CVE-2020-0674
published 2020-02-11CVE-2020-0674: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory…
PriorityP185high7.5CVSS 3.1
AVNACHPRNUIRSUCHIHAH
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2022-05-03
Exploited in the wild
EPSS
86.86%
99.7th percentile
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767.
Affected
29 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | chakracore | < 1.11.16 | 1.11.16 |
| microsoft | chakracore | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | microsoft_edge_on_windows_10_for_32-bit_systems | — | — |
| microsoft | microsoft_edge_on_windows_10_for_x64-based_systems | — | — |
| microsoft | microsoft_edge_on_windows_10_version_1607_for_32-bit_systems | — | — |
| microsoft | microsoft_edge_on_windows_10_version_1607_for_x64-based_systems | — | — |
| microsoft | microsoft_edge_on_windows_10_version_1709_for_32-bit_systems | — | — |
| microsoft | microsoft_edge_on_windows_10_version_1709_for_arm64-based_systems | — | — |
| microsoft | microsoft_edge_on_windows_10_version_1709_for_x64-based_systems | — | — |
| microsoft | microsoft_edge_on_windows_10_version_1803_for_32-bit_systems | — | — |
| microsoft | microsoft_edge_on_windows_10_version_1803_for_arm64-based_systems | — | — |
| microsoft | microsoft_edge_on_windows_10_version_1803_for_x64-based_systems | — | — |
| microsoft | microsoft_edge_on_windows_10_version_1809_for_32-bit_systems | — | — |
| microsoft | microsoft_edge_on_windows_10_version_1809_for_arm64-based_systems | — | — |
| microsoft | microsoft_edge_on_windows_10_version_1809_for_x64-based_systems | — | — |
| microsoft | microsoft_edge_on_windows_10_version_1903_for_32-bit_systems | — | — |
| microsoft | microsoft_edge_on_windows_10_version_1903_for_arm64-based_systems | — | — |
| microsoft | microsoft_edge_on_windows_10_version_1903_for_x64-based_systems | — | — |
| microsoft | microsoft_edge_on_windows_10_version_1909_for_32-bit_systems | — | — |
| microsoft | microsoft_edge_on_windows_10_version_1909_for_arm64-based_systems | — | — |
| microsoft | microsoft_edge_on_windows_10_version_1909_for_x64-based_systems | — | — |
| microsoft | microsoft_edge_on_windows_server_2016 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2020-0674 is exploited via a maliciously crafted website visited through Internet Explorer; monitor for IE process spawning unexpected child processes or network connections following web browsing activity. ↗
- →Delivery vectors include phishing emails with embedded links, compromised legitimate websites/forums, or malicious Office documents, PDFs, or HTML files that execute scripts on open — monitor for IE launching from these file types. ↗
- →CVE-2020-0674 was exploited as part of Operation Earth Kitsune watering hole campaign alongside CVE-2019-5782 and CVE-2019-1458 to drop agfSpy backdoor; correlate with agfSpy/dneSpy indicators in that campaign. ↗
- →CVE-2020-0674 was associated with exploit kits, ransomware, phishing attacks, and RATs in 2020; treat detections of this CVE in web traffic as high-priority weaponized exploitation. ↗
- →The vulnerability resides in Internet Explorer's legacy JavaScript engine (JScript.dll); restrict or monitor access to JScript.dll as a mitigation/detection control. ↗
- →Microsoft's out-of-band advisory ADV200001 was the initial disclosure vehicle; use this advisory reference to track vendor guidance and patch status. ↗
- ·The Internet Explorer Enhanced Security Configuration (enabled by default on Windows Server editions) reduces but does not fully prevent exploitation; do not rely on it as a complete control. ↗
- ·Exploitation grants only the privileges of the current user; impact is highest when the victim is running as an administrator. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.07.6HIGHAV:N/AC:H/Au:N/C:C/I:C/A:C
ghsa7.5HIGH
osv7.5HIGH
vulncheck7.8HIGH
cisa7.5HIGH
vendor_msrc6.4MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
ChakraCore RCE Vulnerability
osv·2022-05-24·CVSS 7.5
CVE-2020-0711 [HIGH] ChakraCore RCE Vulnerability
ChakraCore RCE Vulnerability
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0674, CVE-2020-0710, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767.
GHSA
ChakraCore RCE Vulnerability
ghsa·2022-05-24·CVSS 7.5
CVE-2020-0713 [HIGH] CWE-119 ChakraCore RCE Vulnerability
ChakraCore RCE Vulnerability
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0674, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0767.
GHSA
ChakraCore RCE Vulnerability
ghsa·2022-05-24·CVSS 7.5
CVE-2020-0712 [HIGH] CWE-119 ChakraCore RCE Vulnerability
ChakraCore RCE Vulnerability
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0674, CVE-2020-0710, CVE-2020-0711, CVE-2020-0713, CVE-2020-0767.
OSV
ChakraCore RCE Vulnerability
osv·2022-05-24·CVSS 7.5
CVE-2020-0713 [HIGH] ChakraCore RCE Vulnerability
ChakraCore RCE Vulnerability
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0674, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0767.
OSV
ChakraCore RCE Vulnerability
osv·2022-05-24·CVSS 7.5
CVE-2020-0710 [HIGH] ChakraCore RCE Vulnerability
ChakraCore RCE Vulnerability
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0674, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767.
GHSA
GHSA-jrwq-v3xx-j8gc: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engin
ghsa_unreviewed·2022-05-24·CVSS 7.5
CVE-2020-0673 [HIGH] CWE-119 GHSA-jrwq-v3xx-j8gc: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engin
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0674, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767.
GHSA
ChakraCore RCE Vulnerability
ghsa·2022-05-24·CVSS 7.5
CVE-2020-0710 [HIGH] CWE-119 ChakraCore RCE Vulnerability
ChakraCore RCE Vulnerability
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0674, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767.
OSV
ChakraCore RCE Vulnerability
osv·2022-05-24·CVSS 7.5
CVE-2020-0712 [HIGH] ChakraCore RCE Vulnerability
ChakraCore RCE Vulnerability
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0674, CVE-2020-0710, CVE-2020-0711, CVE-2020-0713, CVE-2020-0767.
GHSA
GHSA-35jh-2r79-5r66: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engin
ghsa_unreviewed·2022-05-24·CVSS 7.5
CVE-2020-0674 [HIGH] CWE-119 GHSA-35jh-2r79-5r66: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engin
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767.
GHSA
ChakraCore RCE Vulnerability
ghsa·2022-05-24·CVSS 7.5
CVE-2020-0767 [HIGH] CWE-119 ChakraCore RCE Vulnerability
ChakraCore RCE Vulnerability
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0674, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713.
GHSA
ChakraCore RCE Vulnerability
ghsa·2022-05-24·CVSS 7.5
CVE-2020-0711 [HIGH] CWE-119 ChakraCore RCE Vulnerability
ChakraCore RCE Vulnerability
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0674, CVE-2020-0710, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767.
OSV
ChakraCore RCE Vulnerability
osv·2022-05-24·CVSS 7.5
CVE-2020-0767 [HIGH] ChakraCore RCE Vulnerability
ChakraCore RCE Vulnerability
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0674, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713.
Project0
Déjà vu-lnerability - Project Zero
project_zero·2021-02-01
CVE-2014-9665 Déjà vu-lnerability - Project Zero
A Year in Review of 0-days Exploited In-The-Wild in 2020
Posted by Maddie Stone, Project Zero
2020 was a year full of 0-day exploits. Many of the Internet’s most popular browsers had their moment in the spotlight. Memory corruption is still the name of the game and how the vast majority of detected 0-days are getting in. While we tried new methods of 0-day detection with modest success, 2020 showed us that there is still a long way to go in detecting these 0-day exploits in-the-wild. But what may be the most notable fact is that 25% of the 0-days detected in 2020 are closely related to previously publicly disclosed vulnerabilities. In other words, 1 out of every 4 detected 0-day exploits could potentially have been avoided if a more thorough investigation and patching effort were explor
Project0
Detection Deficit: A Year in Review of 0-days Used In-The-Wild in 2019 - Project Zero
project_zero·2020-07-01
CVE-2016-5195 Detection Deficit: A Year in Review of 0-days Used In-The-Wild in 2019 - Project Zero
Posted by Maddie Stone, Project Zero
In May 2019, Project Zero released our tracking spreadsheet for 0-days used “in the wild” and we started a more focused effort on analyzing and learning from these exploits. This is another way Project Zero is trying to make zero-day hard. This blog post synthesizes many of our efforts and what we’ve seen over the last year. We provide a review of what we can learn from 0-day exploits detected as used in the wild in 2019. In conjunction with this blog post, we are also publishing another blog post today about our root cause analysis work that informed the conclusions in this Year in Review. We are also releasing 8 root cause analyses that we have done for in-the-wild 0-days from 2019.
When I had the idea for this “Year in Review” blog post, I immedi
VulnCheck
Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
vulncheck·2020·CVSS 7.5
CVE-2020-0674 [HIGH] CWE-416 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
Microsoft Internet Explorer contains a memory corruption vulnerability due to the way the Scripting Engine handles objects in memory. Successful exploitation could allow remote code execution in the context of the current user.
Affected: Microsoft Internet Explorer
Required Action: Apply updates per vendor instructions.
Exploitation References: https://api.msrc.microsoft.com/cvrf/v3.0/cvrf/2020-Feb; https://blogs.360.cn/post/apt-c-06_0day.html; https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://www.proofpoint.com/us/blog/threat-insight/purple-fox-ek-adds-exploits-cve-2020-0674-and-cve-2019-1458-its-arsenal; https://www.sentinelone.com/labs/purple-fox-ek-new-cves-s
VulnCheck
Microsoft Win32k Privilege Escalation Vulnerability
vulncheck·2019·CVSS 7.8
CVE-2019-1458 [HIGH] Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Win32k Privilege Escalation Vulnerability
A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k EoP.
Affected: Microsoft Win32k
Required Action: Apply updates per vendor instructions.
Known Ransomware Campaign Use: Known
Exploitation References: https://api.msrc.microsoft.com/cvrf/v3.0/cvrf/2019-Dec; https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://securelist.com/windows-0-day-exploit-cve-2019-1458-used-in-operation-wizardopium/95432/; https://news.sophos.com/en-us/2020/05/27/netwalker-ransomware-tools-give-insight-into-threat-actor/; https://www.proofpoint.com/us/blog/threat-insight/purple-fox-ek-adds-exploits-cve-2020-0674-and-cve-2019-1458-it
Project0
Project Zero RCA: CVE-2020-0674: Internet Explorer use-after-free in JScript
project_zero·CVSS 7.5
CVE-2020-0674 [HIGH] Project Zero RCA: CVE-2020-0674: Internet Explorer use-after-free in JScript
# CVE-2020-0674: Internet Explorer use-after-free in JScript
*Maddie Stone, Project Zero (Originally posted on [Project Zero blog](https://googleprojectzero.blogspot.com/p/rca.html) 2020-08-05)*
## The Basics
**Disclosure or Patch Date:** 11 February 2020
**Product:** Microsoft Internet Explorer
**Advisory:** https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0674
**Affected Versions:** For Windows 10 1903/1909, [KB4528760](https://support.microsoft.com/en-us/help/4528760) and previous
**First Patched Version:** For Windows 10 1903/1909, [KB4532693](https://support.microsoft.com/en-us/help/4532693/windows-10-update-kb4532693)
**Issue/Bug Report:** N/A
**Patch CL:** N/A
**Bug-Introducing CL:** N/A
**Reporter(s):** Yi Huang([@C0rk1_H](https://twitter.com/C0
Project0
Project Zero RCA: CVE-2020-1380: Internet Explorer JScript9 Use-after-Free
project_zero·CVSS 7.8
CVE-2020-1380 [HIGH] Project Zero RCA: CVE-2020-1380: Internet Explorer JScript9 Use-after-Free
# CVE-2020-1380: Internet Explorer JScript9 Use-after-Free
*Maddie Stone & Samuel Groß, Project Zero (Originally posted on [Project Zero blog](https://googleprojectzero.blogspot.com/p/rca.html) 2020-08-24)*
## The Basics
**Disclosure or Patch Date:** 11 August 2020
**Product:** Microsoft Internet Explorer
**Advisory:** https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1380
**Affected Versions:** For Windows 10 2004, [KB4565503](https://support.microsoft.com/en-us/help/4565503/windows-10-update-kb4565503) and previous
**First Patched Version:** For Windows 10 2004, [KB4566782](https://support.microsoft.com/en-us/help/4566782/windows-10-update-kb4566782)
**Issue/Bug Report:** N/A
**Patch CL:** N/A
**Bug-Introducing CL:** N/A
**Reporter(s):** Boris Larin (
Project0
Project Zero RCA: CVE-2019-1367: Internet Explorer JScript use-after-free
project_zero·CVSS 7.5
CVE-2019-1367 [HIGH] Project Zero RCA: CVE-2019-1367: Internet Explorer JScript use-after-free
# CVE-2019-1367: Internet Explorer JScript use-after-free
*Maddie Stone & Ivan Fratric, Project Zero & Clément Lecigne, Google's Threat Analysis Group (Originally posted on [Project Zero blog](https://googleprojectzero.blogspot.com/p/rca.html) 2020-07-27)*
## The Basics
**Disclosure or Patch Date:** 23 September 2019
**Product:** Microsoft Internet Explorer
**Advisory:** https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1367
**Affected Versions:** For Windows 10 1903, [KB4515384](https://support.microsoft.com/en-us/help/4515384) and previous
**First Patched Version:** For Windows 10 1903, [KB4524147](https://support.microsoft.com/en-us/help/4524147/windows-10-update-kb4524147)
**Issue/Bug Report:** N/A
**Patch CL:** N/A
**Bug-Introducing CL:** N/A
**Repo
Project0
Project Zero RCA: CVE-2019-17026: Firefox Type Confusion in IonMonkey
project_zero·CVSS 8.8
CVE-2019-17026 [HIGH] Project Zero RCA: CVE-2019-17026: Firefox Type Confusion in IonMonkey
# CVE-2019-17026: Firefox Type Confusion in IonMonkey
*Samuel Groß, Project Zero (Originally posted on [Project Zero blog](https://googleprojectzero.blogspot.com/p/rca.html) 2020-08-05)*
## The Basics
**Disclosure or Patch Date:** 8 January 2020
**Product:** Mozilla Firefox
**Advisory:** https://www.mozilla.org/en-US/security/advisories/mfsa2020-03/
**Affected Versions:**
**First Patched Version:** Firefox 72.0.1 and Firefox ESR 68.4.1
**Issue/Bug Report:** https://bugzilla.mozilla.org/show_bug.cgi?id=1607443
**Patch CL:** https://hg.mozilla.org/mozilla-central/rev/d6e40de88f3defdc12ef27e64ca73e120b1f10e2
**Bug-Introducing CL:**
* Adding StoreElementHole: https://hg.mozilla.org/mozilla-central/rev/550a780f73aeb23ea958cab93de141376aa12f3a
* Adding FallibleStoreElement: https://hg.
CISA
Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
cisa·2021-11-03·CVSS 7.5
CVE-2020-0674 [HIGH] CWE-416 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
Vulnerability: Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
Affected: Microsoft Internet Explorer
Microsoft Internet Explorer contains a memory corruption vulnerability due to the way the Scripting Engine handles objects in memory. Successful exploitation could allow remote code execution in the context of the current user.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2020-0674
Remediation Due Date: 2022-05-03
Microsoft
Scripting Engine Memory Corruption Vulnerability
vendor_msrc·2020-02-11·CVSS 6.4
CVE-2020-0674 [HIGH] Scripting Engine Memory Corruption Vulnerability
Scripting Engine Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
In a web-based attack scenario, an attacker could host a specially crafted websi
No detection rules found.
Exploit-DB
Microsoft Internet Explorer 11 and WPAD service 'Jscript.dll' - Use-After-Free
exploitdb·2021-05-13·CVSS 7.5
CVE-2020-0674 [HIGH] Microsoft Internet Explorer 11 and WPAD service 'Jscript.dll' - Use-After-Free
Microsoft Internet Explorer 11 and WPAD service 'Jscript.dll' - Use-After-Free
---
# Exploit Title: Microsoft Internet Explorer 8/11 and WPAD service 'Jscript.dll' - Use-After-Free
# Date: 2021-05-04
# Exploit Author: deadlock (Forrest Orr)
# Vendor Homepage: https://www.microsoft.com/
# Software Link: https://www.microsoft.com/en-gb/download/internet-explorer.aspx
# Versions: IE 8-11 (64-bit) as well as the WPAD service (64-bit) on Windows 7 and 8.1 x64
# Tested on: Windows 7 x64, Windows 8.1 x64
# CVE: CVE-2020-0674
# Bypasses: DEP, ASLR, CFG
# Original (IE-only/Windows 7-only) exploit credits: maxpl0it
# Full explain chain writeup: https://github.com/forrest-orr/DoubleStar
/*
________ ___. .__ _________ __
\______ \ ____ __ __\_ |__ | | ____ / _____/_/ |_ _____ _______
| | \ / _ \ |
Exploit-DB
Firefox 72 IonMonkey - JIT Type Confusion
exploitdb·2021-05-13·CVSS 8.8
CVE-2019-17026 [HIGH] Firefox 72 IonMonkey - JIT Type Confusion
Firefox 72 IonMonkey - JIT Type Confusion
---
# Exploit Title: Firefox 72 IonMonkey - JIT Type Confusion
# Date: 2021-05-10
# Exploit Author: deadlock (Forrest Orr)
# Vendor Homepage: https://www.mozilla.org/en-US/
# Software Link: https://www.mozilla.org/en-US/firefox/new/
# Versions: Firefox )| | /| \_\ \| |__\ ___/ / \ | | / __ \_| | \/
/_______ / \____/ |____/ |___ /|____/ \___ > /_______ / |__| (____ /|__|
\/ \/ \/ \/ \/
Windows 8.1 IE/Firefox RCE -> Sandbox Escape -> SYSTEM EoP Exploit Chain
| Remote PAC |
|____________|
^
| HTTPS
_______________ RPC/ALPC _______________ RPC/ALPC _______________
| firefox.exe | ----------> | svchost.exe | -----------> | spoolsv.exe |
|_____________| |_____________| | Egg hunter | ------------> | WPAD sandbox escape |
|_____________| | shellcode |
Exploit-DB
Microsoft Internet Explorer 11 32-bit - Use-After-Free
exploitdb·2021-02-08·CVSS 7.5
CVE-2020-0674 [HIGH] Microsoft Internet Explorer 11 32-bit - Use-After-Free
Microsoft Internet Explorer 11 32-bit - Use-After-Free
---
# Exploit Title: Microsoft Internet Explorer 11 32-bit - Use-After-Free
# Date: 2021-02-05
# Exploit Author: deadlock (Forrest Orr)
# Vendor Homepage: https://www.microsoft.com/
# Software Link: https://www.microsoft.com/en-gb/download/internet-explorer.aspx
# Version: IE 8, 9, 10, and 11
# Tested on: Windows 7 x64 and Windows 7 x86
# CVE: CVE-2020-0674
# Bypasses: DEP, ASLR, EMET 5.5 (EAF, EAF+, stack pivot protection, SimExec, CallerCheck)
# Original (64-bit) exploit credits: maxpl0it
/*
___ _ _ ___ ___ __ ___ __ __ ___ ___ _ _
/ _/| \ / || __|(_ / (_ / \ __ / \ / __|_ | || |
| \__`\ V /'| _|__/ / // / / // |__| // | ,_ \/ /`._ _|
\__/ \_/ |___||___\__/___\__/ \__/ \___/_/ |_|
Overview
This is a 32-bit re-creation of CVE-2
Exploit-DB
Microsoft Internet Explorer 11 - Use-After-Free
exploitdb·2020-11-17·CVSS 7.5
CVE-2020-0674 [HIGH] Microsoft Internet Explorer 11 - Use-After-Free
Microsoft Internet Explorer 11 - Use-After-Free
---
# Exploit Title: Microsoft Internet Explorer 11 - Use-After-Free
# Date: 2020-05-07
# Exploit Author: maxpl0it
# Vendor Homepage: https://www.microsoft.com/
# Software Link: https://www.microsoft.com/en-gb/download/internet-explorer.aspx
# Version: IE 8, 9, 10, and 11
# Tested on: Windows 7 (x64)
# CVE : CVE-2020-0674
// -------------------------------------------------------------------------------------------------
//
// Credits:
// maxpl0it (@maxpl0it) - Writing the exploit
// Qihoo 360 - Identifying the vulnerability in the wild
//
//
// Vulnerability: Use-After-Free when Array.sort() is called with a comparator function. The two
// arguments are untracked by the garbage collector.
//
// Exploit Description: This exploit was wr
Qualys
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR | Qualys
blogs_qualys·2022-02-23
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR | Qualys
#### Table of Contents
- Situation
- Directive Scope
- CISA Catalog of Known Exploited Vulnerabilities
- Detect CISA Vulnerabilities Using Qualys VMDR
- CISA Exploited RTI
- Detailed Operational Dashboard
- Remediation
- Federal Enterprises and Agencies Can Act Now
- Summary
- Getting Started
CISA released a directive in November 2021, recommending urgent and prioritized remediation of actively exploited vulnerabilities. Both government agencies and corporations should heed this advice. This blog outlines how Qualys Vulnerability Management, Detection & Response can be used by any organization to respond to this directive efficiently and effectively.
## Situation
Last November 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a Binding Operational Directiv
Tenable
Daisy Chaining: How Vulnerabilities Can Be Greater Than the Sum of Their Parts
blogs_tenable·2021-01-21
Daisy Chaining: How Vulnerabilities Can Be Greater Than the Sum of Their Parts
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Trendmicro
Operation Earth Kitsune A Dance of Two New Backdoors
blogs_trendmicro·2020-10-28
Operation Earth Kitsune A Dance of Two New Backdoors
Cyber Threats
# Operation Earth Kitsune: A Dance of Two New Backdoors
We uncovered two new espionage backdoors associated with Operation Earth Kitsune: agfSpy and dneSpy. This post provides details about these malware types, including the relationship between them and their command and control (C&C) servers
By: William Gamazo Sanchez, Aliakbar Zahravi, Elliot Cao, Cedric Pernet, Daniel Lunghi, Jaromir Horejsi, Joseph C Chen, John Zhang
2020/10/28
Read time: ( words)
Save to Folio
We recently published a research paper on Operation Earth Kitsune, a watering hole campaign aiming to steal information by compromising websites. Besides its heavy use of SLUB malware, we also uncovered two new espionage backdoors associated with the campaign: agfSpy and dneSpy, dubbed as such following the
Trendmicro
Operation Earth Kitsune A Dance of Two New Backdoors
blogs_trendmicro·2020-10-28
Operation Earth Kitsune A Dance of Two New Backdoors
Minacce cyber
## Operation Earth Kitsune: A Dance of Two New Backdoors
We uncovered two new espionage backdoors associated with Operation Earth Kitsune: agfSpy and dneSpy. This post provides details about these malware types, including the relationship between them and their command and control (C&C) servers
By: William Gamazo Sanchez, Aliakbar Zahravi, Elliot Cao, Cedric Pernet, Daniel Lunghi, Jaromir Horejsi, Joseph C Chen, John Zhang Oct 28, 2020 Read time: ( words)
Save to Folio
We recently published a research paper on Operation Earth Kitsune , a watering hole campaign aiming to steal information by compromising websites. Besides its heavy use of SLUB malware, we also uncovered two new espionage backdoors associated with the campaign: agfSpy and dneSpy, dubbed as such following t
Trendmicro
Operation Earth Kitsune A Dance of Two New Backdoors
blogs_trendmicro·2020-10-28
Operation Earth Kitsune A Dance of Two New Backdoors
Cyberbedrohungen
## Operation Earth Kitsune: A Dance of Two New Backdoors
We uncovered two new espionage backdoors associated with Operation Earth Kitsune: agfSpy and dneSpy. This post provides details about these malware types, including the relationship between them and their command and control (C&C) servers
By: William Gamazo Sanchez, Aliakbar Zahravi, Elliot Cao, Cedric Pernet, Daniel Lunghi, Jaromir Horejsi, Joseph C Chen, John Zhang Oct 28, 2020 Read time: ( words)
Save to Folio
We recently published a research paper on Operation Earth Kitsune , a watering hole campaign aiming to steal information by compromising websites. Besides its heavy use of SLUB malware, we also uncovered two new espionage backdoors associated with the campaign: agfSpy and dneSpy, dubbed as such followin
Trendmicro
Operation Earth Kitsune A Dance of Two New Backdoors
blogs_trendmicro·2020-10-28
Operation Earth Kitsune A Dance of Two New Backdoors
Cyber Threats
## Operation Earth Kitsune: A Dance of Two New Backdoors
We uncovered two new espionage backdoors associated with Operation Earth Kitsune: agfSpy and dneSpy. This post provides details about these malware types, including the relationship between them and their command and control (C&C) servers
By: William Gamazo Sanchez, Aliakbar Zahravi, Elliot Cao, Cedric Pernet, Daniel Lunghi, Jaromir Horejsi, Joseph C Chen, John Zhang Oct 28, 2020 Read time: ( words)
Save to Folio
We recently published a research paper on Operation Earth Kitsune , a watering hole campaign aiming to steal information by compromising websites. Besides its heavy use of SLUB malware, we also uncovered two new espionage backdoors associated with the campaign: agfSpy and dneSpy, dubbed as such following t
Trendmicro
Operation Earth Kitsune A Dance of Two New Backdoors
blogs_trendmicro·2020-10-28
Operation Earth Kitsune A Dance of Two New Backdoors
Ciberamenazas
## Operation Earth Kitsune: A Dance of Two New Backdoors
We uncovered two new espionage backdoors associated with Operation Earth Kitsune: agfSpy and dneSpy. This post provides details about these malware types, including the relationship between them and their command and control (C&C) servers
By: William Gamazo Sanchez, Aliakbar Zahravi, Elliot Cao, Cedric Pernet, Daniel Lunghi, Jaromir Horejsi, Joseph C Chen, John Zhang Oct 28, 2020 Read time: ( words)
Save to Folio
We recently published a research paper on Operation Earth Kitsune , a watering hole campaign aiming to steal information by compromising websites. Besides its heavy use of SLUB malware, we also uncovered two new espionage backdoors associated with the campaign: agfSpy and dneSpy, dubbed as such following t
Trendmicro
Operation Earth Kitsune A Dance of Two New Backdoors
blogs_trendmicro·2020-10-28
Operation Earth Kitsune A Dance of Two New Backdoors
Cyber Threats
## Operation Earth Kitsune: A Dance of Two New Backdoors
We uncovered two new espionage backdoors associated with Operation Earth Kitsune: agfSpy and dneSpy. This post provides details about these malware types, including the relationship between them and their command and control (C&C) servers
By: William Gamazo Sanchez, Aliakbar Zahravi, Elliot Cao, Cedric Pernet, Daniel Lunghi, Jaromir Horejsi, Joseph C Chen, John Zhang 2020/10/28 Read time: ( words)
Save to Folio
We recently published a research paper on Operation Earth Kitsune , a watering hole campaign aiming to steal information by compromising websites. Besides its heavy use of SLUB malware, we also uncovered two new espionage backdoors associated with the campaign: agfSpy and dneSpy, dubbed as such following the
Sentinelone
Purple Fox EK | New CVEs, Steganography, and Virtualization Added to Attack Flow - SentinelLabs
blogs_sentinelone·2020-10-19·CVSS 7.8
CVE-2020-1054 [HIGH] Purple Fox EK | New CVEs, Steganography, and Virtualization Added to Attack Flow - SentinelLabs
## Executive Summary
- In recent weeks, we have seen a spike in the number of attempts to attack vulnerable versions of Internet Explorer by actors leveraging the Purple Fox exploit kit.
- Our investigations reveal that Purple Fox has iterated to include use of two recent CVEs – CVE-2020-1054 and CVE-2019-0808 – through publicly-available exploit code.
- In addition, we’ve noticed other changes to their attack flow that allow them to better circumvent firewall protections and some detection tools by adopting steganography and obscuring malicious code with code virtualization technologies.
During the last couple of years, Purple Fox has advanced its attack and delivery methods. First observed in September 2018, subsequent researchers noted that in 2019 Purple Fox dropped use of NSIS (Null
Sentinelone
Purple Fox EK | New CVEs, Steganography, and Virtualization Added to Attack Flow
blogs_sentinelone·2020-10-19·CVSS 7.8
CVE-2020-1054 [HIGH] Purple Fox EK | New CVEs, Steganography, and Virtualization Added to Attack Flow
## Purple Fox EK | New CVEs, Steganography, and Virtualization Added to Attack Flow
## Executive Summary
In recent weeks, we have seen a spike in the number of attempts to attack vulnerable versions of Internet Explorer by actors leveraging the Purple Fox exploit kit.
Our investigations reveal that Purple Fox has iterated to include use of two recent CVEs – CVE-2020-1054 and CVE-2019-0808 – through publicly-available exploit code.
In addition, we’ve noticed other changes to their attack flow that allow them to better circumvent firewall protections and some detection tools by adopting steganography and obscuring malicious code with code virtualization technologies.
During the last couple of years, Purple Fox has advanced its attack and delivery methods. First observed in September 201
Securelist
IT threat evolution Q2 2020
blogs_securelist·2020-09-03
IT threat evolution Q2 2020
Table of Contents
Targeted attacks
PhantomLance: hiding in plain sight
Naikon’s Aria
COMpfun authors spoof visa application with HTTP status-based Trojan
Mind the [air] gap
Looking at big threats using code similarity
SixLittleMonkeys
Other malware
Loncom packer: from backdoors to Cobalt Strike
xHelper: the Trojan matryoshka
Spike in RDP brute-force attacks
Gaming during the COVID-19 pandemic
Rovnix bootkit back in business
Web skimming with Google Analytics
The Magnitude Exploit Kit
Authors
David Emm
IT threat evolution Q2 2020. PC statistics
IT threat evolution Q2 2020. Mobile statistics
## Targeted attacks
## PhantomLance: hiding in plain sight
In April, we reported the results of our investigation into a mobile spyware campaign that we call ‘PhantomLance’ . The cam
Securelist
Internet Explorer and Windows zero-day exploits used in Operation PowerFall
blogs_securelist·2020-08-12·CVSS 7.5
[HIGH] Internet Explorer and Windows zero-day exploits used in Operation PowerFall
Authors
- Boris Larin
## Executive summary
In May 2020, Kaspersky technologies prevented an attack on a South Korean company by a malicious script for Internet Explorer. Closer analysis revealed that the attack used a previously unknown full chain that consisted of two zero-day exploits: a remote code execution exploit for Internet Explorer and an elevation of privilege exploit for Windows. Unlike a previous full chain that we discovered, used in Operation WizardOpium, the new full chain targeted the latest builds of Windows 10, and our tests demonstrated reliable exploitation of Internet Explorer 11 and Windows 10 build 18363 x64.
On June 8, 2020, we reported our discoveries to Microsoft, and the company confirmed the vulnerabilities. At the time of our report, the security team at Mi
Securelist
Internet Explorer and Windows zero-day exploits used in Operation PowerFall
blogs_securelist·2020-08-12·CVSS 7.5
[HIGH] Internet Explorer and Windows zero-day exploits used in Operation PowerFall
Authors
Boris Larin
## Executive summary
In May 2020, Kaspersky technologies prevented an attack on a South Korean company by a malicious script for Internet Explorer. Closer analysis revealed that the attack used a previously unknown full chain that consisted of two zero-day exploits: a remote code execution exploit for Internet Explorer and an elevation of privilege exploit for Windows. Unlike a previous full chain that we discovered, used in Operation WizardOpium, the new full chain targeted the latest builds of Windows 10, and our tests demonstrated reliable exploitation of Internet Explorer 11 and Windows 10 build 18363 x64.
On June 8, 2020, we reported our discoveries to Microsoft, and the company confirmed the vulnerabilities. At the time of our report, the security team at Micr
Securelist
Magnitude exploit kit – evolution
blogs_securelist·2020-06-24·CVSS 7.5
[HIGH] Magnitude exploit kit – evolution
Table of Contents
Introduction
Infection vector
Shellcode
Elevation of privilege exploit
Ransomware
Conclusions
Authors
Boris Larin
Exploit kits are not as widespread as they used to be. In the past, they relied on the use of already patched vulnerabilities. Newer and more secure web browsers with automatic updates simply do not allow known vulnerabilities to be exploited. It was very different back in the heyday of Adobe Flash because it’s just a plugin for a web browser, meaning that even if the user has an up-to-date browser, there’s a non-zero chance that Adobe Flash may still be vulnerable to 1-day exploits. Now that Adobe Flash is about to reach its end-of-life date at the end of this year, it is disabled by default in all web browser and has pretty much been replaced with o
Securelist
Magnitude exploit kit – evolution
blogs_securelist·2020-06-24·CVSS 7.5
[HIGH] Magnitude exploit kit – evolution
Table of Contents
- Introduction
- Shellcode
- Elevation of privilege exploit
- Ransomware
- Conclusions
Authors
- Boris Larin
Exploit kits are not as widespread as they used to be. In the past, they relied on the use of already patched vulnerabilities. Newer and more secure web browsers with automatic updates simply do not allow known vulnerabilities to be exploited. It was very different back in the heyday of Adobe Flash because it’s just a plugin for a web browser, meaning that even if the user has an up-to-date browser, there’s a non-zero chance that Adobe Flash may still be vulnerable to 1-day exploits. Now that Adobe Flash is about to reach its end-of-life date at the end of this year, it is disabled by default in all web browser and has pretty much been replaced with open stand
Checkpoint
6th April – Threat Intelligence Bulletin
blogs_checkpoint·2020-04-06·CVSS 8.8
CVE-2019-17026 [HIGH] 6th April – Threat Intelligence Bulletin
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 6th April – Threat Intelligence Bulletin
For the latest discoveries in cyber research for the week of 6th April 2020, please download our Threat Intelligence Bulletin .
Top Attacks and Breaches
A new campaign of the Zeus Sphinx banker is targeting clients of US, Canadian and Australian banks using COVID-19 themed emails. Emails titled “COVID 19 relief” contain password-protected Word documents with malicious macros.
Check Point SandBlast, Anti-Bot and Anti-virus provide protection against this threat (Trojan-B
Tenable
How COVID-19 Response Is Expanding the Cyberattack Surface
blogs_tenable·2020-03-30
How COVID-19 Response Is Expanding the Cyberattack Surface
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Checkpoint
17th February – Threat Intelligence Bulletin
blogs_checkpoint·2020-02-17·CVSS 10.0
CVE-2019-11510 [CRITICAL] 17th February – Threat Intelligence Bulletin
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 17th February – Threat Intelligence Bulletin
For the latest discoveries in cyber research for the week of 17th February 2020, please download our Threat Intelligence Bulletin .
Top Attacks and Breaches
Terrorist organization Hamas has targeted Israeli soldiers using a catfishing attack. Check Point researchers have detailed how the attack took place, in a manner similar to ones used in the past by previous APT-C-23 Hamas operatives have disguised themselves as attractive single women who convinced the soldiers
Trendmicro
Patch Tuesday: Fixes for LNK, RDP, and Trident
blogs_trendmicro·2020-02-12·CVSS 7.5
[HIGH] Patch Tuesday: Fixes for LNK, RDP, and Trident
Exploits & Vulnerabilities
# Patch Tuesday: Fixes for LNK, RDP, and Trident
February Patch Tuesday brings an even wider range of fixes than January. It addresses a total of 99 vulnerabilities — including 12 classified as Critical. Only five of the vulnerabilities were made public before the patches were released.
By: Trend Micro
2020/02/12
Read time: ( words)
Save to Folio
The first Patch Tuesday of 2020 in January brought an unusually long list of patches, but February brings an even wider range of fixes that address a total of 99 vulnerabilities — including 12 classified as Critical, with the remaining 99 deemed Important. Only five of the vulnerabilities were made public before the patches were released; one of these was rated as Critical.
New Critical vulnerabilities of note inc
Tenable
Microsoft’s February 2020 Patch Tuesday Addresses 99 CVEs Including Internet Explorer Zero-Day (CVE-2020-0674)
blogs_tenable·2020-02-11·CVSS 7.5
[HIGH] Microsoft’s February 2020 Patch Tuesday Addresses 99 CVEs Including Internet Explorer Zero-Day (CVE-2020-0674)
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Qualys
February 2020 Patch Tuesday – 99 Vulns, 12 Critical, Patch for IE 0-Day, Exchange Vuln, Adobe Vulns
blogs_qualys·2020-02-11·CVSS 8.8
[HIGH] February 2020 Patch Tuesday – 99 Vulns, 12 Critical, Patch for IE 0-Day, Exchange Vuln, Adobe Vulns
This month’s Microsoft Patch Tuesday addresses 99 vulnerabilities with 12 of them labeled as Critical. Of the 12 Critical vulns, 7 are for browser and scripting engines, 2 are for Remote Desktop Client, and the remaining 3 are for LNK files, Media Foundation, and Windows. The IE 0-day disclosed in January is patched as part of the scripting engine fixes. Microsoft also issued a patch for an RCE in Exchange.
Adobe issued patches today for Experience Manager, Digital Editions, Flash Player, Acrobat/Reader, and Framemaker.
## Workstation Patches
The Scripting Engine, LNK files, and Media Foundation vulns in this release means that patches should be prioritized for workstation-type devices, meaning any system that is used for email or to access the internet via a browser. This includes mult
Qualys
February 2020 Patch Tuesday – 99 Vulns, 12 Critical, Patch for IE 0-Day, Exchange Vuln, Adobe Vulns | Qualys
blogs_qualys·2020-02-11·CVSS 8.8
[HIGH] February 2020 Patch Tuesday – 99 Vulns, 12 Critical, Patch for IE 0-Day, Exchange Vuln, Adobe Vulns | Qualys
This month’s Microsoft Patch Tuesday addresses 99 vulnerabilities with 12 of them labeled as Critical. Of the 12 Critical vulns, 7 are for browser and scripting engines, 2 are for Remote Desktop Client, and the remaining 3 are for LNK files, Media Foundation, and Windows. The IE 0-day disclosed in January is patched as part of the scripting engine fixes. Microsoft also issued a patch for an RCE in Exchange.
Adobe issued patches today for Experience Manager, Digital Editions, Flash Player, Acrobat/Reader, and Framemaker.
### Workstation Patches
The Scripting Engine, LNK files, and Media Foundation vulns in this release means that patches should be prioritized for workstation-type devices, meaning any system that is used for email or to access the internet via a browser. This includes mul
Talos
Microsoft Patch Tuesday — Feb. 2020: Vulnerability disclosures and Snort coverage
blogs_talos·2020-02-11·CVSS 8.8
[HIGH] Microsoft Patch Tuesday — Feb. 2020: Vulnerability disclosures and Snort coverage
By Jon Munshaw.
Microsoft released its monthly security update today, disclosing vulnerabilities across many of its products and releasing corresponding updates. This month's Patch Tuesday covers 98 vulnerabilities, 12 of which are considered critical and 84 that are considered important. There are also two bugs that were not assigned a severity.
This month's patches include updates to the Windows kernel, the Windows scripting engine and Remote Desktop Procol, among other software and features. Microsoft also provided a critical advisory covering updates to Adobe Flash Player.
Talos released a new set of SNORTⓇ rules today that provide coverage for some of these vulnerabilities, which you can see here.
### Critical vulnerabilities Microsoft disclosed 12 critical vulnerabilities this mo
Talos
Microsoft Patch Tuesday — Feb. 2020: Vulnerability disclosures and Snort coverage
blogs_talos·2020-02-11·CVSS 7.5
[HIGH] Microsoft Patch Tuesday — Feb. 2020: Vulnerability disclosures and Snort coverage
## Microsoft Patch Tuesday — Feb. 2020: Vulnerability disclosures and Snort coverage
By Jon Munshaw.
Microsoft released its monthly security update today, disclosing vulnerabilities across many of its products and releasing corresponding updates. This month's Patch Tuesday covers 98 vulnerabilities, 12 of which are considered critical and 84 that are considered important. There are also two bugs that were not assigned a severity.
This month's patches include updates to the Windows kernel, the Windows scripting engine and Remote Desktop Procol, among other software and features. Microsoft also provided a critical advisory covering updates to Adobe Flash Player.
Talos released a new set of SNORTⓇ rules today that provide coverage for some of these vulnerabilities, which you can see here
Krebs
Microsoft Patch Tuesday, February 2020 Edition
blogs_krebs·2020-02-11·CVSS 7.8
[HIGH] Microsoft Patch Tuesday, February 2020 Edition
Microsoft today released updates to plug nearly 100 security holes in various versions of its Windows operating system and related software, including a zero-day vulnerability in Internet Explorer (IE) that is actively being exploited. Also, Adobe has issued a bevy of security updates for its various products, including Flash Player and Adobe Reader/Acrobat.
Last month, Microsoft released an advisory warning that attackers were exploiting a previously unknown flaw in IE. That vulnerability, assigned as CVE-2020-0674, has been patched with this month’s release. It could be used to install malware just by getting a user to browse to a malicious or hacked Web site.
Microsoft once again fixed a critical flaw in the way Windows handles shortcut (.lnk) files (CVE-2020-0729) that affects Window
Krebs
Microsoft Patch Tuesday, February 2020 Edition
blogs_krebs·2020-02-11·CVSS 7.8
[HIGH] Microsoft Patch Tuesday, February 2020 Edition
Microsoft today released updates to plug nearly 100 security holes in various versions of its Windows operating system and related software, including a zero-day vulnerability in Internet Explorer (IE) that is actively being exploited. Also, Adobe has issued a bevy of security updates for its various products, including Flash Player and Adobe Reader/Acrobat .
A dozen of the vulnerabilities Microsoft patched today are rated “critical,” meaning malware or miscreants could exploit them remotely to gain complete control over an affected system with little to no help from the user.
Last month, Microsoft released an advisory warning that attackers were exploiting a previously unknown flaw in IE. That vulnerability, assigned as CVE-2020-0674 , has been patched with this month’s release. It coul
Trendmicro
Trend Micro Creates Factory Honeypot to Trap Attackers
blogs_trendmicro·2020-01-24·CVSS 8.1
[HIGH] Trend Micro Creates Factory Honeypot to Trap Attackers
Exploits & Vulnerabilities
# Trend Micro Creates Factory Honeypot to Trap Attackers
Dive into a research study that explores the risks associated with common cybersecurity vulnerabilities in a factory setting. Also, misconfigured Microsoft cloud databases containing 14 years of customer support logs exposed 250 million records.
By: Jon Clay
2020/01/24
Read time: ( words)
Save to Folio
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, dive into a research study that explores the risks associated with common cybersecurity vulnerabilities in a factory setting. Also, read about how misconfigured Microsoft cloud databases containing 14 years of customer support logs exposed 250 milli
Tenable
CVE-2020-0674: Internet Explorer Remote Code Execution Vulnerability Exploited in the Wild
blogs_tenable·2020-01-20·CVSS 7.5
[HIGH] CVE-2020-0674: Internet Explorer Remote Code Execution Vulnerability Exploited in the Wild
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Trendmicro
Microsoft veröffentlicht Advisory zu Zero-Day-Lücke
blogs_trendmicro·2020-01-20·CVSS 7.5
CVE-2020-0674 [HIGH] Microsoft veröffentlicht Advisory zu Zero-Day-Lücke
Ausnutzung von Schwachstellen
## Microsoft veröffentlicht Advisory zu Zero-Day-Lücke
Vor ein paar Tagen veröffentlichte Microsoft ein Advisory (ADV200001) als Warnung vor CVE-2020-0674. Es geht um eine Remote Code Execution (RCE)-Schwachstelle im Zusammenhang mit dem Internet Explorer (IE). Einen Patch gibt es derzeit noch nicht.
By: Trend Micro Jan 20, 2020 Read time: ( words)
Save to Folio
Originalbeitrag von Trend Micro
Vor ein paar Tagen veröffentlichte Microsoft ein Advisory ( ADV200001 ) als Warnung vor CVE-2020-0674. Es geht um eine Remote Code Execution (RCE)-Schwachstelle im Zusammenhang mit dem Internet Explorer (IE). Einen Patch gibt es derzeit noch nicht, wobei Microsoft zugegebenermaßen um die Angriffe über diese Lücke weiß. Der Fehler betrifft alle Windows Desktop- und
Checkpoint
20th January – Threat Intelligence Bulletin
blogs_checkpoint·2020-01-20
CVE-2020-0601 20th January – Threat Intelligence Bulletin
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 20th January – Threat Intelligence Bulletin
For the latest discoveries in cyber research for the week of 20th January 2020, please download our Threat Intelligence Bulletin .
Top Attacks and Breaches
Hackers have stolen personal information in an attack on the Australian P&N bank. The attack focused on the bank’s CRM system that stored a great deal of sensitive personal and financial information. Australia has also experienced a data breach of a bushfire donation site – Hackers abused the outdated Magneto CMS u
Recorded Future
Top Exploited Vulnerabilities in 2020 Affect Citrix, Microsoft Products
blogs_recorded_future
Top Exploited Vulnerabilities in 2020 Affect Citrix, Microsoft Products
## Top Exploited Vulnerabilities in 2020 Affect Citrix, Microsoft Products
This analysis focuses on ransomware, exploit kit, phishing attack, or remote access trojan co-occurrences with vulnerabilities from January 1 to December 31, 2020. We analyzed thousands of sources, including code repositories, underground forum postings, and dark web sites. This is a follow-up to our 2019 report , and the intended audience includes information security practitioners, especially those supporting vulnerability risk assessments.
## Executive Summary
This report highlights the top, most weaponized vulnerabilities in 2020 based on exploitation across all industries and associations with multiple types of malware. For the first time since this report’s inception in 2015, no vulnerabilities in Adobe pro
Zscaler
Zscaler protects against 3 new vulnerabilities for Microsoft Windows and Internet Explorer | Zscaler
blogs_zscaler·CVSS 8.1
[HIGH] Zscaler protects against 3 new vulnerabilities for Microsoft Windows and Internet Explorer | Zscaler
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
Recorded Future
Top Exploited Vulnerabilities in 2020 Affect Citrix, Microsoft Products
blogs_recorded_future
Top Exploited Vulnerabilities in 2020 Affect Citrix, Microsoft Products
# Top Exploited Vulnerabilities in 2020 Affect Citrix, Microsoft Products
Editor’s Note*: The following post is an excerpt of a full report. To read the entire analysis,*
to download the report as a PDF.
This analysis focuses on ransomware, exploit kit, phishing attack, or remote access trojan co-occurrences with vulnerabilities from January 1 to December 31, 2020. We analyzed thousands of sources, including code repositories, underground forum postings, and dark web sites. This is a follow-up to our 2019 report, and the intended audience includes information security practitioners, especially those supporting vulnerability risk assessments.
### Executive Summary
This report highlights the top, most weaponized vulnerabilities in 2020 based on exploitation across all industries and as
Threat Intel
Sidewinder (Sidewinder, T-APT-04, Rattlesnake)
threat_intel·CVSS 7.8
[HIGH] Sidewinder (Sidewinder, T-APT-04, Rattlesnake)
# Threat Actor Profile: Sidewinder
ATT&CK ID: G0121
Also known as: Sidewinder, T-APT-04, Rattlesnake
Suspected origin: China
## Overview
Sidewinder is a suspected Indian threat actor group that has been active since at least 2012. They have been observed targeting government, military, and business entities throughout Asia, primarily focusing on Pakistan, China, Nepal, and Afghanistan.(Citation: ATT Sidewinder January 2021)(Citation: Securelist APT Trends April 2018)(Citation: Cyble Sidewinder September 2020)
## Techniques (TTPs)
### Reconnaissance
- T1598.003 Spearphishing Link
Usage: Sidewinder has sent e-mails with malicious links to credential harvesting websites.(Citation: ATT Sidewinder January 2021)
- T1598.002 Spearphishing Attachment
Usage: Sidewinder has sent e-mails with mali
Zscaler
Zscaler found New Security Vulnerabilities | 12-02-2020
blogs_zscaler·CVSS 7.5
[HIGH] Zscaler found New Security Vulnerabilities | 12-02-2020
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
arXiv
Adversarial Machine Learning -- Industry Perspectives
arxiv_fulltext·2021-03-19
Adversarial Machine Learning -- Industry Perspectives
Adversarial Machine Learning - Industry Perspectives
Ram Shankar Siva Kumar,
Magnus Nystr\"om,John Lambert, Andrew Marshall, Mario Goertzel,
Andi Comissoneru, Matt Swann and Sharon Xia
Microsoft
Redmond,USA
Email:[email protected]
Ram Shankar Siva Kumar1,
Magnus Nystr\"om2, John Lambert3, Andrew Marshall4, Mario Goertzel5
, Andi Comissoneru6, Matt Swann7 and Sharon Xia8
Microsoft
Redmond,USA
Email: [email protected],
[email protected],
[email protected],
[email protected]
[email protected],
[email protected],
[email protected],
[email protected]
## Abstract
Based on interviews with 28 organizations, we found that industry practitioners are not equipped with tactical and strategic tools to protect, detect and respond to attacks on their Mac
http://packetstormsecurity.com/files/159137/Microsoft-Internet-Explorer-11-Use-After-Free.htmlhttp://packetstormsecurity.com/files/161309/Microsoft-Internet-Explorer-11-Use-After-Free.htmlhttp://packetstormsecurity.com/files/162565/Microsoft-Internet-Explorer-8-11-Use-After-Free.htmlhttps://github.com/maxpl0it/CVE-2020-0674-Exploithttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0674http://packetstormsecurity.com/files/159137/Microsoft-Internet-Explorer-11-Use-After-Free.htmlhttp://packetstormsecurity.com/files/161309/Microsoft-Internet-Explorer-11-Use-After-Free.htmlhttp://packetstormsecurity.com/files/162565/Microsoft-Internet-Explorer-8-11-Use-After-Free.htmlhttps://github.com/maxpl0it/CVE-2020-0674-Exploithttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0674https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-0674
2020-02-11
Published
2021-11-03
Added to CISA KEV
Exploited in the wild