GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE

  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Untitled attachment

Download link

Notices where this attachment appears

  1. Embed this notice
    Will Dormann (wdormann@infosec.exchange)'s status on Thursday, 12-Sep-2024 01:47:45 JST Will Dormann Will Dormann

    This is a fun one from Elastic Security Labs.
    https://www.elastic.co/security-labs/dismantling-smart-app-control

    In the process of canonicalizing the path in a LNK file when it is clicked on, Windows rewrites the LNK file, clobbering the Mark of the Web (MotW) along with it. The impact here is that things that rely on MotW, e.g. Smart App Control (SAC) or SmartScreen, fail to protect the user in any way with such files. This has been abused ITW for 6 years.

    MSRC has said that they might possibly address it in the future.
    There is no CVE for this, as Microsoft doesn't assign CVEs to vulnerabilities. They assign CVEs to fixes.

    In conversation about 2 months ago from infosec.exchange permalink
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.