#msrc — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #msrc, aggregated by home.social.
-
How a Microsoft 365 Copilot Flaw Turned Diagrams Into Data-Stealing Traps
#CyberSecurity #AI #Microsoft #InfoSec #M365Copilot #Vulnerability #DataBreach #Microsoft365 #AISafety #PromptInjection #DataSecurity #TechNews #MSRC #AIsecurity #EnterpriseIT
-
Microsoft fesses up! SharePoint servers hacked. Hundreds of organizations have been breached.
On July 19, Microsoft Security Response Center (MSRC) published a blog outlining active attacks against on-premises instances of SharePoint servers that exploit CVE-2025-49706, a spoofing vulnerability, and CVE-2025-49704, a remote code execution vulnerability.
Microsoft indicated multiple actors including Chinese nation-state hackers Linen Typhoon and Violet Typhoon are working to exploit these vulnerabilities.
The US Department of Energy confirmed that the National Nuclear Security Administration which oversees and maintains US nuclear weapons was breached.
https://www.microsoft.com/en-us/security/blog/2025/07/22/disrupting-active-exploitation-of-on-premises-sharepoint-vulnerabilities/ #Hackers #China #CyberSecurity #Security #SharePoint #Microsoft #MSRC #LinenTyphoon #VioletTyphoon -
Does anybody happen to work for the #Microsoft #Security #Response #Center #MSRC ?
I just applied to https://jobs.careers.microsoft.com/global/en/job/1803115 and wanted to touch base with someone internally, to prove that I'm a real human and not a AI agent 😂
-
The final day of #ZeroDayQuest was truly a blast 💥 While I’m still unpacking all that has happened (not to mention a baggage full of swag), I’d like to thank once again #MSRC for their warm welcome and impeccable organization.
I’m so happy to have been part of an event that has already made history in our industry. Congratulations to all the winners! Cheers, my friends 🥂
-
Is #Microsoft #Defender for #Identity part of the #MSRC #Bounty program?
Asking for a fried.
-
Happy to announce that, with 23 valid reports and 660 total case points, I’m 25th worldwide in this year’s #MSRC Most Valuable Researcher (#MVR) leaderboard!
https://msrc.microsoft.com/leaderboard
Stay tuned to the @hnsec blog for a comprehensive writeup. And, who knows, perhaps even a conference talk is brewing…
-
Reporting issues in Windows. 🤡
* August, 25, 2023: Issue reported to MSRC.
…
* April 9, 2024: Fix released as CVE-2024-20693.
* April 25, 2024: MSRC asks Microsoft Bounty Team for an update, CCing us.
* April 26, 2024: Microsoft Bounty Team sends back a boilerplate reply that the case is under review.
* May 17, 2024: MSRC asks Microsoft Bounty Team for an update, CCing us again.
* May 22, 2024: Microsoft Bounty Team replies that the vulnerability is out of scope for a bounty, claiming it wasn’t reproduced on the right WIP build. -
New Microsoft Security Response Center (MSRC) security advisory for Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability CVE-2024-29991 (5.0 medium). A lot of information is revealed: attack complexity=high, and MSRC says that it would need to be used in an exploit chain for an attack. An attacker must send the user a malicious file and convince them to open it. 🔗 https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-29991
-
Umm... Microsoft Security Response Center (MSRC) just updated 38 security advisories. Most of them are titled "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", unique CVE IDs (not duplicates in the RSS feed), and appear to be from April 2024 Patch Tuesday. I'm currently assessing what updates were made.
cc: @campuscodi
-
Microsoft Security Response Center (MSRC) creates security advisories for the same 3 Chromium vulnerabilities identified in Google Chrome's blog post on Wednesday:
- CVE-2024-3515 Chromium: CVE-2024-3515 Use after free in Dawn
- CVE-2024-3516 Chromium: CVE-2024-3516 Heap buffer overflow in ANGLE
- CVE-2024-3157 Chromium: CVE-2024-3157 Out of bounds write in Compositing
No additional information provided. No mention of exploitation.
#Google #Chrome #vulnerability #MSRC #Microsoft #CVE_2024_3515 #CVE_2024_3516 #CVE_2024_3517
-
Microsoft Security Response Center (MSRC) suspiciously updated four security advisories from this week:
- CVE-2024-26234 (Proxy Driver Spoofing Vulnerability, 6.7 medium, previously updated to confirm that it was an exploited zero-day): added acknowledgements
- CVE-2024-29053 (Microsoft Defender for IoT Remote Code Execution Vulnerability, 8.8 high): Added FAQ
- CVE-2024-29054 (Microsoft Defender for IoT Elevation of Privilege Vulnerability, 7.2 high): Added FAQ
- CVE-2024-29055 (Microsoft Defender for IoT Elevation of Privilege Vulnerability, 7.2 high): Added FAQ
Enough information in CVE-2024-29053's FAQ is provided to potentially develop an exploit without relying on a patch diffing. 29054 and 29055 are identical FAQs.
#CVE_2024_26234 #CVE_2024_29053 #CVE_2024_29054 #CVE_2024_29055 #vulnerability #Microsoft #MSRC #PatchTuesday
-
Microsoft Security Response Center (MSRC) suspiciously updated four security advisories from this week:
- CVE-2024-26234 (Proxy Driver Spoofing Vulnerability, 6.7 medium, previously updated to confirm that it was an exploited zero-day): added acknowledgements
- CVE-2024-29053 (Microsoft Defender for IoT Remote Code Execution Vulnerability, 8.8 high): Added FAQ
- CVE-2024-29054 (Microsoft Defender for IoT Elevation of Privilege Vulnerability, 7.2 high): Added FAQ
- CVE-2024-29055 (Microsoft Defender for IoT Elevation of Privilege Vulnerability, 7.2 high): Added FAQ
Enough information in CVE-2024-29053's FAQ is provided to potentially develop an exploit without relying on a patch diffing. 29054 and 29055 are identical FAQs.
#CVE_2024_26234 #CVE_2024_29053 #CVE_2024_29054 #CVE_2024_29055 #vulnerability #Microsoft #MSRC #PatchTuesday
-
Microsoft Security Response Center (MSRC) suspiciously updated four security advisories from this week:
- CVE-2024-26234 (Proxy Driver Spoofing Vulnerability, 6.7 medium, previously updated to confirm that it was an exploited zero-day): added acknowledgements
- CVE-2024-29053 (Microsoft Defender for IoT Remote Code Execution Vulnerability, 8.8 high): Added FAQ
- CVE-2024-29054 (Microsoft Defender for IoT Elevation of Privilege Vulnerability, 7.2 high): Added FAQ
- CVE-2024-29055 (Microsoft Defender for IoT Elevation of Privilege Vulnerability, 7.2 high): Added FAQ
Enough information in CVE-2024-29053's FAQ is provided to potentially develop an exploit without relying on a patch diffing. 29054 and 29055 are identical FAQs.
#CVE_2024_26234 #CVE_2024_29053 #CVE_2024_29054 #CVE_2024_29055 #vulnerability #Microsoft #MSRC #PatchTuesday
-
Microsoft Security Response Center (MSRC) suspiciously updated four security advisories from this week:
- CVE-2024-26234 (Proxy Driver Spoofing Vulnerability, 6.7 medium, previously updated to confirm that it was an exploited zero-day): added acknowledgements
- CVE-2024-29053 (Microsoft Defender for IoT Remote Code Execution Vulnerability, 8.8 high): Added FAQ
- CVE-2024-29054 (Microsoft Defender for IoT Elevation of Privilege Vulnerability, 7.2 high): Added FAQ
- CVE-2024-29055 (Microsoft Defender for IoT Elevation of Privilege Vulnerability, 7.2 high): Added FAQ
Enough information in CVE-2024-29053's FAQ is provided to potentially develop an exploit without relying on a patch diffing. 29054 and 29055 are identical FAQs.
#CVE_2024_26234 #CVE_2024_29053 #CVE_2024_29054 #CVE_2024_29055 #vulnerability #Microsoft #MSRC #PatchTuesday
-
Microsoft Security Response Center (MSRC) suspiciously updated four security advisories from this week:
- CVE-2024-26234 (Proxy Driver Spoofing Vulnerability, 6.7 medium, previously updated to confirm that it was an exploited zero-day): added acknowledgements
- CVE-2024-29053 (Microsoft Defender for IoT Remote Code Execution Vulnerability, 8.8 high): Added FAQ
- CVE-2024-29054 (Microsoft Defender for IoT Elevation of Privilege Vulnerability, 7.2 high): Added FAQ
- CVE-2024-29055 (Microsoft Defender for IoT Elevation of Privilege Vulnerability, 7.2 high): Added FAQ
Enough information in CVE-2024-29053's FAQ is provided to potentially develop an exploit without relying on a patch diffing. 29054 and 29055 are identical FAQs.
#CVE_2024_26234 #CVE_2024_29053 #CVE_2024_29054 #CVE_2024_29055 #vulnerability #Microsoft #MSRC #PatchTuesday
-
WILD! Microsoft Security Response Center (MSRC) releases an additional security advisory for a 2 year old vulnerability with a unique CVE ID: Intel: CVE-2022-0001 Branch History Injection (4.7 medium, CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), disclosed 08 March 2022 by Intel). Not publicly disclosed, not exploited, and exploitation less likely. 🔗 https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2022-0001
#Microsoft #MSRC #PatchTuesday #vulnerability #CVE_2022_0001
-
Microsoft Security Response Center (MSRC) indicated that they will adopt the Common Weakness Enumeration (CWE) industry standard when identifying a root causeof security vulnerabilities in Microsoft products and services. 🔗 https://msrc.microsoft.com/blog/2024/04/toward-greater-transparency-adopting-the-cwe-standard-for-microsoft-cves/
-
Happy Patch Tuesday from Microsoft: 155 vulnerabilities.
EDIT: 1 vulnerability was updated to say Exploited and Publicly Disclosed: CVE-2024-26234 (6.7 medium) THIS IS AN EXPLOITED ZERO-DAY! See Sophos article for information on a malicious executable signed by a valid Microsoft Hardware Publisher Certificate: https://news.sophos.com/en-us/2024/04/09/smoke-and-screen-mirrors-a-strange-signed-backdoor/Updated CVE to correct exploit status. This is an informational update only.
cc: @campuscodi @briankrebs @todb @serghei
#PatchTuesday #Microsoft #MSRC #Vulnerability #CVE_2024_26234 #eitw #activeexploitation
-
Happy Patch Tuesday from Microsoft: 155 vulnerabilities.
EDIT: 1 vulnerability was updated to say Exploited and Publicly Disclosed: CVE-2024-26234 (6.7 medium) THIS IS AN EXPLOITED ZERO-DAY! See Sophos article for information on a malicious executable signed by a valid Microsoft Hardware Publisher Certificate: https://news.sophos.com/en-us/2024/04/09/smoke-and-screen-mirrors-a-strange-signed-backdoor/Updated CVE to correct exploit status. This is an informational update only.
cc: @campuscodi @briankrebs @todb @serghei
#PatchTuesday #Microsoft #MSRC #Vulnerability #CVE_2024_26234 #eitw #activeexploitation
-
Happy Patch Tuesday from Microsoft: 155 vulnerabilities.
EDIT: 1 vulnerability was updated to say Exploited and Publicly Disclosed: CVE-2024-26234 (6.7 medium) THIS IS AN EXPLOITED ZERO-DAY! See Sophos article for information on a malicious executable signed by a valid Microsoft Hardware Publisher Certificate: https://news.sophos.com/en-us/2024/04/09/smoke-and-screen-mirrors-a-strange-signed-backdoor/Updated CVE to correct exploit status. This is an informational update only.
cc: @campuscodi @briankrebs @todb @serghei
#PatchTuesday #Microsoft #MSRC #Vulnerability #CVE_2024_26234 #eitw #activeexploitation
-
Happy Patch Tuesday from Microsoft: 155 vulnerabilities.
EDIT: 1 vulnerability was updated to say Exploited and Publicly Disclosed: CVE-2024-26234 (6.7 medium) THIS IS AN EXPLOITED ZERO-DAY! See Sophos article for information on a malicious executable signed by a valid Microsoft Hardware Publisher Certificate: https://news.sophos.com/en-us/2024/04/09/smoke-and-screen-mirrors-a-strange-signed-backdoor/Updated CVE to correct exploit status. This is an informational update only.
cc: @campuscodi @briankrebs @todb @serghei
#PatchTuesday #Microsoft #MSRC #Vulnerability #CVE_2024_26234 #eitw #activeexploitation
-
Happy Patch Tuesday from Microsoft: 155 vulnerabilities.
EDIT: 1 vulnerability was updated to say Exploited and Publicly Disclosed: CVE-2024-26234 (6.7 medium) THIS IS AN EXPLOITED ZERO-DAY! See Sophos article for information on a malicious executable signed by a valid Microsoft Hardware Publisher Certificate: https://news.sophos.com/en-us/2024/04/09/smoke-and-screen-mirrors-a-strange-signed-backdoor/Updated CVE to correct exploit status. This is an informational update only.
cc: @campuscodi @briankrebs @todb @serghei
#PatchTuesday #Microsoft #MSRC #Vulnerability #CVE_2024_26234 #eitw #activeexploitation
-
Microsoft Security Response Center (MSRC) published security advisories that follow the Google Chrome blog post (check original toot above this reply)
- CVE-2024-3156 Chromium: CVE-2024-3156 Inappropriate implementation in V8
- CVE-2024-3158 Chromium: CVE-2024-3158 Use after free in Bookmarks
- CVE-2024-3159 Chromium: CVE-2024-3159 Out of bounds memory access in V8 New
- CVE-2024-29981 (4.3 medium) Microsoft Edge (Chromium-based) Spoofing Vulnerability New!
- CVE-2024-29049 (4.1 medium) Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability New!
The last two are marked Not Exploited, Not Publicly Disclosed, and Exploitation Less Likely.
-
DHS Cyber Safety Review Board (CSRB) absolutely savages Microsoft over the June 2023 Exchange Online breach by Chinese threat actor Storm-0558 and accessing U.S. government emails right before Secretary of State Anthony Blinken was to visit China. This 34 page PDF is written in the style of a U.S. Government Accountability Office (GAO) report. 🔗 https://www.dhs.gov/news/2024/04/02/cyber-safety-review-board-releases-report-microsoft-online-exchange-incident-summer
Key takeways (copied verbatim, emphasis mine):
- "Google's Threat Analysis Group was able to link at least one entity tied to this threat actor to the group responsible for the 2009 compromise of Google and dozens of other private companies in a campaign known as Operation Aurora, as well as the RSA SecurID incident."
- "However, by the conclusion of this review, Microsoft was still unable to demonstrate to the Board that it knew how Storm-0558 had obtained the 2016 MSA key."
- "Microsoft acknowledged to the Board in November 2023 that its September 6, 2023 blog post about the root cause was inaccurate, it did not update that post until March 12, 2024, as the Board was concluding its review and only after the Board's repeated questioning about Microsoft's plans to issue a correction;"
#DHS #CSRB #Microsoft #MSRC #China #cyberespionage #Storm0558
-
DHS Cyber Safety Review Board (CSRB) absolutely savages Microsoft over the June 2023 Exchange Online breach by Chinese threat actor Storm-0558 and accessing U.S. government emails right before Secretary of State Anthony Blinken was to visit China. This 34 page PDF is written in the style of a U.S. Government Accountability Office (GAO) report. 🔗 https://www.dhs.gov/news/2024/04/02/cyber-safety-review-board-releases-report-microsoft-online-exchange-incident-summer
Key takeways (copied verbatim, emphasis mine):
- "Google's Threat Analysis Group was able to link at least one entity tied to this threat actor to the group responsible for the 2009 compromise of Google and dozens of other private companies in a campaign known as Operation Aurora, as well as the RSA SecurID incident."
- "However, by the conclusion of this review, Microsoft was still unable to demonstrate to the Board that it knew how Storm-0558 had obtained the 2016 MSA key."
- "Microsoft acknowledged to the Board in November 2023 that its September 6, 2023 blog post about the root cause was inaccurate, it did not update that post until March 12, 2024, as the Board was concluding its review and only after the Board's repeated questioning about Microsoft's plans to issue a correction;"
#DHS #CSRB #Microsoft #MSRC #China #cyberespionage #Storm0558
-
DHS Cyber Safety Review Board (CSRB) absolutely savages Microsoft over the June 2023 Exchange Online breach by Chinese threat actor Storm-0558 and accessing U.S. government emails right before Secretary of State Anthony Blinken was to visit China. This 34 page PDF is written in the style of a U.S. Government Accountability Office (GAO) report. 🔗 https://www.dhs.gov/news/2024/04/02/cyber-safety-review-board-releases-report-microsoft-online-exchange-incident-summer
Key takeways (copied verbatim, emphasis mine):
- "Google's Threat Analysis Group was able to link at least one entity tied to this threat actor to the group responsible for the 2009 compromise of Google and dozens of other private companies in a campaign known as Operation Aurora, as well as the RSA SecurID incident."
- "However, by the conclusion of this review, Microsoft was still unable to demonstrate to the Board that it knew how Storm-0558 had obtained the 2016 MSA key."
- "Microsoft acknowledged to the Board in November 2023 that its September 6, 2023 blog post about the root cause was inaccurate, it did not update that post until March 12, 2024, as the Board was concluding its review and only after the Board's repeated questioning about Microsoft's plans to issue a correction;"
#DHS #CSRB #Microsoft #MSRC #China #cyberespionage #Storm0558
-
DHS Cyber Safety Review Board (CSRB) absolutely savages Microsoft over the June 2023 Exchange Online breach by Chinese threat actor Storm-0558 and accessing U.S. government emails right before Secretary of State Anthony Blinken was to visit China. This 34 page PDF is written in the style of a U.S. Government Accountability Office (GAO) report. 🔗 https://www.dhs.gov/news/2024/04/02/cyber-safety-review-board-releases-report-microsoft-online-exchange-incident-summer
Key takeways (copied verbatim, emphasis mine):
- "Google's Threat Analysis Group was able to link at least one entity tied to this threat actor to the group responsible for the 2009 compromise of Google and dozens of other private companies in a campaign known as Operation Aurora, as well as the RSA SecurID incident."
- "However, by the conclusion of this review, Microsoft was still unable to demonstrate to the Board that it knew how Storm-0558 had obtained the 2016 MSA key."
- "Microsoft acknowledged to the Board in November 2023 that its September 6, 2023 blog post about the root cause was inaccurate, it did not update that post until March 12, 2024, as the Board was concluding its review and only after the Board's repeated questioning about Microsoft's plans to issue a correction;"
#DHS #CSRB #Microsoft #MSRC #China #cyberespionage #Storm0558
-
DHS Cyber Safety Review Board (CSRB) absolutely savages Microsoft over the June 2023 Exchange Online breach by Chinese threat actor Storm-0558 and accessing U.S. government emails right before Secretary of State Anthony Blinken was to visit China. This 34 page PDF is written in the style of a U.S. Government Accountability Office (GAO) report. 🔗 https://www.dhs.gov/news/2024/04/02/cyber-safety-review-board-releases-report-microsoft-online-exchange-incident-summer
Key takeways (copied verbatim, emphasis mine):
- "Google's Threat Analysis Group was able to link at least one entity tied to this threat actor to the group responsible for the 2009 compromise of Google and dozens of other private companies in a campaign known as Operation Aurora, as well as the RSA SecurID incident."
- "However, by the conclusion of this review, Microsoft was still unable to demonstrate to the Board that it knew how Storm-0558 had obtained the 2016 MSA key."
- "Microsoft acknowledged to the Board in November 2023 that its September 6, 2023 blog post about the root cause was inaccurate, it did not update that post until March 12, 2024, as the Board was concluding its review and only after the Board's repeated questioning about Microsoft's plans to issue a correction;"
#DHS #CSRB #Microsoft #MSRC #China #cyberespionage #Storm0558
-
Microsoft Security Response Center (MSRC) published 4 Chromium security advisories (none exploited) that don't contain any additional information beyond what was already disclosed in Google Chrome's blog post:
- CVE-2024-2883 (critical severity) Use after free in ANGLE
- CVE-2024-2885 (high severity) Use after free in Dawn
- CVE-2024-2886 (high severity) Use after free in WebCodecs
- CVE-2024-2887 (high severity) Type Confusion in WebAssembly
-
It appears Microsoft messed up again and forgot to publish this back in January 2024's Patch Tuesday:
"This CVE was addressed by updates that were released in January 2024, but the CVE was inadvertently omitted from the January 2024 Security Updates."
@mwulftange of @codewhitesec publicly disclosed the vulnerability details of "Leaking ObjRefs to Exploit HTTP .NET Remoting" on 27 February 2024: 🔗 https://code-white.com/blog/leaking-objrefs-to-exploit-http-dotnet-remoting/
This concludes the case. No CVE was assigned, nor was there any acknowledgment."
well @mwulftange, CVE-2024-29059 was assigned and you were given credit. 👍
The same Proof of Concept was also provided at GitHub: https://github.com/codewhitesec/HttpRemotingObjRefLeak
-
Unexpected Microsoft Security Response Center (MSRC) security advisory: CVE-2024-29059 (7.5 high) .NET Framework Information Disclosure Vulnerability: An attacker who successfully exploited this vulnerability could obtain the ObjRef URI which could lead to Remote Code Execution. 🔗 https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-29059
Not exploited. not publicly disclosed, exploitation more likely. Interesting that MSRC made a syntax error which reveals that they use markdown language
**to make their Questions bold. -
Microsoft Security Response Center (MSRC) Chromium security advisories are mostly the same as Google's, but includes CVE-2024-26247 (4.7 medium) Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability. (not exploited, not publicly disclosed, exploitation less likely) 🔗 https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-26247 According to the FAQ:
- The user would have to click on a specially crafted URL to be compromised by the attacker.
- Integrity is impacted as XSS allows an attacker to add their malicious script to fetch victim's sensitive info or to change DOM execution.
- Edge API is bypassed.
- An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.
-
Microsoft Security Response Center (MSRC) Chromium security advisories are mostly the same as Google's, but includes CVE-2024-26247 (4.7 medium) Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability. (not exploited, not publicly disclosed, exploitation less likely) 🔗 https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-26247 According to the FAQ:
- The user would have to click on a specially crafted URL to be compromised by the attacker.
- Integrity is impacted as XSS allows an attacker to add their malicious script to fetch victim's sensitive info or to change DOM execution.
- Edge API is bypassed.
- An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.
-
Microsoft Security Response Center (MSRC) Chromium security advisories are mostly the same as Google's, but includes CVE-2024-26247 (4.7 medium) Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability. (not exploited, not publicly disclosed, exploitation less likely) 🔗 https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-26247 According to the FAQ:
- The user would have to click on a specially crafted URL to be compromised by the attacker.
- Integrity is impacted as XSS allows an attacker to add their malicious script to fetch victim's sensitive info or to change DOM execution.
- Edge API is bypassed.
- An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.
-
Microsoft Security Response Center (MSRC) Chromium security advisories are mostly the same as Google's, but includes CVE-2024-26247 (4.7 medium) Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability. (not exploited, not publicly disclosed, exploitation less likely) 🔗 https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-26247 According to the FAQ:
- The user would have to click on a specially crafted URL to be compromised by the attacker.
- Integrity is impacted as XSS allows an attacker to add their malicious script to fetch victim's sensitive info or to change DOM execution.
- Edge API is bypassed.
- An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.
-
Microsoft Security Response Center (MSRC) Chromium security advisories are mostly the same as Google's, but includes CVE-2024-26247 (4.7 medium) Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability. (not exploited, not publicly disclosed, exploitation less likely) 🔗 https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-26247 According to the FAQ:
- The user would have to click on a specially crafted URL to be compromised by the attacker.
- Integrity is impacted as XSS allows an attacker to add their malicious script to fetch victim's sensitive info or to change DOM execution.
- Edge API is bypassed.
- An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.
-
Microsoft Security Response Center (MSRC) security advisory: CVE-2024-29057 (4.3 medium) “The user would have to click on a specially crafted URL to be compromised by the attacker ... An attacker who successfully exploited this vulnerability could to [sic] cover and spoof elements of the UI. The modified information is only visual.” Not exploited, not publicly disclosed, exploitation less likely. 🔗 https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-29057
-
Here is the proof of concept for CVE-2024-28916: 🔗 https://github.com/Wh04m1001/GamingServiceEoP
Exploit for arbitrary folder move in GamingService component of Xbox. GamingService is not default service. If service is installed on system it allows low privilege users to escalate to system.
During the process of changing directory the Gaming Services service will try to open C:\XboxGames\GameSave\Content\MicrosoftGame.Config file, if the file exists the gaming service will try to move whole C:\XboxGames\GameSave folder. It does that by calling MoveFileW API call while impersonating calling user.
If gaming service fails to move folder due to access denied error it will revert impersonation and perform the move operation as system. As the C:\XboxGames folder gives modify permissions to authenticated users group (even if it does not the user can change it to directory that is fully controlled by that user) user can delete c:\xboxgames folder, create new one, drop arbitrary dll inside C:\XboxGames\GameSave folder and add deny delete ACL for itself so that move operation fails while impersonating user.
#CVE_2024_28916 #MSRC #Microsoft #xbox #vulnerability #proofofconcept
-
Who expected an Xbox Gaming Services Elevation of Privilege Vulnerability to be a Zero Day?! Microsoft Security Response Center (MSRC) published CVE-2024-28916 (8.8 high), marked as Publicly Disclosed. "An attacker who successfully exploited this vulnerability could gain SYSTEM privileges." Proof-of-concept exploit code is available. This must have been serious enough to release an update and advisory outside of Patch Tuesday. 🔗 https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-28916
cc: @campuscodi
#CVE_2024_28916 #MSRC #Microsoft #xbox #vulnerability #proofofconcept
-
I've made #MSRC’s 2023 Q4 Top #Security Researchers Leaderboard!
It was a pleasure working with @microsoft to improve the security posture of their #Azure ecosystem. Some coordinated disclosure advisories and writeups are coming, so stay tuned on the @hnsec blog.
-
Microsoft sufre un robo de correos corporativos por parte de ciberdelincuentes rusos https://blog.elhacker.net/2024/01/microsoft-sufre-un-robo-de-correos-corporativo-nobelium-rusia.html #microsoft #nobelium #rusia #msrc #apt
-
A privilege elevation bug I reported to #msrc just got fixed: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21688
Will give a few more details once people have enough time to patch, but it allows LPE from any process. #cve202321688 #patchtuesday #vulndev
-
#MSRC Security Update Guide Improvement – Representing Hotpatch Updates https://bit.ly/3vrf8Mc