Security News > 2021 > March > Working Windows and Linux Spectre exploits found on VirusTotal
Working exploits targeting Linux and Windows systems not patched against a three-year-old vulnerability dubbed Spectre were found by security researcher Julien Voisin on VirusTotal.
Voisin found the two working Linux and Windows exploits on the online VirusTotal malware analysis platform.
Unprivileged users can use the exploits to dump LM/NT hashes on Windows systems and the Linux /etc/shadow file from the targeted devices' kernel memory.
The linked exploits were uploaded on VirusTotal last month as part of a larger package, an Immunity Canvas 7.26 installer for Windows and Linux.
The company announced that CANVAS would provide security professionals and penetration testers with access to working Spectre exploits within months after the vulnerability was disclosed.
As Voisin said, the exploits will break if the machine it's executed on runs a patched Linux or Windows version.
News URL
Related news
- OilRig Exploits Windows Kernel Flaw in Espionage Campaign Targeting UAE and Gulf (source)
- Iranian hackers now exploit Windows flaw to elevate privileges (source)
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)
- Intel, AMD CPUs on Linux impacted by newly disclosed Spectre bypass (source)
- Exploit released for new Windows Server "WinReg" NTLM Relay attack (source)
- Windows infected with backdoored Linux VMs in new phishing attacks (source)
- New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus (source)