{"vulnerability": "CVE-2024-38014", "sightings": [{"uuid": "fb709b5d-82fb-4999-b008-1e62b350afbe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38014", "type": "seen", "source": "https://www.thezdi.com/blog/2024/9/10/the-september-2024-security-update-review", "content": "", "creation_timestamp": "2024-09-10T17:25:32.000000Z"}, {"uuid": "51a75ed2-9011-4ce2-a012-5eabc51e39ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38014", "type": "seen", "source": "MISP/aaf97b2c-ad16-4ce6-928a-a440112d0fd3", "content": "", "creation_timestamp": "2024-09-16T19:13:31.000000Z"}, {"uuid": "1bd826ae-18cb-4c53-babc-66f90920e478", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38014", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2024-09-20T18:10:03.000000Z"}, {"uuid": "4ee6e3fb-6f64-4b7a-bd41-16e6141e4b03", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38014", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:59.000000Z"}, {"uuid": "ae175c35-e31c-403e-b8bd-7f90ed16ccf9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2024-38014", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/b40317e0-827e-49f6-9d88-4c6df33e8ca4", "content": "", "creation_timestamp": "2026-02-02T12:26:29.473448Z"}, {"uuid": "75188ded-682b-4f6a-bed9-798389fa3429", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-38014", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=1368", "content": "", "creation_timestamp": "2024-09-11T04:00:00.000000Z"}, {"uuid": "fe5c6171-adab-4c8d-a588-a0dbc6e5bdc1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38014", "type": "seen", "source": "https://t.me/itsec_news/4689", "content": "\u200b\u26a1\ufe0f79 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0438 4 0Day: \u043a\u0430\u043a \u043f\u0440\u043e\u0448\u0435\u043b Patch Tuesday \u0443 Microsoft\n\n\ud83d\udcac Microsoft \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 \u0441\u0435\u043d\u0442\u044f\u0431\u0440\u044c\u0441\u043a\u043e\u0433\u043e Patch Tuesday 2024, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u044e\u0442 79 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439. \u0421\u0440\u0435\u0434\u0438 \u043d\u0438\u0445 \u2014 4 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u044b\u0445, (\u0432 \u0442.\u0447. 1 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0430\u044f) \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f (zero-day).\n\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0432\u043a\u043b\u044e\u0447\u0430\u0435\u0442 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f 7 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0441\u0432\u044f\u0437\u0430\u043d\u044b \u0441 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u044b\u043c \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u043a\u043e\u0434\u0430 \u0438 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u0435\u043c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439. \u0412 \u0447\u0438\u0441\u043b\u0435 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u043f\u0440\u043e\u0431\u043b\u0435\u043c:\n\n30 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439;\n4 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043e\u0431\u0445\u043e\u0434\u0430 \u0444\u0443\u043d\u043a\u0446\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438;\n23 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430;\n11 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438;\n8 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0442\u0438\u043f\u0430 \u00ab\u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438\u00bb;\n3 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0441\u043f\u0443\u0444\u0438\u043d\u0433\u0430.\n\n\u0412\u0430\u0436\u043d\u043e\u0439 \u0447\u0430\u0441\u0442\u044c\u044e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0442\u0430\u043b\u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f 4-\u0451\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438\u0441\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 \u043e\u0434\u043d\u0430 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0430\u044f.\n\n\u0421\u043f\u0438\u0441\u043e\u043a \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f:\n\nCVE-2024-38014 \u2014 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0432 Windows Installer\n\n\u041f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0435 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u043d\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u0445 \u0441 Windows. \u041f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0435\u0439 \u043e \u043c\u0435\u0442\u043e\u0434\u0430\u0445 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f Microsoft \u043f\u043e\u043a\u0430 \u043d\u0435 \u0440\u0430\u0441\u043a\u0440\u044b\u043b\u0430.\n\nCVE-2024-38217 \u2014 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0431\u0445\u043e\u0434\u0430 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 Mark of the Web (MotW)\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u044b\u043b\u0430 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0430 \u0432 \u0430\u0432\u0433\u0443\u0441\u0442\u0435 2024 \u0433\u043e\u0434\u0430. \u042d\u043a\u0441\u043f\u0435\u0440\u0442\u044b \u043f\u043e\u043b\u0430\u0433\u0430\u044e\u0442, \u0447\u0442\u043e \u043e\u0448\u0438\u0431\u043a\u0430 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u0441 2018 \u0433\u043e\u0434\u0430. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u0442\u0435\u0445\u043d\u0438\u043a\u0443 LNK Stomping, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u043c LNK-\u0444\u0430\u0439\u043b\u0430\u043c \u043e\u0431\u0445\u043e\u0434\u0438\u0442\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 Smart App Control \u0438 \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u044f \u043e\u0442 Mark of the Web (MotW).\n\n\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0441\u043e\u0437\u0434\u0430\u0432\u0430\u0442\u044c \u0444\u0430\u0439\u043b\u044b, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043e\u0431\u0445\u043e\u0434\u044f\u0442 \u0437\u0430\u0449\u0438\u0442\u0443 MotW, \u0447\u0442\u043e \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u043a \u043f\u043e\u0442\u0435\u0440\u0435 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u0438 \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u0438 \u0442\u0430\u043a\u0438\u0445 \u0444\u0443\u043d\u043a\u0446\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u043a\u0430\u043a SmartScreen Application Reputation \u0438 Windows Attachment Services.\n\nCVE-2024-38226 \u2014 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0431\u0445\u043e\u0434\u0430 \u0444\u0443\u043d\u043a\u0446\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 Microsoft Publisher\n\n\u041e\u0448\u0438\u0431\u043a\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b\u0430 \u043e\u0431\u043e\u0439\u0442\u0438 \u0437\u0430\u0449\u0438\u0442\u0443 \u043e\u0442 \u0432\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u044b\u0445 \u043c\u0430\u043a\u0440\u043e\u0441\u043e\u0432 \u0432 \u0437\u0430\u0433\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0445 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u0445. \u0412 \u0441\u043b\u0443\u0447\u0430\u0435 \u0443\u0441\u043f\u0435\u0448\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u043b\u0438 \u043e\u0431\u0445\u043e\u0434\u0438\u0442\u044c \u043f\u043e\u043b\u0438\u0442\u0438\u043a\u0438 Office, \u0431\u043b\u043e\u043a\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043f\u043e\u0434\u043e\u0437\u0440\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u0444\u0430\u0439\u043b\u044b. \u041f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u043e \u0442\u043e\u043c, \u043a\u0430\u043a \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430\u0441\u044c, \u043d\u0435 \u0440\u0430\u0441\u043a\u0440\u044b\u0432\u0430\u044e\u0442\u0441\u044f.\n\nCVE-2024-43491 \u2014 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 \u0432 \u0426\u0435\u043d\u0442\u0440\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0441\u0442\u0435\u043a\u0435 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u044b\u0439 \u043a\u043e\u0434. \u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u043b\u0430 Windows 10 \u0432\u0435\u0440\u0441\u0438\u0438 1507, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0434\u043e\u0441\u0442\u0438\u0433\u043b\u0430 \u043a\u043e\u043d\u0446\u0430 \u0436\u0438\u0437\u043d\u0435\u043d\u043d\u043e\u0433\u043e \u0446\u0438\u043a\u043b\u0430 \u0432 2017 \u0433\u043e\u0434\u0443, \u043d\u043e \u0442\u0430\u043a\u0436\u0435 \u043e\u0441\u0442\u0430\u0451\u0442\u0441\u044f \u0430\u043a\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0439 \u0434\u043b\u044f Windows 10 Enterprise 2015 LTSB \u0438 Windows 10 IoT Enterprise 2015 LTSB, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0432\u0441\u0451 \u0435\u0449\u0451 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u044e\u0442\u0441\u044f.\n\n\u041e\u0448\u0438\u0431\u043a\u0430 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0442\u0435\u043c, \u0447\u0442\u043e \u0432 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0435 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043d\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u0445 \u0441 Windows 10 1507 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0435 \u0440\u0430\u043d\u0435\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0441\u043d\u043e\u0432\u0430 \u0441\u0442\u0430\u043d\u043e\u0432\u0438\u043b\u0438\u0441\u044c \u0430\u043a\u0442\u0438\u0432\u043d\u044b\u043c\u0438. \u0414\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0442\u0440\u0435\u0431\u0443\u0435\u0442\u0441\u044f \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0441\u0442\u0435\u043a\u0430 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u044f \u0437\u0430 \u0441\u0435\u043d\u0442\u044f\u0431\u0440\u044c 2024 \u0433\u043e\u0434\u0430 \u0438 \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438.\n\n\u041f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u043e \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b\u0445 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430\u0445 \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u0430\u0445 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043c\u043e\u0436\u043d\u043e \u043d\u0430\u0439\u0442\u0438 \u0432 \u043e\u0444\u0438\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0439 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u0446\u0438\u0438 Microsoft. \u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u044f\u0437\u0430\u0442\u0435\u043b\u044c\u043d\u043e\u0435 \u043d\u0430\u043a\u043e\u043f\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 Windows 11 23H2 KB5043076, \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0449\u0435\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f Patch Tuesday \u0437\u0430 \u0441\u0435\u043d\u0442\u044f\u0431\u0440\u044c. \u0421\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b BleepingComputer \u0441\u043e\u0441\u0442\u0430\u0432\u0438\u043b\u0438 \u043f\u043e\u043b\u043d\u044b\u0439 \u0441\u043f\u0438\u0441\u043e\u043a \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0439 Microsoft \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 Patch Tuesday.\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2024-09-11T16:34:35.000000Z"}, {"uuid": "df85bac1-8f32-4889-b815-32bad2bdb684", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38014", "type": "published-proof-of-concept", "source": "https://t.me/ap_security/709", "content": "#pentest  #tools\n\nCVE-2024-38014\n\nCVE-2024-38014 \u2014 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 Windows Installer, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043f\u043e\u0432\u044b\u0448\u0430\u0442\u044c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u0434\u043e \u0443\u0440\u043e\u0432\u043d\u044f SYSTEM.\n\u041e\u0446\u0435\u043d\u043a\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e \u0448\u043a\u0430\u043b\u0435 CVSS 3.1 \u2014 7.8 \u0431\u0430\u043b\u043b\u043e\u0432.\n\n\u0412 \u043f\u0440\u0435\u0434\u043b\u043e\u0436\u0435\u043d\u043d\u043e\u0439 \u0441\u0442\u0430\u0442\u044c\u0435 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u0435\u043d \u0440\u0430\u0437\u0431\u043e\u0440 \u0434\u0430\u043d\u043d\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438.\n\n\u0422\u0430\u043a\u0436\u0435 \u043c\u0435\u0441\u044f\u0446 \u043d\u0430\u0437\u0430\u0434 \u043f\u043e\u044f\u0432\u0438\u043b\u0441\u044f \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442 ( \u043f\u043e\u043a\u0430 \u0435\u0449\u0451 \u0441\u044b\u0440\u043e\u0432\u0430\u0442\u044b\u0439 ), \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0438\u0439 \u0441\u0434\u0435\u043b\u0430\u0442\u044c \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0451\u043d\u043d\u0443\u044e \u043e\u0446\u0435\u043d\u043a\u0443 \u043f\u043e\u0434\u0432\u0435\u0440\u0436\u0435\u043d\u043d\u043e\u0441\u0442\u0438 \u0430\u0442\u0430\u043a\u0435.", "creation_timestamp": "2024-10-21T05:12:13.000000Z"}, {"uuid": "b71abc37-4c66-4e9a-b9c4-465c5e83ba0e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38014", "type": "exploited", "source": "https://t.me/kasperskyb2b/1408", "content": "\ud83d\udd2c \u0421\u0435\u043d\u0442\u044f\u0431\u0440\u044c\u0441\u043a\u0438\u0439 \u0432\u0442\u043e\u0440\u043d\u0438\u043a \u043f\u0430\u0442\u0447\u0435\u0439: 3-5 \u0437\u0438\u0440\u043e\u0434\u0435\u0435\u0432 \u0438 79 CVE\n\n\u041f\u0435\u0440\u0432\u044b\u0439 \u043e\u0441\u0435\u043d\u043d\u0438\u0439 \u043f\u0430\u043a\u0435\u0442 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 Microsoft \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u0442 79 \u0434\u0435\u0444\u0435\u043a\u0442\u043e\u0432, \u0432\u043a\u043b\u044e\u0447\u0430\u044f 7 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445. \u0411\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u043e CVE (30) \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0442 \u043a \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044e \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439, RCE \u2014 23, \u0440\u0430\u0437\u0433\u043b\u0430\u0448\u0435\u043d\u0438\u0435 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u2014 11, DoS \u2014 8, \u043e\u0431\u0445\u043e\u0434 \u0444\u0443\u043d\u043a\u0446\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u2014 4.\n\n4 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0437\u0430\u044f\u0432\u043b\u0435\u043d\u044b \u043a\u0430\u043a \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u044b\u0435 \u0432\u0436\u0438\u0432\u0443\u044e, \u043d\u043e \u043f\u0440\u0438 \u0436\u0435\u043b\u0430\u043d\u0438\u0438 \u043c\u043e\u0436\u043d\u043e \u043d\u0430\u0441\u0447\u0438\u0442\u0430\u0442\u044c \u0442\u0440\u0438 \u0438\u043b\u0438 \u043f\u044f\u0442\u044c \ud83e\udd21. CVE-2024-43491 (RCE, CVSS 9.8) \u044d\u0442\u043e \u00ab\u0441\u0430\u043c\u043e\u0441\u0442\u0440\u0435\u043b\u00bb \u2014 \u0434\u0435\u0444\u0435\u043a\u0442 \u0432 \u043c\u0430\u0440\u0442\u043e\u0432\u0441\u043a\u043e\u043c Patch Tuesday \u043f\u0440\u0438\u0432\u0451\u043b \u043a \u043e\u0442\u043a\u0430\u0442\u0443 \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u043e\u043f\u0446\u0438\u043e\u043d\u0430\u043b\u044c\u043d\u044b\u0445 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u043e\u0432 \u0442\u043e\u043b\u044c\u043a\u043e \u043d\u0430 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445 \u0441\u043e \u0441\u0442\u0430\u0440\u043e\u0439 \u0441\u0431\u043e\u0440\u043a\u043e\u0439 Windows 10 (\u0432\u0435\u0440\u0441\u0438\u0438 1507, \u0432\u043a\u043b\u044e\u0447\u0430\u044f Windows 10 Enterprise 2015 LTSB \u0438  IoT Enterprise 2015 LTSB). \u0422\u0430\u043a\u0438\u043c \u043e\u0431\u0440\u0430\u0437\u043e\u043c \u0441\u0430\u043c\u0430 CVE-2024-43491 \u0432\u0440\u043e\u0434\u0435 \u0431\u044b \u043d\u0438\u043a\u0435\u043c \u043d\u0435 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u0442\u0441\u044f, \u043d\u043e \u043e\u043d\u0430 \u0441\u043d\u043e\u0432\u0430 \u0430\u043a\u0442\u0438\u0432\u0438\u0440\u043e\u0432\u0430\u043b\u0430 \u0441\u0442\u0430\u0440\u044b\u0435, \u0440\u0430\u043d\u0435\u0435 \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u0432\u0448\u0438\u0435\u0441\u044f \u0432 \u0430\u0442\u0430\u043a\u0430\u0445 \u0431\u0430\u0433\u0438. \u0412 \u0431\u044e\u043b\u043b\u0435\u0442\u0435\u043d\u0435 \u0443\u043a\u0430\u0437\u0430\u043d\u044b \u043e\u043f\u0446\u0438\u043e\u043d\u0430\u043b\u044c\u043d\u044b\u0435 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u044b Windows, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u043e\u0434\u0432\u0435\u0440\u0433\u043b\u0438\u0441\u044c \u044d\u0442\u043e\u043c\u0443 \u0434\u0430\u0443\u043d\u0433\u0440\u0435\u0439\u0434\u0443, \u0430 \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u0434\u0432\u0430 \u043f\u0430\u043a\u0435\u0442\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439: KB5043936 \u0438 KB5043083.\n\n\u0414\u0440\u0443\u0433\u0438\u0435 \u0437\u0438\u0440\u043e\u0434\u0435\u0438:\n- CVE-2024-38217 (CVSS 5.4) \u2014 \u044d\u0442\u043e \u043e\u0447\u0435\u0440\u0435\u0434\u043d\u043e\u0439 \u0444\u0438\u043a\u0441 \u0434\u043b\u044f LNK stomping, \u043e\u0431\u0445\u043e\u0434\u0430 MotW. \u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e \u0440\u0430\u0437\u043e\u0431\u0440\u0430\u043d\u0430 \u0418\u0411-\u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u0430\u043c\u0438, \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u0432\u0436\u0438\u0432\u0443\u044e, \u043f\u0440\u0438\u0447\u0451\u043c \u043c\u043d\u043e\u0433\u043e \u043b\u0435\u0442.\n- CVE-2024-38014 (CVSS 7.8) \u2014 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u0435 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0434\u043e system \u0447\u0435\u0440\u0435\u0437 Windows Installer, \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u0432\u0436\u0438\u0432\u0443\u044e.\n- CVE-2024-38226 (CVSS 7.3) \u2014 \u043e\u0431\u0445\u043e\u0434 \u0444\u0443\u043d\u043a\u0446\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 Microsoft Publisher 2016, Microsoft Office LTSC 2021, Office 2019, \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442\u044c \u043a \u0437\u0430\u043f\u0443\u0441\u043a\u0443 \u043d\u0435\u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u0445 \u043c\u0430\u043a\u0440\u043e\u0441\u043e\u0432 \u0432 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0435, \u043d\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u043d\u0430\u0434\u043e \u0443\u0431\u0435\u0434\u0438\u0442\u044c \u0441\u043a\u0430\u0447\u0430\u0442\u044c \u0438 \u043e\u0442\u043a\u0440\u044b\u0442\u044c \u044d\u0442\u043e\u0442 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442. \u0427\u0435\u0440\u0435\u0437 \u043f\u0430\u043d\u0435\u043b\u044c \u043f\u0440\u0435\u0434\u0432\u0430\u0440\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0441\u043c\u043e\u0442\u0440\u0430 \u0430\u0442\u0430\u043a\u0430 \u043d\u0435 \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442.\n\n\u0411\u043e\u043d\u0443\u0441-\u0442\u0440\u0435\u043a: Zero Day Initiative \u0441\u0447\u0438\u0442\u0430\u044e\u0442, \u0447\u0442\u043e \u0435\u0449\u0451 \u043e\u0434\u0438\u043d \u0443\u0441\u0442\u0440\u0430\u043d\u0451\u043d\u043d\u044b\u0439 \u0434\u0435\u0444\u0435\u043a\u0442 (CVE-2024-43461, CVSS 8.8, spoofing \u0432 MSHTML) \u0442\u043e\u0436\u0435 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u0432\u0436\u0438\u0432\u0443\u044e.\n\n\u0421\u0440\u0435\u0434\u0438 \u0434\u0435\u0444\u0435\u043a\u0442\u043e\u0432, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043d\u0435 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u043b\u0438\u0441\u044c \u0432\u0436\u0438\u0432\u0443\u044e, \u0442\u0440\u0435\u0432\u043e\u0433\u0443 \u0432\u044b\u0437\u044b\u0432\u0430\u044e\u0442 \u0434\u0432\u0430 \u0431\u0430\u0433\u0430 \u0432 Sharepoint: CVE-2024-38018 (RCE, CVSS 8.8) \u0438 CVE-2024-43464 (RCE, CVSS 7.2) \u2014 \u043e\u0431\u0435 \u0442\u0440\u0435\u0431\u0443\u044e\u0442 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438, \u043d\u043e \u043f\u0435\u0440\u0432\u0430\u044f \u0430\u0442\u0430\u043a\u0430 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u0430 \u043d\u0438\u0437\u043a\u043e\u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c. \u0413\u0440\u043e\u0437\u043d\u043e \u0432\u044b\u0433\u043b\u044f\u0434\u044f\u0449\u0438\u0439 \u0434\u0435\u0444\u0435\u043a\u0442 \u0432 Windows NAT (CVE-2024-38119, RCE, CVSS 7.5), \u0442\u0440\u0435\u0431\u0443\u0435\u0442 \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442\u044c \u0430\u0442\u0430\u043a\u0443 \u0438\u0437 \u0442\u043e\u0439 \u0436\u0435 \u043f\u043e\u0434\u0441\u0435\u0442\u0438, \u0433\u0434\u0435 \u043d\u0430\u0445\u043e\u0434\u0438\u0442\u0441\u044f \u0436\u0435\u0440\u0442\u0432\u0430, \u0438 \u0443\u0441\u043f\u0435\u0448\u043d\u043e \u043f\u0440\u043e\u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0433\u043e\u043d\u043a\u0443 (race condition).\n\n#\u043d\u043e\u0432\u043e\u0441\u0442\u0438 #\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 #Microsoft @\u041f2\u0422", "creation_timestamp": "2024-09-11T09:47:58.000000Z"}, {"uuid": "320e1735-b870-4eb9-a5df-4d365f4d734c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38014", "type": "exploited", "source": "Telegram/xUYPQjUp4GMzJzxCxVPxpmX_pz2X3ri3FoNz3_tdQbrrGXw", "content": "", "creation_timestamp": "2024-09-24T18:11:53.000000Z"}, {"uuid": "1fed4f00-fdea-44bf-931c-624ef636e477", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38014", "type": "published-proof-of-concept", "source": "https://t.me/ton618cyber/3866", "content": "#tools\n#Blue_Team_Techniques\n1. msiscan - scanning tool for identifying LPE issues in vulnerable MSI installers (CVE-2024-38014)\nhttps://github.com/sec-consult/msiscan\n2. SmugglShild - Basic protection against HTML smuggling attempts\nhttps://github.com/RootUp/SmuggleSheild", "creation_timestamp": "2024-09-19T10:18:53.000000Z"}, {"uuid": "6ca285c3-ff88-4050-8852-48cc8771f967", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38014", "type": "exploited", "source": "https://t.me/HackingInsights/13536", "content": "\u200aResearchers Detail CVE-2024-38014 0-Day Vulnerability in Windows MSI Installers Exploited in the Wild\n\nhttps://securityonline.info/researchers-detail-cve-2024-38014-0-day-vulnerability-in-windows-msi-installers-exploited-in-the-wild/", "creation_timestamp": "2024-09-19T13:17:00.000000Z"}, {"uuid": "f65589c5-5758-4f22-8617-b86685b5f6d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38014", "type": "seen", "source": "https://t.me/CyberBulletin/618", "content": "\u26a1\ufe0f4 CVE exploited in the wild, on Microsoft's Patch      \n\nCVE-2024-43491 - 9.8 - Microsoft Windows Update Remote Code Execution Vulnerability\n    CVE-2024-38014 - 7.8 - Windows Installer Elevation of Privilege Vulnerability\n    CVE-2024-38226 - 7.3 - Microsoft Publisher Security Feature Bypass Vulnerability\n    CVE-2024-38217 - 5.4 - Windows Mark of the Web Security Feature Bypass Vulnerability\n\n#CyberBulletin", "creation_timestamp": "2024-09-11T15:26:05.000000Z"}, {"uuid": "6c9308a7-a881-4c03-804f-be821e752592", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38014", "type": "published-proof-of-concept", "source": "https://t.me/HackerArsenal/396", "content": "#tools\n#Blue_Team_Techniques\n1. msiscan - scanning tool for identifying LPE issues in vulnerable MSI installers (CVE-2024-38014)\nhttps://github.com/sec-consult/msiscan\n2. SmugglShild - Basic protection against HTML smuggling attempts\nhttps://github.com/RootUp/SmuggleSheild", "creation_timestamp": "2024-09-19T13:11:55.000000Z"}, {"uuid": "c4987902-3042-4816-bf40-85a901bc0c6b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38014", "type": "published-proof-of-concept", "source": "https://t.me/ton618cyber/935", "content": "#tools\n#Blue_Team_Techniques\n1. msiscan - scanning tool for identifying LPE issues in vulnerable MSI installers (CVE-2024-38014)\nhttps://github.com/sec-consult/msiscan\n2. SmugglShild - Basic protection against HTML smuggling attempts\nhttps://github.com/RootUp/SmuggleSheild", "creation_timestamp": "2024-09-19T10:18:53.000000Z"}, {"uuid": "2e4e4353-fb17-4fd4-9df5-0c9ec116e577", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38014", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3727", "content": "Tools - Hackers Factory \n\nWrite-up of a malware analysis of an #opendir python code.\n\nOpen Dir -> Obfuscated Python -> DONUT Launcher -> XWorm\n\nhttps://github.com/lasq88/MalwareAnalysis/blob/main/writeups/xworm/xworm.md\n\nWhatsApp-extension-manipulation-PoC\n\nhttps://github.com/0x6rss/WhatsApp-extension-manipulation-PoC/blob/main/wp.py\n\nThe simulation includes written tools, C2 servers, backdoors, exploitation techniques, stagers, bootloaders, and many other tools.\n\nHttps://github.com/S3N4T0R-0X0/APT-Attack-Simulation\n\nIvanti EPM AgentPortal RCE Vulnerability\n \nhttps://github.com/horizon3ai/CVE-2024-29847\n\nCVE-2024-29847: Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.\n\nhttps://github.com/horizon3ai/CVE-2024-29847\n\nCVE-2024-38014: Windows Installer Elevation of Privilege Vulnerability.\n\nhttps://github.com/sec-consult/msiscan?tab=readme-ov-file\n\nCVE-2024-30051: Windows DWM Core Library Elevation of Privilege Vulnerability.\n\nhttps://github.com/fortra/CVE-2024-30051?tab=readme-ov-file\n\nDecrypt GlobalProtect configuration and cookie files.\n \nhttps://github.com/rotarydrone/GlobalUnProtect\n\nSniffnet\n\nApplication to comfortably monitor your Internet traffic\n\nhttps://github.com/GyulyVGC/sniffnet\n\nParse FFUF results in GUI with option to sort based on response code, size, keyword\n\nhttps://github.com/VikzSharma/ffufwebparser\n\n#CyberDilara \nhttps://t.me/CyberDilara", "creation_timestamp": "2024-09-16T08:50:19.000000Z"}, {"uuid": "62fbc6df-a396-4874-b32d-a77310ea431a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38014", "type": "published-proof-of-concept", "source": "https://t.me/CyberDilara/887", "content": "Tools - Hackers Factory \n\nWrite-up of a malware analysis of an #opendir python code.\n\nOpen Dir -> Obfuscated Python -> DONUT Launcher -> XWorm\n\nhttps://github.com/lasq88/MalwareAnalysis/blob/main/writeups/xworm/xworm.md\n\nWhatsApp-extension-manipulation-PoC\n\nhttps://github.com/0x6rss/WhatsApp-extension-manipulation-PoC/blob/main/wp.py\n\nThe simulation includes written tools, C2 servers, backdoors, exploitation techniques, stagers, bootloaders, and many other tools.\n\nHttps://github.com/S3N4T0R-0X0/APT-Attack-Simulation\n\nIvanti EPM AgentPortal RCE Vulnerability\n \nhttps://github.com/horizon3ai/CVE-2024-29847\n\nCVE-2024-29847: Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.\n\nhttps://github.com/horizon3ai/CVE-2024-29847\n\nCVE-2024-38014: Windows Installer Elevation of Privilege Vulnerability.\n\nhttps://github.com/sec-consult/msiscan?tab=readme-ov-file\n\nCVE-2024-30051: Windows DWM Core Library Elevation of Privilege Vulnerability.\n\nhttps://github.com/fortra/CVE-2024-30051?tab=readme-ov-file\n\nDecrypt GlobalProtect configuration and cookie files.\n \nhttps://github.com/rotarydrone/GlobalUnProtect\n\nSniffnet\n\nApplication to comfortably monitor your Internet traffic\n\nhttps://github.com/GyulyVGC/sniffnet\n\nParse FFUF results in GUI with option to sort based on response code, size, keyword\n\nhttps://github.com/VikzSharma/ffufwebparser\n\n#CyberDilara \nhttps://t.me/CyberDilara", "creation_timestamp": "2024-09-16T08:50:40.000000Z"}, {"uuid": "6f52eb08-721b-4220-a50c-5a03846c2bd9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38014", "type": "published-proof-of-concept", "source": "https://t.me/InfoSecInsider/23794", "content": "Tools - Hackers Factory \n\nWrite-up of a malware analysis of an #opendir python code.\n\nOpen Dir -> Obfuscated Python -> DONUT Launcher -> XWorm\n\nhttps://github.com/lasq88/MalwareAnalysis/blob/main/writeups/xworm/xworm.md\n\nWhatsApp-extension-manipulation-PoC\n\nhttps://github.com/0x6rss/WhatsApp-extension-manipulation-PoC/blob/main/wp.py\n\nThe simulation includes written tools, C2 servers, backdoors, exploitation techniques, stagers, bootloaders, and many other tools.\n\nHttps://github.com/S3N4T0R-0X0/APT-Attack-Simulation\n\nIvanti EPM AgentPortal RCE Vulnerability\n https://github.com/horizon3ai/CVE-2024-29847\n\nCVE-2024-29847: Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.\n\nhttps://github.com/horizon3ai/CVE-2024-29847\n\nCVE-2024-38014: Windows Installer Elevation of Privilege Vulnerability.\n\nhttps://github.com/sec-consult/msiscan?tab=readme-ov-file\n\nCVE-2024-30051: Windows DWM Core Library Elevation of Privilege Vulnerability.\n\nhttps://github.com/fortra/CVE-2024-30051?tab=readme-ov-file\n\nDecrypt GlobalProtect configuration and cookie files.\n https://github.com/rotarydrone/GlobalUnProtect\n\nSniffnet\n\nApplication to comfortably monitor your Internet traffic\n\nhttps://github.com/GyulyVGC/sniffnet\n\nParse FFUF results in GUI with option to sort based on response code, size, keyword\n\nhttps://github.com/VikzSharma/ffufwebparser\n\n#CyberDilara \nhttps://t.me/CyberDilara", "creation_timestamp": "2024-09-16T08:41:53.000000Z"}, {"uuid": "3285a5ac-4c37-4c84-abd0-519f49dc588d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38014", "type": "published-proof-of-concept", "source": "Telegram/nMin041tCAky5Yc3vPV1PqzfXK90u6qblSscFk3GxUjBAFA", "content": "", "creation_timestamp": "2025-03-06T22:00:05.000000Z"}, {"uuid": "f2f6c282-e3bc-4f7d-8a74-1e369fad6d7e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38014", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/8752", "content": "Tools - Hackers Factory \n\nWrite-up of a malware analysis of an #opendir python code.\n\nOpen Dir -> Obfuscated Python -> DONUT Launcher -> XWorm\n\nhttps://github.com/lasq88/MalwareAnalysis/blob/main/writeups/xworm/xworm.md\n\nWhatsApp-extension-manipulation-PoC\n\nhttps://github.com/0x6rss/WhatsApp-extension-manipulation-PoC/blob/main/wp.py\n\nThe simulation includes written tools, C2 servers, backdoors, exploitation techniques, stagers, bootloaders, and many other tools.\n\nHttps://github.com/S3N4T0R-0X0/APT-Attack-Simulation\n\nIvanti EPM AgentPortal RCE Vulnerability\n https://github.com/horizon3ai/CVE-2024-29847\n\nCVE-2024-29847: Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.\n\nhttps://github.com/horizon3ai/CVE-2024-29847\n\nCVE-2024-38014: Windows Installer Elevation of Privilege Vulnerability.\n\nhttps://github.com/sec-consult/msiscan?tab=readme-ov-file\n\nCVE-2024-30051: Windows DWM Core Library Elevation of Privilege Vulnerability.\n\nhttps://github.com/fortra/CVE-2024-30051?tab=readme-ov-file\n\nDecrypt GlobalProtect configuration and cookie files.\n https://github.com/rotarydrone/GlobalUnProtect\n\nSniffnet\n\nApplication to comfortably monitor your Internet traffic\n\nhttps://github.com/GyulyVGC/sniffnet\n\nParse FFUF results in GUI with option to sort based on response code, size, keyword\n\nhttps://github.com/VikzSharma/ffufwebparser\n\n#CyberDilara \nhttps://t.me/CyberDilara", "creation_timestamp": "2024-09-16T08:41:47.000000Z"}, {"uuid": "69e1849e-177f-459a-8fca-da07af93bc8b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38014", "type": "exploited", "source": "https://t.me/InfoSecInsider/23753", "content": "\u26a1\ufe0f4 CVE exploited in the wild, on Microsoft's Patch      \n\nCVE-2024-43491 - 9.8 - Microsoft Windows Update Remote Code Execution Vulnerability\n    CVE-2024-38014 - 7.8 - Windows Installer Elevation of Privilege Vulnerability\n    CVE-2024-38226 - 7.3 - Microsoft Publisher Security Feature Bypass Vulnerability\n    CVE-2024-38217 - 5.4 - Windows Mark of the Web Security Feature Bypass Vulnerability\n\n#CyberBulletin", "creation_timestamp": "2024-09-11T15:26:53.000000Z"}, {"uuid": "63c6189b-d521-4f78-9ecf-8743574201cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38014", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/7416", "content": "Tools - Hackers Factory \n\nWrite-up of a malware analysis of an #opendir python code.\n\nOpen Dir -> Obfuscated Python -> DONUT Launcher -> XWorm\n\nhttps://github.com/lasq88/MalwareAnalysis/blob/main/writeups/xworm/xworm.md\n\nWhatsApp-extension-manipulation-PoC\n\nhttps://github.com/0x6rss/WhatsApp-extension-manipulation-PoC/blob/main/wp.py\n\nThe simulation includes written tools, C2 servers, backdoors, exploitation techniques, stagers, bootloaders, and many other tools.\n\nHttps://github.com/S3N4T0R-0X0/APT-Attack-Simulation\n\nIvanti EPM AgentPortal RCE Vulnerability\n https://github.com/horizon3ai/CVE-2024-29847\n\nCVE-2024-29847: Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.\n\nhttps://github.com/horizon3ai/CVE-2024-29847\n\nCVE-2024-38014: Windows Installer Elevation of Privilege Vulnerability.\n\nhttps://github.com/sec-consult/msiscan?tab=readme-ov-file\n\nCVE-2024-30051: Windows DWM Core Library Elevation of Privilege Vulnerability.\n\nhttps://github.com/fortra/CVE-2024-30051?tab=readme-ov-file\n\nDecrypt GlobalProtect configuration and cookie files.\n https://github.com/rotarydrone/GlobalUnProtect\n\nSniffnet\n\nApplication to comfortably monitor your Internet traffic\n\nhttps://github.com/GyulyVGC/sniffnet\n\nParse FFUF results in GUI with option to sort based on response code, size, keyword\n\nhttps://github.com/VikzSharma/ffufwebparser\n\n#CyberDilara \nhttps://t.me/CyberDilara", "creation_timestamp": "2024-09-16T08:41:47.000000Z"}, {"uuid": "41db9a72-4507-448d-9f54-a25c042725ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38014", "type": "exploited", "source": "https://t.me/true_secator/6189", "content": "\u041f\u043e\u0434\u043a\u0430\u0442\u0438\u043b \u0441\u0435\u043d\u0442\u044f\u0431\u0440\u044c\u0441\u043a\u0438\u0439 PatchTuesday \u043e\u0442 Microsoft \u0441 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f\u043c\u0438 \u0434\u043b\u044f 79 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0447\u0435\u0442\u044b\u0440\u0435 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u044b\u0445 \u0438 \u043e\u0434\u043d\u0443 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0443\u044e 0-day.\n\n\u0412 \u0446\u0435\u043b\u043e\u043c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u043e \u0441\u0435\u043c\u044c \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0445 \u0441 RCE \u0438 EoP. \u041e\u0431\u0449\u0435\u0435 \u0440\u0430\u0441\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u0438\u0435: 30 - EoP, 4 - \u043e\u0431\u0445\u043e\u0434 \u0444\u0443\u043d\u043a\u0446\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, 23 - RCE, 11 - \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438, 8 - DoS \u0438 3 - \u0441\u043f\u0443\u0444\u0438\u043d\u0433.\n\n\u0421\u0440\u0435\u0434\u0438 \u0447\u0435\u0442\u044b\u0440\u0435 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u044b\u0445 \u043d\u0443\u043b\u0435\u0439:\n\n- CVE-2024-38014: \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0449\u0438\u043a\u0435 Windows, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u043e\u043b\u0443\u0447\u0430\u0442\u044c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 SYSTEM \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445 Windows.\n\n\u041e\u0448\u0438\u0431\u043a\u0430 \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u041c\u0430\u0439\u043a\u043b\u043e\u043c \u0411\u044d\u0440\u043e\u043c \u0438\u0437 SEC Consult Vulnerability Lab. \u041f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u043d\u0435 \u0440\u0430\u0437\u0433\u043b\u0430\u0448\u0430\u044e\u0442\u0441\u044f.\n\n- CVE-2024-38217: \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0431\u0445\u043e\u0434\u0430 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 Windows Mark of the Web, \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0430\u044f \u0432 \u043f\u0440\u043e\u0448\u043b\u043e\u043c \u043c\u0435\u0441\u044f\u0446\u0435\u00a0\u0414\u0436\u043e \u0414\u0435\u0441\u0438\u043c\u043e\u043d\u043e\u043c \u0438\u0437 Elastic Security \u0438 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u0441 2018 \u0433\u043e\u0434\u0430.\n\n\u0420\u0435\u0430\u043b\u0438\u0437\u0443\u0435\u0442 \u043c\u0435\u0442\u043e\u0434 LNK-stomping, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0438\u0439 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u043c LNK-\u0444\u0430\u0439\u043b\u0430\u043c \u0441 \u043d\u0435\u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043d\u044b\u043c\u0438 \u0446\u0435\u043b\u0435\u0432\u044b\u043c\u0438 \u043f\u0443\u0442\u044f\u043c\u0438 \u0438\u043b\u0438 \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0438\u043c\u0438 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0432\u044b\u0437\u044b\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0440\u044b\u0442\u0438\u0435 \u0444\u0430\u0439\u043b\u0430, \u043e\u0431\u0445\u043e\u0434\u044f \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 Smart App Control \u0438 Mark of the Web.\n\n- CVE-2024-38226: \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0431\u0445\u043e\u0434\u0430 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 Microsoft Publisher, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043e\u0431\u0445\u043e\u0434\u0438\u0442\u044c \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0437\u0430\u0449\u0438\u0442\u044b \u043e\u0442 \u0432\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u044b\u0445 \u043c\u0430\u043a\u0440\u043e\u0441\u043e\u0432 \u0432 Office. Microsoft \u043d\u0435 \u0440\u0430\u0441\u043a\u0440\u044b\u043b\u0430, \u043a\u0442\u043e \u0438\u043c\u0435\u043d\u043d\u043e \u0440\u0430\u0441\u043a\u0440\u044b\u043b \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438 \u043a\u0430\u043a \u043e\u043d\u0430 \u0431\u044b\u043b\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430.\n\n- CVE-2024-43491: RCE-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0426\u0435\u043d\u0442\u0440\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f Microsoft Windows. \u041e\u0448\u0438\u0431\u043a\u0430 Servicing Stack \u043f\u0440\u0438\u0432\u0435\u043b\u0430 \u043a \u043e\u0442\u043c\u0435\u043d\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0439 \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u0432\u043b\u0438\u044f\u044e\u0449\u0438\u0445 \u043d\u0430 \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u044b \u0432 Windows 10 \u0432\u0435\u0440\u0441\u0438\u0438 1507.\n\n\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0432\u043e\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0440\u0430\u043d\u0435\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u043d\u044b\u043c\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c\u0438 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445 Windows 10 \u0432\u0435\u0440\u0441\u0438\u0438 1507, \u043d\u0430 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u043e \u043c\u0430\u0440\u0442\u043e\u0432\u0441\u043a\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 KB5035858 \u0438\u043b\u0438 \u0434\u0440\u0443\u0433\u0438\u0435, \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u043d\u044b\u0435 \u0434\u043e \u0430\u0432\u0433\u0443\u0441\u0442\u0430 2024 \u0433\u043e\u0434\u0430. \u0412\u0441\u0435 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0438\u0435 \u043d\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u044b.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0442\u0435\u043a\u0430 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u0442\u0441\u044f \u043f\u0443\u0442\u0435\u043c \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 \u0441\u0435\u043d\u0442\u044f\u0431\u0440\u044c\u0441\u043a\u0438\u0445 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0441\u0442\u0435\u043a\u0430 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u044f (SSU KB5043936) \u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 Windows (KB5043083), \u0438\u043c\u0435\u043d\u043d\u043e \u0432 \u0442\u0430\u043a\u043e\u043c \u043f\u043e\u0440\u044f\u0434\u043a\u0435.\n\n\u041e\u043d\u0430 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 Windows 10 \u0432\u0435\u0440\u0441\u0438\u0438 1507 (\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430  \u0437\u0430\u0432\u0435\u0440\u0448\u0438\u043b\u0430\u0441\u044c \u0432 2017 \u0433\u043e\u0434\u0443) \u0430 \u0442\u0430\u043a\u0436\u0435 \u0440\u0435\u0434\u0430\u043a\u0446\u0438\u0438 Windows 10 Enterprise 2015 LTSB \u0438 Windows 10 IoT Enterprise 2015 LTSB (\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0432\u0441\u0435 \u0435\u0449\u0435 \u043d\u0430\u0445\u043e\u0434\u044f\u0442\u0441\u044f \u043d\u0430 \u0441\u0442\u0430\u0434\u0438\u0438 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0438).\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u0430 \u0442\u0435\u043c, \u0447\u0442\u043e \u043e\u043d\u0430 \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u043a \u043e\u0442\u043a\u0430\u0442\u0443 \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u043e\u0432, \u0442\u0430\u043a\u0438\u0445 \u043a\u0430\u043a Active Directory Lightweight Directory Services, XPS Viewer, Internet Explorer 11, LPD Print Service, IIS \u0438 Windows Media Player, \u043a \u0438\u0445 \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u0432\u0435\u0440\u0441\u0438\u044f\u043c RTM.\n\n\u042d\u0442\u043e \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u043a \u043f\u043e\u0432\u0442\u043e\u0440\u043d\u043e\u043c\u0443 \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044e \u0432 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0443 \u0432\u0441\u0435\u0445 \u043f\u0440\u0435\u0434\u044b\u0434\u0443\u0449\u0438\u0445 CVE, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0437\u0430\u0442\u0435\u043c \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u044b \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438.\n\n\u0411\u043e\u043b\u0435\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u0445 \u0438 \u043f\u043e\u043b\u043d\u044b\u0439 \u0441\u043f\u0438\u0441\u043e\u043a \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b\u0445 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u043e\u0432 - \u0437\u0434\u0435\u0441\u044c.", "creation_timestamp": "2024-09-11T11:21:46.000000Z"}, {"uuid": "ab4c908b-4c31-44b6-857e-73538194f84d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38014", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/11158", "content": "#tools\n#Blue_Team_Techniques\n1. msiscan - scanning tool for identifying LPE issues in vulnerable MSI installers (CVE-2024-38014)\nhttps://github.com/sec-consult/msiscan\n2. SmugglShild - Basic protection against HTML smuggling attempts\nhttps://github.com/RootUp/SmuggleSheild", "creation_timestamp": "2024-09-19T12:38:48.000000Z"}, {"uuid": "58da2536-10b4-4f79-aca0-c3e50843eba5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38014", "type": "seen", "source": "https://t.me/InfoSecInsider/302", "content": "Tools - Hackers Factory \n\nWrite-up of a malware analysis of an #opendir python code.\n\nOpen Dir -> Obfuscated Python -> DONUT Launcher -> XWorm\n\nhttps://github.com/lasq88/MalwareAnalysis/blob/main/writeups/xworm/xworm.md\n\nWhatsApp-extension-manipulation-PoC\n\nhttps://github.com/0x6rss/WhatsApp-extension-manipulation-PoC/blob/main/wp.py\n\nThe simulation includes written tools, C2 servers, backdoors, exploitation techniques, stagers, bootloaders, and many other tools.\n\nHttps://github.com/S3N4T0R-0X0/APT-Attack-Simulation\n\nIvanti EPM AgentPortal RCE Vulnerability\n https://github.com/horizon3ai/CVE-2024-29847\n\nCVE-2024-29847: Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.\n\nhttps://github.com/horizon3ai/CVE-2024-29847\n\nCVE-2024-38014: Windows Installer Elevation of Privilege Vulnerability.\n\nhttps://github.com/sec-consult/msiscan?tab=readme-ov-file\n\nCVE-2024-30051: Windows DWM Core Library Elevation of Privilege Vulnerability.\n\nhttps://github.com/fortra/CVE-2024-30051?tab=readme-ov-file\n\nDecrypt GlobalProtect configuration and cookie files.\n https://github.com/rotarydrone/GlobalUnProtect\n\nSniffnet\n\nApplication to comfortably monitor your Internet traffic\n\nhttps://github.com/GyulyVGC/sniffnet\n\nParse FFUF results in GUI with option to sort based on response code, size, keyword\n\nhttps://github.com/VikzSharma/ffufwebparser\n\n#CyberDilara \nhttps://t.me/CyberDilara", "creation_timestamp": "2024-10-16T08:01:25.000000Z"}, {"uuid": "04df7d85-50ee-4b94-a6b0-8c74b31b9eaa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38014", "type": "seen", "source": "https://t.me/InfoSecInsider/266", "content": "\u26a1\ufe0f4 CVE exploited in the wild, on Microsoft's Patch      \n\nCVE-2024-43491 - 9.8 - Microsoft Windows Update Remote Code Execution Vulnerability\n    CVE-2024-38014 - 7.8 - Windows Installer Elevation of Privilege Vulnerability\n    CVE-2024-38226 - 7.3 - Microsoft Publisher Security Feature Bypass Vulnerability\n    CVE-2024-38217 - 5.4 - Windows Mark of the Web Security Feature Bypass Vulnerability\n\n#CyberBulletin", "creation_timestamp": "2024-09-11T15:26:53.000000Z"}, {"uuid": "8b414989-1fca-414f-b2a7-e4632238fa1e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38014", "type": "published-proof-of-concept", "source": "https://t.me/Rootsec_2/4474", "content": "#tools\n#Blue_Team_Techniques\n1. msiscan - scanning tool for identifying LPE issues in vulnerable MSI installers (CVE-2024-38014)\nhttps://github.com/sec-consult/msiscan\n2. SmugglShild - Basic protection against HTML smuggling attempts\nhttps://github.com/RootUp/SmuggleSheild", "creation_timestamp": "2024-09-19T15:13:51.000000Z"}]}