{"vulnerability": "cve-2022-4112", "sightings": [{"uuid": "67a695de-d2b4-4c90-9259-217ac74f7b33", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41125", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2023-06-14T21:10:04.000000Z"}, {"uuid": "9f3701e5-3b18-4cf8-8f20-ecb9931aea4d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41128", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2023-06-14T21:10:04.000000Z"}, {"uuid": "f1d860c6-23ef-4e9a-871a-69fbb31d9194", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41128", "type": "seen", "source": "http://www.twitter.com/circl_lu/status/1590304391315148800", "content": "", "creation_timestamp": "2024-11-20T14:08:12.457451Z"}, {"uuid": "28b03fcb-3994-4057-91fc-2ff3d45edce3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41128", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971737", "content": "", "creation_timestamp": "2024-12-24T20:33:27.254595Z"}, {"uuid": "29a635a6-ed84-4a47-8546-5dc3da0f21d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41125", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971738", "content": "", "creation_timestamp": "2024-12-24T20:33:28.001415Z"}, {"uuid": "90398f65-d5ed-4e38-903b-41e3c571d0b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41128", "type": "seen", "source": "https://bsky.app/profile/lazarusholic.bsky.social/post/3lhtaukgawf2y", "content": "", "creation_timestamp": "2025-02-10T13:30:09.892378Z"}, {"uuid": "3aa0815e-5bd0-4181-b59c-7bab7e17aa69", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2022-41128", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=913", "content": "", "creation_timestamp": "2022-11-09T04:00:00.000000Z"}, {"uuid": "b1cc4a28-165e-4ac0-bec9-411b8536771f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41128", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:39.000000Z"}, {"uuid": "02dff8d4-89e7-4f76-8566-8326e131cf3d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41125", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:39.000000Z"}, {"uuid": "de47874d-2c26-4791-9076-864abe56efa0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2022-41125", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/f6155ae3-27af-4aa4-a6c0-e8b50f5d61c1", "content": "", "creation_timestamp": "2026-02-02T12:27:09.807940Z"}, {"uuid": "321bda18-3f41-4095-bcd1-730ff99e20ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2022-41125", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=913", "content": "", "creation_timestamp": "2022-11-09T04:00:00.000000Z"}, {"uuid": "aa27fce9-e435-4c5d-a8c1-2cd0c502ace2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2022-41128", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/c23ab43a-aab6-4fb8-b8dd-0d473720c7ad", "content": "", "creation_timestamp": "2026-02-02T12:27:09.931760Z"}, {"uuid": "c7031155-16a7-4bd3-98aa-1ef849abf113", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4112", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12223", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-4112\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The Quizlord WordPress plugin through 2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).\n\ud83d\udccf Published: 2022-12-19T13:41:46.228Z\n\ud83d\udccf Modified: 2025-04-17T13:44:31.787Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/4cbce79d-9b7a-41f5-9c52-08933ea7c28e", "creation_timestamp": "2025-04-17T13:57:51.000000Z"}, {"uuid": "d6425461-96a6-4cd5-9a75-3554c2d3b9ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41125", "type": "published-proof-of-concept", "source": "https://t.me/alexmakus/4847", "content": "\u043d\u043e\u044f\u0431\u0440\u044c\u0441\u043a\u0438\u0439 Patch Tuesday \u0443 Microsoft. 68 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u0432\u043a\u043b\u044e\u0447\u0430\u044f 4 zero day\n\n-CVE-2022-41128, JScript9 RCE, via Google TAG\n-CVE-2022-41091, MOTW bypass\n-CVE-2022-41073, Print spooler EoP, via MSTIC\n-CVE-2022-41125, CNG EoP\n\nhttps://rawcdn.githack.com/campuscodi/Microsoft-Patch-Tuesday-Security-Reports/1a976afcf461b6f104d40601305e4c9773175f57/Reports/MSRC_CVEs2022-Nov.html", "creation_timestamp": "2022-11-08T20:27:53.000000Z"}, {"uuid": "1211ebfc-9d41-41e9-a6aa-4e7df8bc8949", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41128", "type": "published-proof-of-concept", "source": "https://t.me/ptescalator/59", "content": "\ud83d\udd26  \u041a\u0430\u043a \u043c\u044b \u043d\u0430\u0448\u043b\u0438 ITW-\u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u0434\u043b\u044f CVE-2024-38178\n\n\u0412 \u0440\u0430\u043c\u043a\u0430\u0445 \u0435\u0436\u0435\u043c\u0435\u0441\u044f\u0447\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0441\u043c\u043e\u0442\u0440\u0430 \u0441\u0432\u0435\u0436\u0435\u0437\u0430\u043f\u0430\u0442\u0447\u0435\u043d\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043c\u044b \u0432 \u043a\u043e\u043c\u0430\u043d\u0434\u0435 ESC-VR \u043e\u0431\u0440\u0430\u0449\u0430\u0435\u043c \u043f\u0440\u0438\u0441\u0442\u0430\u043b\u044c\u043d\u043e\u0435 \u0432\u043d\u0438\u043c\u0430\u043d\u0438\u0435 \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043f\u043e\u043c\u0435\u0447\u0435\u043d\u043d\u044b\u0435 \u043a\u0430\u043a \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u044b\u0435 \u0432 \u0434\u0438\u043a\u043e\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435. \u0422\u0430\u043a\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0441\u0442\u0430\u043d\u043e\u0432\u044f\u0442\u0441\u044f \u043d\u0430\u0448\u0435\u0439 \u0433\u043b\u0430\u0432\u043d\u043e\u0439 \u0446\u0435\u043b\u044c\u044e, \u043e\u0441\u043e\u0431\u0435\u043d\u043d\u043e \u0435\u0441\u043b\u0438 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u0435\u0442 \u043a\u0430\u043a\u0430\u044f \u0431\u044b \u0442\u043e \u043d\u0438 \u0431\u044b\u043b\u043e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u044b\u0445 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430\u0445. \n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2024-38178 \u2014 \u044d\u0442\u043e \u043f\u043e\u0432\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u0435 \u043f\u0430\u043c\u044f\u0442\u0438 \u0442\u0438\u043f\u0430 Type Confusion (CWE-843). \u0413\u043e\u0432\u043e\u0440\u044f \u043f\u043e-\u043f\u0440\u043e\u0441\u0442\u043e\u043c\u0443: \u0441\u0438\u0442\u0443\u0430\u0446\u0438\u044f, \u043a\u043e\u0433\u0434\u0430 \u043e\u0431\u043b\u0430\u0441\u0442\u044c \u043f\u0430\u043c\u044f\u0442\u0438, \u0437\u0430\u043d\u0438\u043c\u0430\u0435\u043c\u0430\u044f \u043e\u0431\u044a\u0435\u043a\u0442\u043e\u043c \u0442\u0438\u043f\u0430 A, \u0438\u043d\u0442\u0435\u0440\u043f\u0440\u0435\u0442\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u043a\u043e\u0434\u043e\u043c \u043a\u0430\u043a \u043e\u0431\u044a\u0435\u043a\u0442 \u0442\u0438\u043f\u0430 B.\n\n\u041f\u0440\u043e\u0430\u043d\u0430\u043b\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u0432 \u043f\u0430\u0442\u0447, \u043c\u044b \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438, \u0447\u0442\u043e \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f \u0441\u0434\u0435\u043b\u0430\u043d\u044b \u0432 \u0444\u0443\u043d\u043a\u0446\u0438\u0438, \u043e\u0442\u0432\u0435\u0447\u0430\u044e\u0449\u0435\u0439 \u0437\u0430 \u043e\u043f\u0442\u0438\u043c\u0438\u0437\u0430\u0446\u0438\u044e \u0440\u0430\u0431\u043e\u0442\u044b \u0441 \u043c\u0430\u0441\u0441\u0438\u0432\u0430\u043c\u0438, \u0432 \u0447\u0430\u0441\u0442\u043d\u043e\u0441\u0442\u0438 \u0432 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 GlobOpt::OptArraySrc. \u041f\u043e\u0441\u043b\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043e\u0431\u0430\u0432\u0438\u043b\u0430\u0441\u044c \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0430 \u0441\u0438\u0442\u0443\u0430\u0446\u0438\u0438, \u043a\u043e\u0433\u0434\u0430 \u043e\u043f\u0442\u0438\u043c\u0438\u0437\u0430\u0442\u043e\u0440 \u043d\u0435 \u0437\u0430\u043c\u0435\u0447\u0430\u0435\u0442, \u0447\u0442\u043e \u0438\u043d\u043e\u0433\u0434\u0430 \u0442\u0438\u043f \u043f\u0435\u0440\u0435\u043c\u0435\u043d\u043d\u043e\u0439 \u043c\u043e\u0436\u0435\u0442 \u0438\u0437\u043c\u0435\u043d\u044f\u0442\u044c\u0441\u044f \u0432 runtime.\n\n\u0415\u0441\u043b\u0438 \u0432\u044b \u0441\u043b\u0435\u0434\u0438\u0442\u0435 \u0437\u0430 \u0434\u0435\u044f\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u044c\u044e Google ProjectZero \u0442\u0430\u043a \u0436\u0435 \u0430\u043a\u0442\u0438\u0432\u043d\u043e, \u043a\u0430\u043a \u0438 \u043c\u044b, \u0442\u043e \u0432\u044b \u0443\u0436\u0435 \u043e\u0431\u043e \u0432\u0441\u0435\u043c \u0434\u043e\u0433\u0430\u0434\u0430\u043b\u0438\u0441\u044c \ud83d\ude09\n\n\u0424\u0443\u043d\u043a\u0446\u0438\u044f GlobOpt::OptArraySrc \u0443\u0436\u0435 \u0444\u0438\u0433\u0443\u0440\u0438\u0440\u043e\u0432\u0430\u043b\u0430 \u0432 ITW-\u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0435, \u0430 \u0438\u043c\u0435\u043d\u043d\u043e \u0432 \u043f\u043e\u0441\u0442\u0435, \u043e\u043f\u0438\u0441\u044b\u0432\u0430\u044e\u0449\u0435\u043c CVE-2022-41128. \n\n\u0412 \u043f\u043e\u0441\u0442\u0435 \u0435\u0441\u0442\u044c PoC, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0438\u0440\u0443\u0435\u0442 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044e CVE-2022\u201341128. \u0412\u0437\u044f\u0432 \u0438\u0437 \u043d\u0435\u0433\u043e \u043a\u043b\u044e\u0447\u0435\u0432\u044b\u0435 \u0441\u0442\u0440\u043e\u043a\u0438, \u043c\u044b \u043f\u0440\u043e\u0432\u0435\u043b\u0438 \u043f\u043e\u0438\u0441\u043a \u0432 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u044b\u0445 \u0438 \u043f\u0440\u0438\u0432\u0430\u0442\u043d\u044b\u0445 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0430\u0445 \u043f\u043e \u0444\u0430\u0439\u043b\u0430\u043c, \u0437\u0430\u0433\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u043c \u043d\u0435\u0434\u0430\u0432\u043d\u043e, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435 \u043f\u043e\u0434\u0441\u0442\u0440\u043e\u043a\u0438:\n\n\u2022 6E6577204F626A656374287B0D0A20 \n\u2022 206E657720496E7433324172726179\n\n\u041c\u044b \u043d\u0430\u0448\u043b\u0438 \u0432\u0441\u0435\u0433\u043e \u043e\u0434\u0438\u043d \u0444\u0430\u0439\u043b. \u041e\u043d \u0431\u044b\u043b \u0437\u0430\u0433\u0440\u0443\u0436\u0435\u043d \u0438\u0437 KR, \u0438 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442, \u0432\u0435\u0440\u043e\u044f\u0442\u043d\u043e, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0441\u044f \u0432 \u0430\u0442\u0430\u043a\u0430\u0445 \u0432 \u044d\u0442\u043e\u0439 \u0441\u0442\u0440\u0430\u043d\u0435, \u043e \u0447\u0435\u043c \u043a\u043e\u0441\u0432\u0435\u043d\u043d\u043e \u0441\u0432\u0438\u0434\u0435\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0443\u0435\u0442 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u0438\u0437 \u0431\u044e\u043b\u043b\u0435\u0442\u0435\u043d\u0438 Microsoft. \n\n\u041f\u0440\u043e\u0433\u043d\u0430\u0432 \u0444\u0430\u0439\u043b \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445 \u0441 \u043f\u0430\u0442\u0447\u0435\u043c \u0438 \u0431\u0435\u0437 \u043d\u0435\u0433\u043e, \u043c\u044b \u0431\u044b\u0441\u0442\u0440\u043e \u043f\u043e\u043d\u044f\u043b\u0438, \u0447\u0442\u043e \u044d\u0442\u043e \u0438\u043c\u0435\u043d\u043d\u043e \u0442\u043e, \u0447\u0442\u043e \u043c\u044b \u0438\u0441\u043a\u0430\u043b\u0438. \u0412 \u0441\u0432\u044f\u0437\u0438 \u0441 \u0431\u043e\u043b\u044c\u0448\u043e\u0439 \u0441\u0445\u043e\u0436\u0435\u0441\u0442\u044c\u044e \u0441 CVE-2022-41128 \u043c\u044b \u0441\u0447\u0438\u0442\u0430\u0435\u043c, \u0447\u0442\u043e \u0438 \u044d\u0442\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u044b\u043b\u0430 \u043d\u0430\u0439\u0434\u0435\u043d\u0430 \u0447\u0435\u0440\u0435\u0437 \u0444\u0430\u0437\u0437\u0438\u043d\u0433, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u043b\u0441\u044f \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c PoC \u0434\u043b\u044f CVE-2022-41128 \u0438 CVE-2021-34480.\n\n\u042d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u0441\u043e\u0437\u0434\u0430\u0435\u0442 \u0441\u0438\u0442\u0443\u0430\u0446\u0438\u044e, \u043a\u043e\u0433\u0434\u0430 JIT-\u043a\u043e\u043c\u043f\u0438\u043b\u044f\u0442\u043e\u0440 \u0443\u0431\u0435\u0436\u0434\u0435\u043d, \u0447\u0442\u043e \u043f\u0435\u0440\u0435\u043c\u0435\u043d\u043d\u0430\u044f X \u0438\u043c\u0435\u0435\u0442 \u0442\u0438\u043f js::TypedArray, \u043d\u043e \u043d\u0430 \u0441\u0430\u043c\u043e\u043c \u0434\u0435\u043b\u0435 X \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u0442 \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435 Y \u0442\u0438\u043f\u0430 js::DynamicObj. \u0414\u0430\u043b\u0435\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u0434\u043e\u0441\u0442\u0443\u043f \u043f\u043e \u0438\u043d\u0434\u0435\u043a\u0441\u0443 4, 11, 12, \u0447\u0442\u043e\u0431\u044b \u043c\u043e\u0434\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0438\u0435 \u043f\u043e\u043b\u044f \u043c\u0430\u0441\u0441\u0438\u0432\u0430 js::JavaScriptNativeArray, \u043d\u0430\u0445\u043e\u0434\u044f\u0449\u0435\u0433\u043e\u0441\u044f \u0432 \u043e\u0434\u043d\u043e\u043c \u0438\u0437 \u0441\u0432\u043e\u0439\u0441\u0442\u0432 \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u044f Y. \u041c\u043e\u0434\u0438\u0444\u0438\u0446\u0438\u0440\u0443\u0435\u043c\u044b\u0435 \u043f\u043e\u043b\u044f \u0445\u0440\u0430\u043d\u044f\u0442 \u0440\u0430\u0437\u043c\u0435\u0440 \u043c\u0430\u0441\u0441\u0438\u0432\u0430. \n\n\u0412 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u0434\u0430\u0435\u0442 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0434\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u044b \u044d\u0442\u043e\u0433\u043e \u043c\u0430\u0441\u0441\u0438\u0432\u0430 \u0434\u043b\u044f \u0442\u043e\u0433\u043e, \u0447\u0442\u043e\u0431\u044b \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u0440\u0438\u043c\u0438\u0442\u0438\u0432\u044b \u043d\u0430 \u043e\u0442\u043d\u043e\u0441\u0438\u0442\u0435\u043b\u044c\u043d\u0443\u044e \u0437\u0430\u043f\u0438\u0441\u044c \u0438 \u0447\u0442\u0435\u043d\u0438\u0435. \u0414\u0430\u043b\u044c\u043d\u0435\u0439\u0448\u0435\u0435 \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0437\u0430\u043d\u044f\u043b\u043e \u0431\u044b \u043d\u0435\u043f\u0440\u0438\u043b\u0438\u0447\u043d\u043e \u043c\u043d\u043e\u0433\u043e \u043c\u0435\u0441\u0442\u0430 \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 \u043f\u043e\u0441\u0442\u0430, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 stay tunned \u0438 happy hunting \ud83d\ude42\n\nYARA-\u043f\u0440\u0430\u0432\u0438\u043b\u043e (\u043d\u0430 \u0444\u0430\u0439\u043b):\n\n\nrule exploit_CVE_2024_38178 {\n      strings:\n          $a = { 6E6577204F626A656374287B0D0A20 }\n          $b = { 206E657720496E7433324172726179 } \n     condition:\n           all of them\n}\n\n\nIoCs:\n\n\nSHA256: 736092B71A9686FDE43D3C4ABD941A6774721B90B17D946C9D05AF19C84DF0A4\n\n\n\nhttp://img[.]mobonad[.]com/images/20230912/43\n\n\n#escvr #itw #jscript9 #reverse\n@ptescalator", "creation_timestamp": "2024-09-09T12:43:50.000000Z"}, {"uuid": "4e5efa2c-c18a-4a65-b49e-2c0787298f18", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41128", "type": "published-proof-of-concept", "source": "https://t.me/alexmakus/4847", "content": "\u043d\u043e\u044f\u0431\u0440\u044c\u0441\u043a\u0438\u0439 Patch Tuesday \u0443 Microsoft. 68 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u0432\u043a\u043b\u044e\u0447\u0430\u044f 4 zero day\n\n-CVE-2022-41128, JScript9 RCE, via Google TAG\n-CVE-2022-41091, MOTW bypass\n-CVE-2022-41073, Print spooler EoP, via MSTIC\n-CVE-2022-41125, CNG EoP\n\nhttps://rawcdn.githack.com/campuscodi/Microsoft-Patch-Tuesday-Security-Reports/1a976afcf461b6f104d40601305e4c9773175f57/Reports/MSRC_CVEs2022-Nov.html", "creation_timestamp": "2022-11-08T20:27:53.000000Z"}, {"uuid": "cebdca3c-ab7c-483f-9a52-e9187ae4f156", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41120", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/2100", "content": "SideLOADR\n\nA \"simple\" script to perform DLL sideloading using Python.\n\nhttps://github.com/Pascal-0x90/sideloadr\n\n\u200b\u200bCallObfuscator\n\nObfuscate (hide) the PE imports from static/dynamic analysis tools.\n\nhttps://github.com/d35ha/CallObfuscator\n\n\u200b\u200bSysmonEoP\n\nHere is PoC for CVE-2022-41120. I combined arb file delete and limited arb file write to get code execution as NT Authority\\System.\n\nhttps://github.com/Wh04m1001/SysmonEoP\n\n#cve #poc\n\n\u200b\u200bteler\n\nReal-time HTTP Intrusion Detection\n\nteler is an real-time intrusion detection and threat alert based on web log that runs in a terminal with resources that we collect and provide by the community. \u2764\ufe0f\n\nhttps://github.com/kitabisa/teler\n\n\u200b\u200bPwnAI\n\nI leverage OpenAI to automate explanations of what malware or suspected malicious code samples are doing\n\nhttps://github.com/NoDataFound/PwnAI\n\n\u200b\u200bPrintNotifyPotato\n\nAnother potato, using PrintNotify COM service for lifting rights\n\nFor Windows 10 - 11 Windows Server 2012 - 2022\n\nhttps://github.com/BeichenDream/PrintNotifyPotato\n\n#infosec #cybersec #\ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00\ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06\n\nhttps://t.me/dilagrafie\nhttps://t.me/c/1634518258/5\nhttps://t.me/c/1634518258/6\n\n5/5", "creation_timestamp": "2022-12-07T22:43:40.000000Z"}, {"uuid": "86a0a083-fa7d-4526-8c9e-f13597d1bc36", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41125", "type": "seen", "source": "Telegram/7nXEMrB5TmapJ_9YLM9xLxxYnxTUIvZm1dxLwXc2ewiX3afN", "content": "", "creation_timestamp": "2025-02-06T02:41:37.000000Z"}, {"uuid": "48ac8617-c495-4b0f-a74b-81f2da1c6196", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41125", "type": "seen", "source": "https://t.me/arpsyndicate/1256", "content": "#ExploitObserverAlert\n\nCVE-2022-41125\n\nDESCRIPTION: Exploit Observer has 3 entries related to CVE-2022-41125. Windows CNG Key Isolation Service Elevation of Privilege Vulnerability\n\nFIRST-EPSS: 0.000440000\nNVD-IS: 5.9\nNVD-ES: 1.8", "creation_timestamp": "2023-12-04T16:57:32.000000Z"}, {"uuid": "fc479fc8-2eb6-4f4c-955e-1ce05e55dfdf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41128", "type": "seen", "source": "https://t.me/arpsyndicate/1155", "content": "#ExploitObserverAlert\n\nCVE-2022-41128\n\nDESCRIPTION: Exploit Observer has 2 entries related to CVE-2022-41128. Windows Scripting Languages Remote Code Execution Vulnerability\n\nFIRST-EPSS: 0.209220000\nNVD-IS: 5.9\nNVD-ES: 2.8", "creation_timestamp": "2023-12-04T08:14:07.000000Z"}, {"uuid": "49947bd7-1b4f-4189-a144-9d86f8e3bf6c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41120", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/2074", "content": "33) \u200b\u200bWindows Privilege Escalation Cheatsheet\n\nThis cheatsheet is aimed at OSCP aspirants to help them understand the various methods of escalating privilege on Windows-based machines and CTFs with examples. There are multiple ways to perform the same task. We have performed and compiled this list based on our experience. Please share this with your connections and direct queries and feedback to Hacking Articles.\n\nhttps://github.com/Ignitetechnologies/Windows-Privilege-Escalation\n\n34) \u200b\u200bBumbleCrypt\n\nA Bumblebee-inspired Crypter\n\nThe BumbleCrypt is inspired by Bumblebee's crypter, in Bumblebee's case the main Bumblebee DLL is been loaded in the memory and executed in the following way:\n\n\u25ab\ufe0f Decrypts and writes the payload in the Heap\n\u25ab\ufe0f Hooks three NtApi's - NtOpenFile, NtCreateSection and NtMapViewOfSection\n\u25ab\ufe0f Calls LoadLibraryW(\"gdiplus.dll\") which triggers the inline hooks as the above three API's are been used by LoadLibrary() to load any library.\n\u25ab\ufe0f The inline hooks and LoadLibrary itself then loads the main Bumblebee DLL in place of \"gdiplus.dll\"\n\u25ab\ufe0f At last, the control is been transferred to the exported function \"SetPath\" of the main Bumblebee DLL\n\nhttps://github.com/knight0x07/BumbleCrypt\n\n35) FrostByte\n\n\u25ab\ufe0f Replace SigFlip.exe with latest .NET version\n\u25ab\ufe0f Changed .NET assembly executable to RegAsm.exe\n\u25ab\ufe0f Modify variable names and functions for better evasion\n\u25ab\ufe0f Modify shellcode callback method to a lesser known technique for evasion\n\u25ab\ufe0f Encrypt the signatured \"tag\" used in SigFlip to evade static analysis which gets decrypted at runtime\n\nhttps://github.com/wsummerhill/FrostByte\n\n36) \u200b\u200bSideLOADR\n\nA \"simple\" script to perform DLL sideloading using Python.\n\nhttps://github.com/Pascal-0x90/sideloadr\n\n37) \u200b\u200bCallObfuscator\n\nObfuscate (hide) the PE imports from static/dynamic analysis tools.\n\nhttps://github.com/d35ha/CallObfuscator\n\n38) \u200b\u200bSysmonEoP\n\nHere is PoC for CVE-2022-41120. I combined arb file delete and limited arb file write to get code execution as NT Authority\\System.\n\nhttps://github.com/Wh04m1001/SysmonEoP\n\n#cve #poc\n\n39) \u200b\u200bteler\n\nReal-time HTTP Intrusion Detection\n\nteler is an real-time intrusion detection and threat alert based on web log that runs in a terminal with resources that we collect and provide by the community. \n\nhttps://github.com/kitabisa/teler\n\n40) \u200b\u200bPwnAI\n\nI leverage OpenAI to automate explanations of what malware or suspected malicious code samples are doing\n\nhttps://github.com/NoDataFound/PwnAI\n\n#infosec #cybersec #tool #hack\n\n4/4", "creation_timestamp": "2022-12-04T12:15:29.000000Z"}, {"uuid": "8bcdf1a1-f3e8-430f-be35-4278ee1aa73e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41120", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/88", "content": "SideLOADR\n\nA \"simple\" script to perform DLL sideloading using Python.\n\nhttps://github.com/Pascal-0x90/sideloadr\n\n\u200b\u200bCallObfuscator\n\nObfuscate (hide) the PE imports from static/dynamic analysis tools.\n\nhttps://github.com/d35ha/CallObfuscator\n\n\u200b\u200bSysmonEoP\n\nHere is PoC for CVE-2022-41120. I combined arb file delete and limited arb file write to get code execution as NT Authority\\System.\n\nhttps://github.com/Wh04m1001/SysmonEoP\n\n#cve #poc\n\n\u200b\u200bteler\n\nReal-time HTTP Intrusion Detection\n\nteler is an real-time intrusion detection and threat alert based on web log that runs in a terminal with resources that we collect and provide by the community. \u2764\ufe0f\n\nhttps://github.com/kitabisa/teler\n\n\u200b\u200bPwnAI\n\nI leverage OpenAI to automate explanations of what malware or suspected malicious code samples are doing\n\nhttps://github.com/NoDataFound/PwnAI\n\n\u200b\u200bPrintNotifyPotato\n\nAnother potato, using PrintNotify COM service for lifting rights\n\nFor Windows 10 - 11 Windows Server 2012 - 2022\n\nhttps://github.com/BeichenDream/PrintNotifyPotato\n\n#infosec #cybersec #\ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00\ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06\n\nhttps://t.me/dilagrafie\nhttps://t.me/c/1634518258/5\nhttps://t.me/c/1634518258/6\n\n5/5", "creation_timestamp": "2022-12-07T22:43:40.000000Z"}, {"uuid": "17d2ccc8-b435-4ee2-9dc9-63ed03c90558", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41120", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/28", "content": "33) \u200b\u200bWindows Privilege Escalation Cheatsheet\n\nThis cheatsheet is aimed at OSCP aspirants to help them understand the various methods of escalating privilege on Windows-based machines and CTFs with examples. There are multiple ways to perform the same task. We have performed and compiled this list based on our experience. Please share this with your connections and direct queries and feedback to Hacking Articles.\n\nhttps://github.com/Ignitetechnologies/Windows-Privilege-Escalation\n\n34) \u200b\u200bBumbleCrypt\n\nA Bumblebee-inspired Crypter\n\nThe BumbleCrypt is inspired by Bumblebee's crypter, in Bumblebee's case the main Bumblebee DLL is been loaded in the memory and executed in the following way:\n\n\u25ab\ufe0f Decrypts and writes the payload in the Heap\n\u25ab\ufe0f Hooks three NtApi's - NtOpenFile, NtCreateSection and NtMapViewOfSection\n\u25ab\ufe0f Calls LoadLibraryW(\"gdiplus.dll\") which triggers the inline hooks as the above three API's are been used by LoadLibrary() to load any library.\n\u25ab\ufe0f The inline hooks and LoadLibrary itself then loads the main Bumblebee DLL in place of \"gdiplus.dll\"\n\u25ab\ufe0f At last, the control is been transferred to the exported function \"SetPath\" of the main Bumblebee DLL\n\nhttps://github.com/knight0x07/BumbleCrypt\n\n35) FrostByte\n\n\u25ab\ufe0f Replace SigFlip.exe with latest .NET version\n\u25ab\ufe0f Changed .NET assembly executable to RegAsm.exe\n\u25ab\ufe0f Modify variable names and functions for better evasion\n\u25ab\ufe0f Modify shellcode callback method to a lesser known technique for evasion\n\u25ab\ufe0f Encrypt the signatured \"tag\" used in SigFlip to evade static analysis which gets decrypted at runtime\n\nhttps://github.com/wsummerhill/FrostByte\n\n36) \u200b\u200bSideLOADR\n\nA \"simple\" script to perform DLL sideloading using Python.\n\nhttps://github.com/Pascal-0x90/sideloadr\n\n37) \u200b\u200bCallObfuscator\n\nObfuscate (hide) the PE imports from static/dynamic analysis tools.\n\nhttps://github.com/d35ha/CallObfuscator\n\n38) \u200b\u200bSysmonEoP\n\nHere is PoC for CVE-2022-41120. I combined arb file delete and limited arb file write to get code execution as NT Authority\\System.\n\nhttps://github.com/Wh04m1001/SysmonEoP\n\n#cve #poc\n\n39) \u200b\u200bteler\n\nReal-time HTTP Intrusion Detection\n\nteler is an real-time intrusion detection and threat alert based on web log that runs in a terminal with resources that we collect and provide by the community. \n\nhttps://github.com/kitabisa/teler\n\n40) \u200b\u200bPwnAI\n\nI leverage OpenAI to automate explanations of what malware or suspected malicious code samples are doing\n\nhttps://github.com/NoDataFound/PwnAI\n\n#infosec #cybersec #tool #hack\n\n4/4", "creation_timestamp": "2022-12-04T12:15:30.000000Z"}, {"uuid": "5e54c0f8-c46d-474f-83ac-73ed7c76d1cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41120", "type": "published-proof-of-concept", "source": "https://t.me/lcmysecteamch/4075", "content": "33) \u200b\u200bWindows Privilege Escalation Cheatsheet\n\nThis cheatsheet is aimed at OSCP aspirants to help them understand the various methods of escalating privilege on Windows-based machines and CTFs with examples. There are multiple ways to perform the same task. We have performed and compiled this list based on our experience. Please share this with your connections and direct queries and feedback to Hacking Articles.\n\nhttps://github.com/Ignitetechnologies/Windows-Privilege-Escalation\n\n34) \u200b\u200bBumbleCrypt\n\nA Bumblebee-inspired Crypter\n\nThe BumbleCrypt is inspired by Bumblebee's crypter, in Bumblebee's case the main Bumblebee DLL is been loaded in the memory and executed in the following way:\n\n\u25ab\ufe0f Decrypts and writes the payload in the Heap\n\u25ab\ufe0f Hooks three NtApi's - NtOpenFile, NtCreateSection and NtMapViewOfSection\n\u25ab\ufe0f Calls LoadLibraryW(\"gdiplus.dll\") which triggers the inline hooks as the above three API's are been used by LoadLibrary() to load any library.\n\u25ab\ufe0f The inline hooks and LoadLibrary itself then loads the main Bumblebee DLL in place of \"gdiplus.dll\"\n\u25ab\ufe0f At last, the control is been transferred to the exported function \"SetPath\" of the main Bumblebee DLL\n\nhttps://github.com/knight0x07/BumbleCrypt\n\n35) FrostByte\n\n\u25ab\ufe0f Replace SigFlip.exe with latest .NET version\n\u25ab\ufe0f Changed .NET assembly executable to RegAsm.exe\n\u25ab\ufe0f Modify variable names and functions for better evasion\n\u25ab\ufe0f Modify shellcode callback method to a lesser known technique for evasion\n\u25ab\ufe0f Encrypt the signatured \"tag\" used in SigFlip to evade static analysis which gets decrypted at runtime\n\nhttps://github.com/wsummerhill/FrostByte\n\n36) \u200b\u200bSideLOADR\n\nA \"simple\" script to perform DLL sideloading using Python.\n\nhttps://github.com/Pascal-0x90/sideloadr\n\n37) \u200b\u200bCallObfuscator\n\nObfuscate (hide) the PE imports from static/dynamic analysis tools.\n\nhttps://github.com/d35ha/CallObfuscator\n\n38) \u200b\u200bSysmonEoP\n\nHere is PoC for CVE-2022-41120. I combined arb file delete and limited arb file write to get code execution as NT Authority\\System.\n\nhttps://github.com/Wh04m1001/SysmonEoP\n\n#cve #poc\n\n39) \u200b\u200bteler\n\nReal-time HTTP Intrusion Detection\n\nteler is an real-time intrusion detection and threat alert based on web log that runs in a terminal with resources that we collect and provide by the community. \n\nhttps://github.com/kitabisa/teler\n\n40) \u200b\u200bPwnAI\n\nI leverage OpenAI to automate explanations of what malware or suspected malicious code samples are doing\n\nhttps://github.com/NoDataFound/PwnAI\n\n#infosec #cybersec #tool #hack\n\n4/4", "creation_timestamp": "2022-12-04T11:07:34.000000Z"}, {"uuid": "5115904c-54d3-4502-9296-d232f15bf1b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41120", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/1203", "content": "\u043a\u043e\u043d\u0446\u0435\u043f\u0446\u0438\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u0438\u044f/\u0437\u0430\u043f\u0438\u0441\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u0444\u0430\u0439\u043b\u0430 \u0432 Sysmon (CVE-2022-41120/CVE-2022-XXXXX)\ndownload POC\n\n#windows #LPE #poc", "creation_timestamp": "2022-12-05T12:58:37.000000Z"}, {"uuid": "ec880f1c-3aa6-4bd7-a220-e1d93b189f7b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41120", "type": "published-proof-of-concept", "source": "https://t.me/lcmysecteamch/11973", "content": "SideLOADR\n\nA \"simple\" script to perform DLL sideloading using Python.\n\nhttps://github.com/Pascal-0x90/sideloadr\n\n\u200b\u200bCallObfuscator\n\nObfuscate (hide) the PE imports from static/dynamic analysis tools.\n\nhttps://github.com/d35ha/CallObfuscator\n\n\u200b\u200bSysmonEoP\n\nHere is PoC for CVE-2022-41120. I combined arb file delete and limited arb file write to get code execution as NT Authority\\System.\n\nhttps://github.com/Wh04m1001/SysmonEoP\n\n#cve #poc\n\n\u200b\u200bteler\n\nReal-time HTTP Intrusion Detection\n\nteler is an real-time intrusion detection and threat alert based on web log that runs in a terminal with resources that we collect and provide by the community. \u2764\ufe0f\n\nhttps://github.com/kitabisa/teler\n\n\u200b\u200bPwnAI\n\nI leverage OpenAI to automate explanations of what malware or suspected malicious code samples are doing\n\nhttps://github.com/NoDataFound/PwnAI\n\n\u200b\u200bPrintNotifyPotato\n\nAnother potato, using PrintNotify COM service for lifting rights\n\nFor Windows 10 - 11 Windows Server 2012 - 2022\n\nhttps://github.com/BeichenDream/PrintNotifyPotato\n\n#infosec #cybersec #\ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00\ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06\n\nhttps://t.me/dilagrafie\nhttps://t.me/c/1634518258/5\nhttps://t.me/c/1634518258/6\n\n5/5", "creation_timestamp": "2022-12-07T18:07:14.000000Z"}, {"uuid": "4e47be09-8146-407a-9250-694ea828cf54", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41120", "type": "published-proof-of-concept", "source": "https://t.me/lcmysecteamch/4102", "content": "SideLOADR\n\nA \"simple\" script to perform DLL sideloading using Python.\n\nhttps://github.com/Pascal-0x90/sideloadr\n\n\u200b\u200bCallObfuscator\n\nObfuscate (hide) the PE imports from static/dynamic analysis tools.\n\nhttps://github.com/d35ha/CallObfuscator\n\n\u200b\u200bSysmonEoP\n\nHere is PoC for CVE-2022-41120. I combined arb file delete and limited arb file write to get code execution as NT Authority\\System.\n\nhttps://github.com/Wh04m1001/SysmonEoP\n\n#cve #poc\n\n\u200b\u200bteler\n\nReal-time HTTP Intrusion Detection\n\nteler is an real-time intrusion detection and threat alert based on web log that runs in a terminal with resources that we collect and provide by the community. \u2764\ufe0f\n\nhttps://github.com/kitabisa/teler\n\n\u200b\u200bPwnAI\n\nI leverage OpenAI to automate explanations of what malware or suspected malicious code samples are doing\n\nhttps://github.com/NoDataFound/PwnAI\n\n\u200b\u200bPrintNotifyPotato\n\nAnother potato, using PrintNotify COM service for lifting rights\n\nFor Windows 10 - 11 Windows Server 2012 - 2022\n\nhttps://github.com/BeichenDream/PrintNotifyPotato\n\n#infosec #cybersec #\ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00\ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06\n\nhttps://t.me/dilagrafie\nhttps://t.me/c/1634518258/5\nhttps://t.me/c/1634518258/6\n\n5/5", "creation_timestamp": "2022-12-07T18:07:14.000000Z"}, {"uuid": "93e36b46-e3f6-4d6a-a4f9-00c1709b90c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41120", "type": "published-proof-of-concept", "source": "https://t.me/lcmysecteamch/11900", "content": "33) \u200b\u200bWindows Privilege Escalation Cheatsheet\n\nThis cheatsheet is aimed at OSCP aspirants to help them understand the various methods of escalating privilege on Windows-based machines and CTFs with examples. There are multiple ways to perform the same task. We have performed and compiled this list based on our experience. Please share this with your connections and direct queries and feedback to Hacking Articles.\n\nhttps://github.com/Ignitetechnologies/Windows-Privilege-Escalation\n\n34) \u200b\u200bBumbleCrypt\n\nA Bumblebee-inspired Crypter\n\nThe BumbleCrypt is inspired by Bumblebee's crypter, in Bumblebee's case the main Bumblebee DLL is been loaded in the memory and executed in the following way:\n\n\u25ab\ufe0f Decrypts and writes the payload in the Heap\n\u25ab\ufe0f Hooks three NtApi's - NtOpenFile, NtCreateSection and NtMapViewOfSection\n\u25ab\ufe0f Calls LoadLibraryW(\"gdiplus.dll\") which triggers the inline hooks as the above three API's are been used by LoadLibrary() to load any library.\n\u25ab\ufe0f The inline hooks and LoadLibrary itself then loads the main Bumblebee DLL in place of \"gdiplus.dll\"\n\u25ab\ufe0f At last, the control is been transferred to the exported function \"SetPath\" of the main Bumblebee DLL\n\nhttps://github.com/knight0x07/BumbleCrypt\n\n35) FrostByte\n\n\u25ab\ufe0f Replace SigFlip.exe with latest .NET version\n\u25ab\ufe0f Changed .NET assembly executable to RegAsm.exe\n\u25ab\ufe0f Modify variable names and functions for better evasion\n\u25ab\ufe0f Modify shellcode callback method to a lesser known technique for evasion\n\u25ab\ufe0f Encrypt the signatured \"tag\" used in SigFlip to evade static analysis which gets decrypted at runtime\n\nhttps://github.com/wsummerhill/FrostByte\n\n36) \u200b\u200bSideLOADR\n\nA \"simple\" script to perform DLL sideloading using Python.\n\nhttps://github.com/Pascal-0x90/sideloadr\n\n37) \u200b\u200bCallObfuscator\n\nObfuscate (hide) the PE imports from static/dynamic analysis tools.\n\nhttps://github.com/d35ha/CallObfuscator\n\n38) \u200b\u200bSysmonEoP\n\nHere is PoC for CVE-2022-41120. I combined arb file delete and limited arb file write to get code execution as NT Authority\\System.\n\nhttps://github.com/Wh04m1001/SysmonEoP\n\n#cve #poc\n\n39) \u200b\u200bteler\n\nReal-time HTTP Intrusion Detection\n\nteler is an real-time intrusion detection and threat alert based on web log that runs in a terminal with resources that we collect and provide by the community. \n\nhttps://github.com/kitabisa/teler\n\n40) \u200b\u200bPwnAI\n\nI leverage OpenAI to automate explanations of what malware or suspected malicious code samples are doing\n\nhttps://github.com/NoDataFound/PwnAI\n\n#infosec #cybersec #tool #hack\n\n4/4", "creation_timestamp": "2022-12-04T11:07:34.000000Z"}, {"uuid": "84b0864d-c03a-4557-8f88-cf559adef90f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41120", "type": "published-proof-of-concept", "source": "Telegram/Hp2I3hT2PcDJoyrWtE6TnE0S4XhiV7FntHkBit-KI7EL9KI", "content": "", "creation_timestamp": "2022-12-08T18:31:07.000000Z"}, {"uuid": "67c72a35-35bd-4659-b1fd-eeb119c0d176", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41128", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/625", "content": "CVE-2022-41128 : Type confusion in Internet Explorer's JScript9 engine\nPOC : https://googleprojectzero.github.io/0days-in-the-wild/0day-RCAs/2022/CVE-2022-41128.html", "creation_timestamp": "2022-12-16T21:29:02.000000Z"}, {"uuid": "d3987496-3c5c-492a-a9f3-d262f59f19ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41120", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/1628", "content": "#tools \n#Offensive_security\n1. HTB: CarpeDiem\nhttps://0xdf.gitlab.io/2022/12/03/htb-carpediem.html\n2. SysmonEoP - PoC for arbitrary file delete/write in Sysmon (CVE-2022-41120/CVE-2022-XXXXX)\nhttps://github.com/Wh04m1001/SysmonEoP\n3. Nim DLL Sideloading/proxying\nhttps://github.com/byt3bl33d3r/NimDllSideload", "creation_timestamp": "2022-12-20T11:31:19.000000Z"}, {"uuid": "e3a8109c-78d6-44ed-a049-f3a4ec7ec807", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41128", "type": "exploited", "source": "https://t.me/true_secator/3807", "content": "\u0421\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b \u0438\u0437 \u0433\u0440\u0443\u043f\u043f\u044b \u0430\u043d\u0430\u043b\u0438\u0437\u0430 \u0443\u0433\u0440\u043e\u0437 Google (TAG) \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0438 \u043e\u0431 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f \u0432 Internet Explorer, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u0432 \u043e\u043a\u0442\u044f\u0431\u0440\u0435 2022 \u0433\u043e\u0434\u0430 \u0441\u0435\u0432\u0435\u0440\u043e\u043a\u043e\u0440\u0435\u0439\u0441\u043a\u0438\u043c\u0438 \u0445\u0430\u043a\u0435\u0440\u0430\u043c\u0438, \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u043c\u0438 \u043a\u0430\u043a APT37.\n\n\u0410\u0442\u0430\u043a\u0430 \u0431\u044b\u043b\u0430 \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u0430 \u043f\u0440\u0435\u0438\u043c\u0443\u0449\u0435\u0441\u0442\u0432\u0435\u043d\u043d\u043e \u043d\u0430 \u044e\u0436\u043d\u043e\u043a\u043e\u0440\u0435\u0439\u0441\u043a\u0438\u0445 \u0441\u043e\u0441\u0435\u0434\u0435\u0439 \u0438 \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u044b\u0432\u0430\u043b\u0430\u0441\u044c \u043f\u0443\u0442\u0435\u043c \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u041f\u041e \u0432 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u0445, \u0441\u0441\u044b\u043b\u0430\u044e\u0449\u0438\u0445\u0441\u044f \u043d\u0430 \u043d\u0435\u0434\u0430\u0432\u043d\u0438\u0439 \u043c\u0430\u0441\u0441\u043e\u0432\u044b\u0439 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442 \u0432 \u0418\u0442\u0445\u044d\u0432\u043e\u043d\u0435 (\u0442\u0440\u0430\u0433\u0435\u0434\u0438\u044f \u0432\u043e \u0432\u0440\u0435\u043c\u044f \u043f\u0440\u0430\u0437\u0434\u043d\u043e\u0432\u0430\u043d\u0438\u044f \u0425\u044d\u043b\u043b\u043e\u0443\u0438\u043d\u0430 \u0432 \u0421\u0435\u0443\u043b\u0435).\n\n\u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0442\u043e, \u0447\u0442\u043e \u0431\u0440\u0430\u0443\u0437\u0435\u0440 Internet Explorer \u0431\u044b\u043b \u043e\u0444\u0438\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0437\u0430\u043a\u0440\u044b\u0442 \u0435\u0449\u0435 \u0432 \u0438\u044e\u043d\u0435 \u044d\u0442\u043e\u0433\u043e \u0433\u043e\u0434\u0430, \u0438 \u0441 \u0442\u0435\u0445 \u043f\u043e\u0440 \u0435\u0433\u043e \u0437\u0430\u043c\u0435\u043d\u0438\u043b Microsoft Edge, Office \u043f\u043e-\u043f\u0440\u0435\u0436\u043d\u0435\u043c\u0443 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u0434\u0432\u0438\u0436\u043e\u043a IE \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f JavaScript, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0438 \u0434\u0435\u043b\u0430\u0435\u0442 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0439 \u0430\u0442\u0430\u043a\u0443 \u043d\u0430 \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u044b \u0441 Windows 7\u201311 \u0438 Windows Server 2008\u20132022, \u043d\u0430 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043d\u0435 \u0431\u044b\u043b\u0438 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u044b \u043d\u043e\u0432\u044b\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043e\u0442 \u043d\u043e\u044f\u0431\u0440\u044f 2022 \u0433\u043e\u0434\u0430.\n\n\u0421\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u0430\u043c TAG \u0441\u0442\u0430\u043b\u043e \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e \u043e\u0431 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043a\u043e\u0433\u0434\u0430 31 \u043e\u043a\u0442\u044f\u0431\u0440\u044f 2022 \u0433\u043e\u0434\u0430 \u043d\u0430 VirusTotal \u0431\u044b\u043b\u0438 \u0437\u0430\u0433\u0440\u0443\u0436\u0435\u043d\u044b \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u044b Microsoft Office \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c \u00ab221031 Seoul Yongsan Itaewon accident response situation (06:00).docx\u00bb.\n\n\u0412 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430\u0441\u044c 0-day \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u043c\u0430\u044f \u043a\u0430\u043a CVE-2022-41128 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS 8,8), \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u0430\u044f \u0432 \u00abjscript9.dll\u00bb \u0434\u0432\u0438\u0436\u043a\u0430 JavaScript Internet Explorer, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043c\u043e\u0436\u043d\u043e \u0431\u044b\u043b\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u0434\u043e\u0441\u0442\u0430\u0432\u043a\u0438 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u041f\u041e \u0438\u043b\u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 \u043f\u0440\u0438 \u043e\u0442\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u0438 \u0432\u0435\u0431-\u0441\u0430\u0439\u0442\u0430, \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u043e\u0433\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u043c. \n\nTAG \u043f\u0440\u0438\u043f\u0438\u0441\u0430\u043b\u0430 \u044d\u0442\u0443 \u0430\u0442\u0430\u043a\u0443 \u0433\u0440\u0443\u043f\u043f\u0435 APT37, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0440\u0430\u043d\u0435\u0435 \u0443\u0436\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430 \u0430\u043d\u0430\u043b\u043e\u0433\u0438\u0447\u043d\u044b\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u044b \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f \u0434\u043b\u044f Internet Explorer \u0432 \u0446\u0435\u043b\u0435\u0432\u044b\u0445 \u0430\u0442\u0430\u043a\u0430\u0445 \u043d\u0430 \u0441\u0435\u0432\u0435\u0440\u043e\u043a\u043e\u0440\u0435\u0439\u0441\u043a\u0438\u0445 \u043f\u0435\u0440\u0435\u0431\u0435\u0436\u0447\u0438\u043a\u043e\u0432, \u043f\u043e\u043b\u0438\u0442\u0438\u043a\u043e\u0432, \u0436\u0443\u0440\u043d\u0430\u043b\u0438\u0441\u0442\u043e\u0432, \u043f\u0440\u0430\u0432\u043e\u0437\u0430\u0449\u0438\u0442\u043d\u0438\u043a\u043e\u0432 \u0438 \u044e\u0436\u043d\u043e\u043a\u043e\u0440\u0435\u0439\u0441\u043a\u0438\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 IE.\n\n\u041f\u043e\u043a\u0430 TAG \u043d\u0435 \u0443\u0434\u0430\u043b\u043e\u0441\u044c \u0438\u0437\u0443\u0447\u0438\u0442\u044c \u043e\u043a\u043e\u043d\u0447\u0430\u0442\u0435\u043b\u044c\u043d\u0443\u044e \u043f\u043e\u043b\u0435\u0437\u043d\u0443\u044e \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0443 \u0434\u043b\u044f \u044d\u0442\u043e\u0439 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438, \u043d\u043e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b \u043e\u0442\u043c\u0435\u0447\u0430\u044e\u0442, \u0447\u0442\u043e \u0440\u0430\u043d\u0435\u0435 \u043e\u043d\u0438 \u043d\u0430\u0431\u043b\u044e\u0434\u0430\u043b\u0438, \u043a\u0430\u043a APT37 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430 \u0430\u043d\u0430\u043b\u043e\u0433\u0438\u0447\u043d\u044b\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u044b \u0434\u043b\u044f \u0434\u043e\u0441\u0442\u0430\u0432\u043a\u0438 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c, \u0442\u0430\u043a\u0438\u0445 \u043a\u0430\u043a Rokrat, Bluelight \u0438 Dolphin.\n\n\u0421\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0435 \u043e\u0431 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u0441\u0442\u0443\u043f\u0438\u043b\u043e \u0432 \u0442\u0435\u0447\u0435\u043d\u0438\u0435 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u0445 \u0447\u0430\u0441\u043e\u0432 \u043f\u043e\u0441\u043b\u0435 \u0435\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f 31 \u043e\u043a\u0442\u044f\u0431\u0440\u044f \u0438 \u0443\u0436\u0435 8 \u043d\u043e\u044f\u0431\u0440\u044f \u043e\u043d\u0430 \u0431\u044b\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u0438 \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u044b \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f.", "creation_timestamp": "2022-12-09T08:44:19.000000Z"}, {"uuid": "6c1bb44a-4d00-4783-ad43-65798c4f09ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41128", "type": "seen", "source": "https://t.me/true_secator/3680", "content": "\u041d\u043e\u044f\u0431\u0440\u044c\u0441\u043a\u0438\u0439 Patch Tuesday \u043e\u0442 Microsoft \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u0442 68 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 Windows, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 \u0438 6 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u044b\u0445 0-day.\n\n\u0421\u0440\u0435\u0434\u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0445: 12 \u043a\u043b\u0430\u0441\u0441\u0438\u0444\u0438\u0446\u0438\u0440\u0443\u044e\u0442\u0441\u044f \u043a\u0430\u043a \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435, 2 -\u0441 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0435 \u0438 55 - \u0432\u0430\u0436\u043d\u044b\u0435.\n\n\u041f\u043e \u043a\u0430\u0442\u0435\u0433\u043e\u0440\u0438\u044f\u043c: 27 - \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u0435 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439, 4 - \u043e\u0431\u0445\u043e\u0434 \u0444\u0443\u043d\u043a\u0446\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, 16 - RCE, 11 - \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438, 6 - DoS, 3 - \u0441\u043f\u0443\u0444\u0438\u043d\u0433.\n\n\u0413\u043b\u0430\u0432\u043d\u0430\u044f \u0438\u0437\u044e\u043c\u0438\u043d\u043a\u0430 \u043f\u0430\u0442\u0447\u0430 - \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0434\u0432\u0443\u0445 CVE \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f \u0432 Exchange Server, \u0442\u0430\u043a\u0436\u0435 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0445 \u043a\u0430\u043a ProxyNotShell.\n\n\u0412 \u0446\u0435\u043b\u043e\u043c \u0436\u0435, \u0441\u043f\u0438\u0441\u043e\u043a \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u044b\u0445 0-day \u0432\u044b\u0433\u043b\u044f\u0434\u0438\u0442 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u043c \u043e\u0431\u0440\u0430\u0437\u043e\u043c:\n\n- CVE-2022-41128: \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 \u0432 \u044f\u0437\u044b\u043a\u0430\u0445 \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u0435\u0432 Windows, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u041a\u043b\u0435\u043c\u0435\u043d\u0442\u043e\u043c \u041b\u0435\u0441\u0438\u043d\u0435\u043c \u0438\u0437 \u0433\u0440\u0443\u043f\u043f\u044b \u0430\u043d\u0430\u043b\u0438\u0437\u0430 \u0443\u0433\u0440\u043e\u0437 Google. \u0411\u0430\u0433\u0430 \u0442\u0440\u0435\u0431\u0443\u0435\u0442, \u0447\u0442\u043e\u0431\u044b \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0435\u0439 Windows \u043f\u043e\u043b\u0443\u0447\u0438\u043b \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u043c\u0443 \u0441\u0435\u0440\u0432\u0435\u0440\u0443.\n\n- CVE-2022-41091: \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c Windows Mark of the Web Security Bypass. \u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0441\u043e\u0437\u0434\u0430\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u0444\u0430\u0439\u043b, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0441\u043c\u043e\u0436\u0435\u0442 \u043e\u0431\u043e\u0439\u0442\u0438 \u0437\u0430\u0449\u0438\u0442\u0443 MOTW, \u0447\u0442\u043e \u043f\u0440\u0438\u0432\u0435\u0434\u0435\u0442 \u043a \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044e \u0440\u0430\u0431\u043e\u0442\u044b \u0437\u0430\u0449\u0438\u0449\u0435\u043d\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0441\u043c\u043e\u0442\u0440\u0430 \u0432 Microsoft Office. \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u0442 \u0434\u0432\u0430 \u043e\u0431\u0445\u043e\u0434\u0430 Mark of the Web, \u0442\u0430\u043a\u0436\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0445 \u0423\u0438\u043b\u043b\u043e\u043c \u0414\u043e\u0440\u043c\u0430\u043d\u043d\u043e\u043c, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u0440\u043e\u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043b, \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u0442\u044c \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0439 Zip-\u0444\u0430\u0439\u043b \u0434\u043b\u044f \u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u043a\u0438 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 Windows.\n\n- CVE-2022-41073: \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0434\u0438\u0441\u043f\u0435\u0442\u0447\u0435\u0440\u0430 \u043e\u0447\u0435\u0440\u0435\u0434\u0438 \u043f\u0435\u0447\u0430\u0442\u0438 Windows, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u0435\u043c \u043f\u0440\u0430\u0432, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0446\u0435\u043d\u0442\u0440\u043e\u043c Microsoft Threat Intelligence Center (MSTIC). \u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a, \u0443\u0441\u043f\u0435\u0448\u043d\u043e \u0432\u043e\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0432\u0448\u0438\u0439\u0441\u044f \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u044e, \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0435 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438.\n\n- CVE-2022-41125: \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u043b\u0443\u0436\u0431\u044b \u0438\u0437\u043e\u043b\u044f\u0446\u0438\u0438 \u043a\u043b\u044e\u0447\u0435\u0439 Windows CNG, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u0435\u043c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 Microsoft Threat Intelligence Center (MSTIC) \u0438 Microsoft Security Response Center (MSRC).\n\n- CVE-2022-41040: \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c Microsoft Exchange Server, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u0435\u043c \u043f\u0440\u0430\u0432, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 GTSC \u0438 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0430 \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 \u0438\u043d\u0438\u0446\u0438\u0430\u0442\u0438\u0432\u044b Zero Dat. \u041f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438, \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u043d\u044b\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u043c, \u0431\u0443\u0434\u0443\u0442 \u0437\u0430\u043a\u043b\u044e\u0447\u0430\u0442\u044c\u0441\u044f \u0432 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0442\u044c PowerShell \u0432 \u043a\u043e\u043d\u0442\u0435\u043a\u0441\u0442\u0435 \u0441\u0438\u0441\u0442\u0435\u043c\u044b.\n\n- CVE-2022-41082: \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u043c \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u043a\u043e\u0434\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 Microsoft Exchange, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 GTSC \u0438 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0430 \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 \u0438\u043d\u0438\u0446\u0438\u0430\u0442\u0438\u0432\u044b Zero Dat. \u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0438\u0439 \u044d\u0442\u0443 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043c\u043e\u0436\u0435\u0442 \u0430\u0442\u0430\u043a\u043e\u0432\u0430\u0442\u044c \u0443\u0447\u0435\u0442\u043d\u044b\u0435 \u0437\u0430\u043f\u0438\u0441\u0438 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u0438\u043b\u0438 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430.\n\n\u0421\u0440\u0435\u0434\u0438 \u0434\u0440\u0443\u0433\u0438\u0445 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u043d\u043e\u044f\u0431\u0440\u044c\u0441\u043a\u043e\u043c \u043f\u0430\u0442\u0447\u0435, \u043d\u0430 \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0441\u0442\u043e\u0438\u0442 \u043e\u0431\u0440\u0430\u0442\u0438\u0442\u044c \u0432\u043d\u0438\u043c\u0430\u043d\u0438\u0435, \u2014 \u044d\u0442\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0432 Windows\u00a0Kerberos (CVE-2022-37967),\u00a0Kerberos RC4-HMAC (CVE-2022-37966) \u0438 Microsoft Exchange Server (CVE-2022-41080) \u0438 \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438, \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0449\u0438\u0439 Windows Hyper-V (CVE-2022-38015).\n\n\u0412 \u0434\u043e\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a \u044d\u0442\u0438\u043c \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430\u043c, \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0432\u043e \u0432\u0442\u043e\u0440\u043d\u0438\u043a \u0442\u0430\u043a\u0436\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u0442 \u0440\u044f\u0434 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u043e\u0432 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 \u0432 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0435 \u0442\u0443\u043d\u043d\u0435\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0442\u043e\u0447\u043a\u0430-\u0442\u043e\u0447\u043a\u0430 (PPTP), Microsoft Excel, Word, \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u0435 ODBC, Office Graphics, SharePoint Server, JScript9, Chakra \u0438 Visual Studio, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0440\u044f\u0434 \u043e\u0448\u0438\u0431\u043e\u043a \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0432 Win32k, Overlay Filter \u0438 Group Policy.\n\n\u041f\u043e\u043b\u043d\u044b\u0439 \u0441\u043f\u0438\u0441\u043e\u043a \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0438 \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u043d\u044b\u0445 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u0432 Patch Tuesday \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d \u0437\u0434\u0435\u0441\u044c.", "creation_timestamp": "2022-11-09T14:40:05.000000Z"}, {"uuid": "5407621e-15fb-4991-bae3-4d755efd8b99", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41125", "type": "seen", "source": "https://t.me/true_secator/3680", "content": "\u041d\u043e\u044f\u0431\u0440\u044c\u0441\u043a\u0438\u0439 Patch Tuesday \u043e\u0442 Microsoft \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u0442 68 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 Windows, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 \u0438 6 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u044b\u0445 0-day.\n\n\u0421\u0440\u0435\u0434\u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0445: 12 \u043a\u043b\u0430\u0441\u0441\u0438\u0444\u0438\u0446\u0438\u0440\u0443\u044e\u0442\u0441\u044f \u043a\u0430\u043a \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435, 2 -\u0441 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0435 \u0438 55 - \u0432\u0430\u0436\u043d\u044b\u0435.\n\n\u041f\u043e \u043a\u0430\u0442\u0435\u0433\u043e\u0440\u0438\u044f\u043c: 27 - \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u0435 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439, 4 - \u043e\u0431\u0445\u043e\u0434 \u0444\u0443\u043d\u043a\u0446\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, 16 - RCE, 11 - \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438, 6 - DoS, 3 - \u0441\u043f\u0443\u0444\u0438\u043d\u0433.\n\n\u0413\u043b\u0430\u0432\u043d\u0430\u044f \u0438\u0437\u044e\u043c\u0438\u043d\u043a\u0430 \u043f\u0430\u0442\u0447\u0430 - \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0434\u0432\u0443\u0445 CVE \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f \u0432 Exchange Server, \u0442\u0430\u043a\u0436\u0435 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0445 \u043a\u0430\u043a ProxyNotShell.\n\n\u0412 \u0446\u0435\u043b\u043e\u043c \u0436\u0435, \u0441\u043f\u0438\u0441\u043e\u043a \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u044b\u0445 0-day \u0432\u044b\u0433\u043b\u044f\u0434\u0438\u0442 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u043c \u043e\u0431\u0440\u0430\u0437\u043e\u043c:\n\n- CVE-2022-41128: \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 \u0432 \u044f\u0437\u044b\u043a\u0430\u0445 \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u0435\u0432 Windows, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u041a\u043b\u0435\u043c\u0435\u043d\u0442\u043e\u043c \u041b\u0435\u0441\u0438\u043d\u0435\u043c \u0438\u0437 \u0433\u0440\u0443\u043f\u043f\u044b \u0430\u043d\u0430\u043b\u0438\u0437\u0430 \u0443\u0433\u0440\u043e\u0437 Google. \u0411\u0430\u0433\u0430 \u0442\u0440\u0435\u0431\u0443\u0435\u0442, \u0447\u0442\u043e\u0431\u044b \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0435\u0439 Windows \u043f\u043e\u043b\u0443\u0447\u0438\u043b \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u043c\u0443 \u0441\u0435\u0440\u0432\u0435\u0440\u0443.\n\n- CVE-2022-41091: \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c Windows Mark of the Web Security Bypass. \u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0441\u043e\u0437\u0434\u0430\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u0444\u0430\u0439\u043b, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0441\u043c\u043e\u0436\u0435\u0442 \u043e\u0431\u043e\u0439\u0442\u0438 \u0437\u0430\u0449\u0438\u0442\u0443 MOTW, \u0447\u0442\u043e \u043f\u0440\u0438\u0432\u0435\u0434\u0435\u0442 \u043a \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044e \u0440\u0430\u0431\u043e\u0442\u044b \u0437\u0430\u0449\u0438\u0449\u0435\u043d\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0441\u043c\u043e\u0442\u0440\u0430 \u0432 Microsoft Office. \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u0442 \u0434\u0432\u0430 \u043e\u0431\u0445\u043e\u0434\u0430 Mark of the Web, \u0442\u0430\u043a\u0436\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0445 \u0423\u0438\u043b\u043b\u043e\u043c \u0414\u043e\u0440\u043c\u0430\u043d\u043d\u043e\u043c, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u0440\u043e\u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043b, \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u0442\u044c \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0439 Zip-\u0444\u0430\u0439\u043b \u0434\u043b\u044f \u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u043a\u0438 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 Windows.\n\n- CVE-2022-41073: \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0434\u0438\u0441\u043f\u0435\u0442\u0447\u0435\u0440\u0430 \u043e\u0447\u0435\u0440\u0435\u0434\u0438 \u043f\u0435\u0447\u0430\u0442\u0438 Windows, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u0435\u043c \u043f\u0440\u0430\u0432, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0446\u0435\u043d\u0442\u0440\u043e\u043c Microsoft Threat Intelligence Center (MSTIC). \u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a, \u0443\u0441\u043f\u0435\u0448\u043d\u043e \u0432\u043e\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0432\u0448\u0438\u0439\u0441\u044f \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u044e, \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0435 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438.\n\n- CVE-2022-41125: \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u043b\u0443\u0436\u0431\u044b \u0438\u0437\u043e\u043b\u044f\u0446\u0438\u0438 \u043a\u043b\u044e\u0447\u0435\u0439 Windows CNG, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u0435\u043c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 Microsoft Threat Intelligence Center (MSTIC) \u0438 Microsoft Security Response Center (MSRC).\n\n- CVE-2022-41040: \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c Microsoft Exchange Server, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u0435\u043c \u043f\u0440\u0430\u0432, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 GTSC \u0438 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0430 \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 \u0438\u043d\u0438\u0446\u0438\u0430\u0442\u0438\u0432\u044b Zero Dat. \u041f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438, \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u043d\u044b\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u043c, \u0431\u0443\u0434\u0443\u0442 \u0437\u0430\u043a\u043b\u044e\u0447\u0430\u0442\u044c\u0441\u044f \u0432 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0442\u044c PowerShell \u0432 \u043a\u043e\u043d\u0442\u0435\u043a\u0441\u0442\u0435 \u0441\u0438\u0441\u0442\u0435\u043c\u044b.\n\n- CVE-2022-41082: \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u043c \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u043a\u043e\u0434\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 Microsoft Exchange, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 GTSC \u0438 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0430 \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 \u0438\u043d\u0438\u0446\u0438\u0430\u0442\u0438\u0432\u044b Zero Dat. \u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0438\u0439 \u044d\u0442\u0443 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043c\u043e\u0436\u0435\u0442 \u0430\u0442\u0430\u043a\u043e\u0432\u0430\u0442\u044c \u0443\u0447\u0435\u0442\u043d\u044b\u0435 \u0437\u0430\u043f\u0438\u0441\u0438 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u0438\u043b\u0438 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430.\n\n\u0421\u0440\u0435\u0434\u0438 \u0434\u0440\u0443\u0433\u0438\u0445 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u043d\u043e\u044f\u0431\u0440\u044c\u0441\u043a\u043e\u043c \u043f\u0430\u0442\u0447\u0435, \u043d\u0430 \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0441\u0442\u043e\u0438\u0442 \u043e\u0431\u0440\u0430\u0442\u0438\u0442\u044c \u0432\u043d\u0438\u043c\u0430\u043d\u0438\u0435, \u2014 \u044d\u0442\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0432 Windows\u00a0Kerberos (CVE-2022-37967),\u00a0Kerberos RC4-HMAC (CVE-2022-37966) \u0438 Microsoft Exchange Server (CVE-2022-41080) \u0438 \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438, \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0449\u0438\u0439 Windows Hyper-V (CVE-2022-38015).\n\n\u0412 \u0434\u043e\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a \u044d\u0442\u0438\u043c \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430\u043c, \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0432\u043e \u0432\u0442\u043e\u0440\u043d\u0438\u043a \u0442\u0430\u043a\u0436\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u0442 \u0440\u044f\u0434 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u043e\u0432 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 \u0432 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0435 \u0442\u0443\u043d\u043d\u0435\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0442\u043e\u0447\u043a\u0430-\u0442\u043e\u0447\u043a\u0430 (PPTP), Microsoft Excel, Word, \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u0435 ODBC, Office Graphics, SharePoint Server, JScript9, Chakra \u0438 Visual Studio, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0440\u044f\u0434 \u043e\u0448\u0438\u0431\u043e\u043a \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0432 Win32k, Overlay Filter \u0438 Group Policy.\n\n\u041f\u043e\u043b\u043d\u044b\u0439 \u0441\u043f\u0438\u0441\u043e\u043a \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0438 \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u043d\u044b\u0445 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u0432 Patch Tuesday \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d \u0437\u0434\u0435\u0441\u044c.", "creation_timestamp": "2022-11-09T14:40:05.000000Z"}, {"uuid": "1f6545be-f7d5-43ba-8e75-1f95ce2f2cd0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41128", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/1688", "content": "#exploit\n1. Linux Kernel Exploit Development: 1-day case study\nhttps://blog.hacktivesecurity.com/index.php/2022/06/13/linux-kernel-exploit-development-1day-case-study\n\n2. CVE-2021-38003:\nVulnerability that exists in the V8 Javascript engine\nhttps://starlabs.sg/blog/2022/12-the-hole-new-world-how-a-small-leak-will-sink-a-great-browser-cve-2021-38003\n\n3. CVE-2022-41128:\nType confusion in Internet Explorer's JScript9 engine\nhttps://googleprojectzero.github.io/0days-in-the-wild/0day-RCAs/2022/CVE-2022-41128.html", "creation_timestamp": "2022-12-09T16:01:09.000000Z"}, {"uuid": "dbec4d3e-484b-43a6-9130-c918c6fdb297", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4112", "type": "seen", "source": "https://t.me/cibsecurity/54866", "content": "\u203c CVE-2022-4112 \u203c\n\nThe Quizlord WordPress plugin through 2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-19T16:10:41.000000Z"}, {"uuid": "efb841ff-77bf-47db-adef-f2e2a1a55ed6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41120", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/7295", "content": "#tools \n#Offensive_security\n1. HTB: CarpeDiem\nhttps://0xdf.gitlab.io/2022/12/03/htb-carpediem.html\n2. SysmonEoP - PoC for arbitrary file delete/write in Sysmon (CVE-2022-41120/CVE-2022-XXXXX)\nhttps://github.com/Wh04m1001/SysmonEoP\n3. Nim DLL Sideloading/proxying\nhttps://github.com/byt3bl33d3r/NimDllSideload", "creation_timestamp": "2022-12-04T13:55:46.000000Z"}, {"uuid": "6d419b23-15ba-4a05-93ba-19f596fb4209", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41123", "type": "seen", "source": "https://t.me/cibsecurity/52770", "content": "\u203c CVE-2022-41080 \u203c\n\nMicrosoft Exchange Server Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41123.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-10T00:46:25.000000Z"}, {"uuid": "8345d8b7-8049-45ad-b479-0628af6a5414", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41128", "type": "seen", "source": "https://t.me/cibsecurity/52748", "content": "\u203c CVE-2022-41118 \u203c\n\nWindows Scripting Languages Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41128.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-10T00:42:25.000000Z"}, {"uuid": "5d3b742c-9058-4680-828c-e8e33f94c215", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41125", "type": "seen", "source": "https://t.me/cibsecurity/52793", "content": "\u203c CVE-2022-41125 \u203c\n\nWindows CNG Key Isolation Service Elevation of Privilege Vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-10T00:52:29.000000Z"}, {"uuid": "9e9b167a-3441-4fda-b09f-bbf24773b683", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41128", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/7324", "content": "#exploit\n1. Linux Kernel Exploit Development: 1-day case study\nhttps://blog.hacktivesecurity.com/index.php/2022/06/13/linux-kernel-exploit-development-1day-case-study\n\n2. CVE-2021-38003:\nVulnerability that exists in the V8 Javascript engine\nhttps://starlabs.sg/blog/2022/12-the-hole-new-world-how-a-small-leak-will-sink-a-great-browser-cve-2021-38003\n]-> https://github.com/SpiralBL0CK/Chrome-V8-RCE-CVE-2021-38003\n\n3. CVE-2022-41128:\nType confusion in Internet Explorer's JScript9 engine\nhttps://googleprojectzero.github.io/0days-in-the-wild/0day-RCAs/2022/CVE-2022-41128.html", "creation_timestamp": "2023-01-11T06:11:00.000000Z"}, {"uuid": "3471e3a8-0dc7-4dcd-8af1-6142f249520b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41120", "type": "published-proof-of-concept", "source": "https://t.me/LearnExploit/4375", "content": "concept of deleting/writing an arbitrary file in Sysmon (CVE-2022-41120/CVE-2022-XXXXX)\n\nGithub\n\n#windows  #poc\n\u2014\u2014\u2014\u2014\u2014\u2014\n0Day.Today\n@LearnExploit\n@Tech_Army", "creation_timestamp": "2023-01-04T10:02:38.000000Z"}]}