Windows

Pierluigi Paganini March 03, 2018
Microsoft released Windows Updates that include Intel’s Spectre microcode patches

Microsoft announced this week the release of the microcode updates to address the Spectre vulnerability. Last week Intel released microcode to address the CVE-2017-5715Spectre vulnerability for many of its chips, let’s this time the security updates will not cause further problems. The Spectre attack allows user-mode applications to extract information from other processes running on the same system. It can also […]

Pierluigi Paganini February 14, 2018
Windows Analytics now includes Meltdown and Spectre detector

Good news for administrators of Windows systems, Microsoft has added a Meltdown-and-Spectre detector to its telemetry analysis tool Windows Analytics. Microsoft has added a Meltdown-and-Spectre detector to its telemetry analysis tool Windows Analytics. The Meltdown-and-Spectre detector was available since Tuesday when Microsoft announced the new capabilities implemented in the free Windows Analytics service.  The new capabilities allow […]

Pierluigi Paganini December 07, 2017
Process Doppelgänging Attack allows evading most security software on all Windows Versions

Experts devised a new attack technique dubbed Process Doppelgänging, that could be implemented by vxers to bypass most antivirus solutions. A group of security researchers from Ensilo discovered a new malware evasion technique, dubbed Process Doppelgänging, that could be implemented by vxers to bypass most antivirus solutions and security software. The technique is a fileless code […]

Pierluigi Paganini November 15, 2017
Go to HELL, PowersHELL : Powerdown the PowerShell Attacks

Powerdown the PowerShell Attacks : Harnessing the power of logs to monitor the PowerShell activities Lately, I have been working on analyzing the PowerShell attacks in my clients’ environment. Based on the analysis and research, I have come up with a few indicators that will help to detect the potential PowerShell attacks in your environment […]

Pierluigi Paganini October 28, 2017
Mysterious hack allows attackers stealing Windows login credentials without user interaction

Microsoft fixed a vulnerability that could allow hackers to steal Windows login credentials without any user interaction. Microsoft fixed a serious vulnerability that could allow attackers to steal Windows NTLM password hashes without any user interaction. The tech giant patched the issues only for recent versions Windows (Windows 10 and Server 2016), to trigger the flaw […]

Pierluigi Paganini October 11, 2017
Microsoft addresses CVE-2017-11826 Office Zero-Day used to deliver malware

Microsoft October Patch Tuesday addresses the CVE-2017-11826 Office Zero-Day vulnerability that has been exploited in the wild in targeted attacks. Yesterday we discussed Microsoft’s October Patch Tuesday addressed three critical zero-day security vulnerabilities tied to the DNSSEC protocol. Going deep in the analysis of the Patch Tuesday updates for October 2017 we can see that Microsoft addressed […]

Pierluigi Paganini October 10, 2017
Microsoft’s October Patch Tuesday addresses critical Windows DNS client Zero-Day Flaws tied to DNSSEC

Microsoft’s October Patch Tuesday addresses three critical zero-day security vulnerabilities tied to the DNSSEC protocol. Microsoft’s October Patch Tuesday addresses three critical security vulnerabilities in the Windows DNS client in Windows 8, Windows 10, and Windows Server 2012 and 2016. The vulnerabilities affect the Microsoft’s implementation of one of the data record features used in the secure […]

Pierluigi Paganini September 13, 2017
September Patch Tuesday, patch your Windows now to avoid ugly surprises

Microsoft has just released the September Patch Tuesday, a huge batch of security updates to address 81 vulnerabilities including Blueborne issue. Microsoft has just released the September Patch Tuesday, a huge batch of security updates to address 81 vulnerabilities in almost any supported versions of Windows and other MS products. The batch includes security update to addresses […]

Pierluigi Paganini July 31, 2017
Microsoft won’t patch the 20-year-old SMBv1 SMBloris flaw disclosed at DEF CON conference

Microsoft has announced that the SMBv1 SMBloris bug described at DEF CON won’t be patched because it could be fixed simply blocking incoming connections. Recently security researchers at RiskSense have identified a 20-year-old Windows SMB vulnerability they called SMBloris (a nod to the Slowloris DoS attack.), they presented their findings at the recent DEF CON hacker […]

Pierluigi Paganini July 27, 2017
DEF CON Talk Will Expose The Latest SMB Vulnerability SMBLoris

Security researchers at RiskSense have identified a 20-year-old Windows SMB vulnerability they are calling SMBloris, a DEF CON Talk Will Expose it. Server Message Block (SMB) has been a foundational piece of Microsoft Windows’ networking all the way back to the LAN Manager days, facilitating “shared access to files, printers and serial ports.” It is […]