Home > Uncategorized > Security News #0x85

Security News #0x85

    • There is a new Metasploit module to exploit Adobe Flash player. Currently the module is restricted to only Internet Explorer on Windows 7 running Adobe Flash player The underlying vulnerability is CVE 2015-0138 which is reported to impact Adobe Flash player before and 14.x through 16.x before on Windows and OS X and before on Linux. The post from Project Zero at Google on this issue is well worth reading.
    • There is a new Metasploit module to exploit Adobe Flash player. (Is there an echo here?) This module works on Windows 7 SP1 (32 bits), IE 8 to IE 11 and Flash, and Here the underlying vulnerability is CVE 2015-0311.
    • Older versions of Windows were vulnerable to an attack that exploited how Windows handles shortcut files; there is an existing and a new Metasploit module to attack the problem; the vulnerability is CVE 2010-2568 and was patched in MS 10-046. Mostly. It turns out that the patch does not quite solve the problem, and there are two new Metasploit modules that are able to exploit the issue, even if MS10-046 is installed on Server 2003 SP2, or if MS14-027 is installed on Server 2008 SP2. (Sigh). The underlying vulnerability is now named CVE 2015-0096 and it was patched in MS15-020.
    • If you want to see how Red Team approached the pacific regional CCDC event this past weekend, take a look at the blog from LockBoxx.
    • Would you like to learn more pivoting using SSH and/or Meterpreter? Take a look at the post from Arr0way.
    • If you are a student looking at different ways to maintain persistence on a Windows system, you might want to take a look at the approach of blakhal0, who uses Windows scheduled tasks.
    • RIP Terry Pratchett.

      +++ Divide By Cucumber Error. Please Reinstall Universe And Reboot +++
      — (Terry Pratchett, Hogfather)

Categories: Uncategorized
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: