Taking steps that drive resiliency and security for Windows customers

https://blogs.windows.com/windowsexperience/2024/09/12/taking-steps-that-drive-resiliency-and-security-for-windows-customers/?s=09

[PATCH] Fix a bug in ebpf verifier

https://lore.kernel.org/bpf/67451140439fafa1bae3e3b010d2c6b9969696a1.camel@gmail.com/T/#m8adf66625ed09e89983cca14f7e982393cb7ac3d

New vulnerability report from Talos:

Microsoft High Definition Audio Bus Driver HDAudBus_DMA multiple irp complete requests vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2024-2008

In part 2 of his #Exchange series, @chudypb describes the ApprovedApplicationCollection gadget. He also covers a path traversal in the Windows utility extrac32.exe, which allowed him to complete the chain for a full RCE in Exchange and remains unpatched.
https://www.zerodayinitiative.com/blog/2024/9/11/exploiting-exchange-powershell-after-proxynotshell-part-2-approvedapplicationcollection

[RSS] CVR: The Mines of Kakadum

https://bughunters.google.com/blog/6220757425586176/cvr-the-mines-of-kakad-m

Pretty sure I posted the OffensiveCon talk before, but it%27s always nice to have things written up

[RSS] Advisory X41-2024-003: DoS Vulnerability in Chilkat ASN.1 Decoder

https://x41-dsec.de/lab/advisories/x41-2024-003-chilkat-asn1/

[RSS] The case of the string being copied from a mysterious pointer to invalid memory, revisited

https://devblogs.microsoft.com/oldnewthing/20240911-00/?p=110247

[RSS] Avred background: Advances in Reversing Defender Signature Format

https://blog.deeb.ch/posts/avred-update/

[RSS] WordPress.org to require two-factor authentication for plugin developers

https://cyberscoop.com/wordpress-two-factor-authentication-supply-chain/

I just got my hands on @tiraniddo's Windows Security Internals book <3

I ordered it through Blackwell's, that is a UK company but ships @nostarch books to EU too, so you can avoid dealing with customs yourself. Order tracking needs improvement.

https://blackwells.co.uk/bookshop/product/Windows-Security-Internals-by-James-Forshaw/9781718501980

I really try to like Firefox, but the last 5 minutes really captures the kind of papercut that happens often:

- I open a new tab and firefox informs me it has updated itself and needs to restart and won't allow any further operations until it does so.
- Fine, I close and restart.
- I reopen Firefox to find a brand new sponsored weather widget on my otherwise blank new tab page - from a source I would never otherwise visit.

Thanks for breaking my flow and the privacy breach, I guess.

The promised writeup of how I discovered that the Feeld dating app was protecting private data by doing client-side filtering: https://mjg59.dreamwidth.org/70061.html

We've completed a comparative security assessment of authorization policy languages: Cedar, Rego, and the OpenFGA modeling language.
If you are a language designer or a software developer, our AWS-sponsored assessment also provides recommendations for improving policy language design and for securing systems that use policy languages.
https://buff.ly/4cSO63s

Are we not negative enough towards #ai

Australia really looked at GDPR and said “those fines are rookie numbers, mate”.

https://ministers.ag.gov.au/media-centre/parliament-approves-governments-privacy-penalty-bill-28-11-2022

(from https://twitter.com/troyhunt/status/1597841957526568966 )

As @echo_pbreyer reminded us, EU member states have revived their effort to force-install a child pornography scanner on our phones again. This idea was rejected twice before, but they'll keep trying. Here's an English transcript of what I said about this in Dutch parliament last year: https://berthub.eu/articles/posts/client-side-scanning-dutch-parliament/

My SharePoint RCE got fixed: CVE-2024-38018. Site Member privs should be enough to exploit.

I also found a DoS vuln that got patched today: CVE-2024-43466.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38018

Happy #PatchTuesday from Microsoft: 79 new CVEs, 4 NEW EXPLOITED ZERO DAYS:

• CVE-2024-43491 (9.8 critical) Microsoft Windows Update Remote Code Execution Vulnerability (EXPLOITED)
• CVE-2024-38226 (7.3 high) Microsoft Publisher Security Feature Bypass Vulnerability (EXPLOITED)
• CVE-2024-38217 (5.4 medium) Windows Mark of the Web Security Feature Bypass Vulnerability (EXPLOITED and PUBLICLY DISCLOSED)
• CVE-2024-38014 (7.8 high) Windows Installer Elevation of Privilege Vulnerability (EXPLOITED)

EDIT: @BleepingComputer has mentioned that CVE-2024-38217 was marked publicly disclosed. Updated this to reflect it. See related reporting Microsoft September 2024 Patch Tuesday fixes 4 zero-days, 79 flaws

#microsoft #vulnerability #zeroday #eitw #activeexploitation #cve

Measuring non-determinism in the Linux kernel

https://shape-of-code.com/2024/09/08/measuring-non-determinism-in-the-linux-kernel/

Citrix security advisory: Citrix Workspace app for Windows Security Bulletin CVE-2024-7889 and CVE-2024-7890
Happy #PatchTuesday from Citrix.

• CVE-2024-7889 (CVSSv4: 7.0 high) LPE
• CVE-2024-7890 (CVSSv4: 5.4 medium) LPE

Fixed in Citrix Workspace app for Windows 2405 and later versions, Citrix Workspace app for Windows 2402 CU1 LTSR and later versions. No mention of exploitation.

#citrix #vulnerability #cve #citrixworkspace