Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://cyberplace.social/users/GossiTheDog/statuses/112677597404808334">Kevin Beaumont (gossithedog@cyberplace.social)'s status on Tuesday, 25-Jun-2024 22:56:43 JST</a><a href="https://cyberplace.social/@GossiTheDog" title="gossithedog@cyberplace.social"><img src="https://gnusocial.jp/avatar/38360-48-20240926225417.webp" width="48" height="48" alt="Kevin Beaumont" style="position: absolute; left: 0; top: 0;">Kevin Beaumont</a><div><a href="https://cyberplace.social/@GossiTheDog/112676854012984300" rel="in-reply-to">in reply to</a></div></section><article><p>This GrimResource issue is..  Grim.  Here's the PoC listed above, it's just easy code execution as the HTML code executes as the local computer context.  I expect this one to explode in crimeware groups as it is so easy to exploit.  Microsoft need to fix it.</p><p>I can see clear historic misuse on VirusTotal - also red team firms using .msc files via MMC to, for example, get SMB hashes via WebDAV as it appears MMC just yolo contacts anything and auto logs in.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/3275735#notice-6484272">In conversation</a><time datetime="2024-06-25T22:56:43+09:00" title="Tuesday, 25-Jun-2024 22:56:43 JST">about 5 months ago</time> <span>from <span><a href="https://cyberplace.social/@GossiTheDog/112677597404808334" rel="external" title="Sent from cyberplace.social via ActivityPub">cyberplace.social</a></span></span><a href="https://cyberplace.social/@GossiTheDog/112677597404808334">permalink</a><h4>Attachments</h4><ol><li><label><a rel="external" href="https://gnusocial.jp/attachment/2828761">Untitled attachment</a></label><br><a href="https://cyberplace.social/system/media_attachments/files/112/677/568/138/470/832/original/cbfe22ed50af4ece.png" rel="external">https://cyberplace.social/system/media_attachments/files/112/677/568/138/470/832/original/cbfe22ed50af4ece.png</a></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Kevin Beaumont (gossithedog@cyberplace.social)'s status on Tuesday, 25-Jun-2024 22:56:43 JST Kevin Beaumont
in reply to
This GrimResource issue is.. Grim. Here's the PoC listed above, it's just easy code execution as the HTML code executes as the local computer context. I expect this one to explode in crimeware groups as it is so easy to exploit. Microsoft need to fix it.
I can see clear historic misuse on VirusTotal - also red team firms using .msc files via MMC to, for example, get SMB hashes via WebDAV as it appears MMC just yolo contacts anything and auto logs in.
In conversationabout 5 months ago from cyberplace.socialpermalink
Attachments
1. Untitled attachment
  https://cyberplace.social/system/media_attachments/files/112/677/568/138/470/832/original/cbfe22ed50af4ece.png

Public

Embed Notice

HTML Code

Corresponding Notice