vulnerability

/Tag: vulnerability

Embedded Video with MS Word Woes

2018-12-04T22:01:08+00:00

November 1, 2018 Embedded Video with MS Word Woes - WST Last week a new Microsoft Word vulnerability was discovered concerning embedded video. This vulnerability allows malicious code to be placed inside of a Word document containing an embedded video link. This malicious code can be executed in the background without prompting the user. This vulnerability appears to affect even the most recent versions of Microsoft Word. This method will likely become very popular with phishing campaigns. Currently no patch exists for this yet to be a CVSS number assigned vulnerability. Current potential mitigation methods would be [...]

Embedded Video with MS Word Woes2018-12-04T22:01:08+00:00

Got ourselves stuck in APCL here – WST

2018-08-30T16:42:45+00:00

August 30, 2018 Got ourselves stuck in APCL here - WST News broke on Twitter at the start of this week that a currently unpatched privilege escalation bug was found in 64-bit versions of the windows 10 and Windows Server 2016 operating systems. The bug itself is a part of the advanced local procedure call (APCL) of task scheduler and allows a malicious user to set a DACL (Discretionary access control list). The change of DACL will allow the user to set the security of a file in the C:\Windows\tasks path. Which means a malicious hard link [...]

Got ourselves stuck in APCL here – WST2018-08-30T16:42:45+00:00

Cisco Smart Install RCE Vulnerability – WST

2018-05-17T18:58:26+00:00

April 12, 2018 Cisco Smart Install RCE Vulnerability - WST Cisco Smart Install RCE VulnerabilityCisco’s Smart Install, while providing IT staffs with a relatively painless way to deploy new network equipment, has seen a recent uptick in attacks.  Vulnerabilities for this service go back to 2011, and all of them include at least a Denial of Service (DoS) component that will at best reboot the device, and at worst, crash it.  Along with the DoS potential, the newest vulnerability contains the potential for remote code execution.  This would allow an attacker to execute arbitrary code on the targeted network device. RecommendationsWhat [...]

Cisco Smart Install RCE Vulnerability – WST2018-05-17T18:58:26+00:00