Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://infosec.exchange/users/wdormann/statuses/112957513771301859">Will Dormann (wdormann@infosec.exchange)'s status on Thursday, 12-Sep-2024 01:47:45 JST</a><a href="https://infosec.exchange/@wdormann" title="wdormann@infosec.exchange"><img src="https://gnusocial.jp/avatar/232810-48-20240116185707.webp" width="48" height="48" alt="Will Dormann" style="position: absolute; left: 0; top: 0;">Will Dormann</a><div><a href="https://infosec.exchange/@wdormann/112910198749074984" rel="in-reply-to">in reply to</a></div></section><article><p>This month's Patch Tuesday addresses a MotW bypass: CVE-2024-38213</p><p>Of interest:<br>1) Microsoft mentions a SmartScreen bypass, but no mention of Smart App Control (SAC).  They do know that SAC is a thing, right?<br>2) It's a completely different vulnerability credited to Trend Micro. Apparently called  copy2pwn, as it involves copy and paste in the attack.</p><p>Apparently the Elastic Security labs issue, which doesn't require copy and paste, is not important enough to fix. Or give a CVE to.  🤷♂️</p><p><a href="https://msrc.microsoft.com/update-guide/en-us/advisory/CVE-2024-38213" rel="nofollow noreferrer">https://msrc.microsoft.com/update-guide/en-us/advisory/CVE-2024-38213</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/3651109#notice-7154421">In conversation</a><time datetime="2024-09-12T01:47:45+09:00" title="Thursday, 12-Sep-2024 01:47:45 JST">about 2 months ago</time> <span>from <span><a href="https://infosec.exchange/@wdormann/112957513771301859" rel="external" title="Sent from infosec.exchange via ActivityPub">infosec.exchange</a></span></span><a href="https://infosec.exchange/@wdormann/112957513771301859">permalink</a><h4>Attachments</h4><ol><li><label><a rel="external" href="https://gnusocial.jp/attachment/3155205">Untitled attachment</a></label><br><a href="https://media.infosec.exchange/infosec.exchange/media_attachments/files/112/957/512/255/975/954/original/70ab8f6b875f565a.png" rel="external">https://media.infosec.exchange/infosec.exchange/media_attachments/files/112/957/512/255/975/954/original/70ab8f6b875f565a.png</a></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Will Dormann (wdormann@infosec.exchange)'s status on Thursday, 12-Sep-2024 01:47:45 JST Will Dormann
in reply to
This month's Patch Tuesday addresses a MotW bypass: CVE-2024-38213
Of interest:
1) Microsoft mentions a SmartScreen bypass, but no mention of Smart App Control (SAC). They do know that SAC is a thing, right?
2) It's a completely different vulnerability credited to Trend Micro. Apparently called copy2pwn, as it involves copy and paste in the attack.
Apparently the Elastic Security labs issue, which doesn't require copy and paste, is not important enough to fix. Or give a CVE to. 🤷♂️
https://msrc.microsoft.com/update-guide/en-us/advisory/CVE-2024-38213
In conversationabout 2 months ago from infosec.exchangepermalink
Attachments
1. Untitled attachment
  https://media.infosec.exchange/infosec.exchange/media_attachments/files/112/957/512/255/975/954/original/70ab8f6b875f565a.png

Public

Embed Notice

HTML Code

Corresponding Notice