once people have enough time to patch, but it allows LPE from any process. #cve202321688 #patchtuesday #vulndev

  41. #MSRC Security Update Guide Improvement – Representing Hotpatch Updates bit.ly/3vrf8Mc