Security News

A vulnerability in ManageEngine Desktop Central is being leveraged in attacks in the wild to gain access to server running the vulnerable software. The issue is considered critical by the company and affects ManageEngine Desktop Central - a unified endpoint management solution - and ManageEngine Desktop Central MSP - endpoint management software for MSPs. If installations of the latter are compromised, attackers could use the access to compromise endpoints and networks of MSPs's client organizations.

Attackers are actively making efforts to exploit a new variant of a recently disclosed privilege escalation vulnerability to potentially execute arbitrary code on fully-patched systems, once again demonstrating how adversaries move quickly to weaponize a publicly available exploit. Tracked as CVE-2021-41379 and discovered by security researcher Abdelhamid Naceri, the elevation of privilege flaw affecting the Windows Installer software component was originally resolved as part of Microsoft's Patch Tuesday updates for November 2021.

In a proof-of-concept exploit, he demonstrated that it's possible to copy files from a chosen location into a Cabinet archive that the user can then open and read. I mean this is still unpatched and allow LPE if shadow volume copies are enabled; But I noticed that it doesn't work on windows 11 https://t. "The resulting.CAB file is then stored in the C:UsersPublicPublic DocumentsMDMDiagnostics folder, where the user can freely access it."

Free unofficial patches have been released to protect Windows users from a local privilege escalation zero-day vulnerability in the Mobile Device Management Service impacting Windows 10, version 1809 and later. While Microsoft has most likely also noticed Naceri's June disclosure, the company is yet to patch this LPE bug, exposing Windows 10 systems with the latest November 2021 security updates to attacks.

Attackers are actively exploiting a Windows Installer zero-day vulnerability that was discovered when a patch Microsoft issued for another security hole inadequately fixed the original and unrelated problem. Over the weekend, security researcher Abdelhamid Naceri discovered a Windows Installer elevation-of-privilege vulnerability tracked as CVE-2021-41379 that Microsoft patched a couple of weeks ago as part of its November Patch Tuesday updates.

Malware creators have already started testing a proof-of-concept exploit targeting a new Microsoft Windows Installer zero-day publicly disclosed by security researcher Abdelhamid Naceri over the weekend. On Sunday, Naceri published a working proof-of-concept exploit for this new zero-day, saying it works on all supported versions of Windows.

The day has a 'y' in it, so it must be time for another zero day to drop for a Microsoft product. To be clear, one does need to be logged into a Windows box to elevate one's privileges, and it looks like Edge also needs to be installed - which is hard to avoid in most modern Windows installations these days.

A security researcher has publicly disclosed an exploit for a new Windows zero-day local privilege elevation vulnerability that gives admin privileges in Windows 10, Windows 11, and Windows Server. The vulnerability affects all supported versions of Windows, including Windows 10, Windows 11, and Windows Server 2022.

The U.S. Federal Bureau of Investigation has disclosed that an unidentified threat actor has been exploiting a previously unknown weakness in the FatPipe MPVPN networking devices at least since May 2021 to obtain an initial foothold and maintain persistent access into vulnerable networks, making it the latest company to join the likes of Cisco, Fortinet, Citrix, Pulse Secure that have had their systems exploited in the wild. "The vulnerability allowed APT actors to gain access to an unrestricted file upload function to drop a web shell for exploitation activity with root access, leading to elevated privileges and potential follow-on activity," the agency said in an alert published this week.

A threat actor has been exploiting a zero-day vulnerability in FatPipe's virtual private network devices as a way to breach companies and gain access to their internal networks, since at least May, the FBI has warned. "As of November 2021, FBI forensic analysis indicated exploitation of a 0-day vulnerability in the FatPipe MPVPN device software going back to at least May 2021," the bureau said in a flash alert on Tuesday.