GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE

  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Conversation

Notices

  1. Embed this notice
    Will Dormann (wdormann@infosec.exchange)'s status on Saturday, 14-Sep-2024 03:25:25 JST Will Dormann Will Dormann

    This September's release of CVE-2024-38014 mitigates an entire class of LPE vulnerabilities on Windows. 🎉

    That is, prior to this update, a non-admin user can trigger an MSI repair operation, which might do some unsafe things with SYSTEM privileges.

    After this update, such MSI files will prompt the user for admin credentials.
    https://sec-consult.com/blog/detail/msi-installer-repair-to-system-a-detailed-journey/

    In conversation about 10 months ago from infosec.exchange permalink

    Attachments


    1. https://media.infosec.exchange/infosec.exchange/media_attachments/files/113/131/590/878/553/924/original/04e9ba1d9ab88fcc.png

    2. https://media.infosec.exchange/infosec.exchange/media_attachments/files/113/131/592/629/630/522/original/04e79a0758ba07c1.png
    3. Domain not in remote thumbnail source whitelist: sec-consult.com
      Microsoft Windows MSI Installer - Repair to SYSTEM - A detailed journey
      Repair functions of Microsoft Windows MSI installers can be vulnerable in several ways, for instance allowing local attackers to escalate their privileges to SYSTEM rights. This vulnerability is referenced as CVE-2024-38014.

    Feeds

    • Activity Streams
    • RSS 2.0
    • Atom
    • Help
    • About
    • FAQ
    • TOS
    • Privacy
    • Source
    • Version
    • Contact

    GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

    Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.