Vulnerability Management and more

2021-07-02 03:31:17 I often get mad that once a vulnerability is posted, no one changes its description, even if a serious mistake is found. And for MITRE / NVD this is indeed the case. But Microsoft sometimes corrects the vulnerability description. Therefore, CVE-2021-1675 "PrintNightmare" is now marked as RCE on the MS site. Respect! Open / Comment

2021-06-30 22:44:44 #PrintNightmare CVE-2021-1675 "Since the patch is currently not effective against the vulnerability, the most effective mitigation strategy is to disable the print spooler service itself." Open / Comment

2021-06-28 14:31:34 Hello, today I want to experiment with a new format. I will be reading last week’s news from my @avleonovnews channel, which I found the most interesting. I do this mostly for myself, but if you like it too, then that would be great.
Video:


Text version: https://avleonov.com/2021/06/28/last-weeks-security-news-cisco-asa-big-iq-vsphere-solaris-dlink-iphone-s-darkradiation-google-schema-john-mcafee/ Open / Comment

2021-06-24 02:11:33 How badass you were, John. Not life, but a blockbuster. It's very sad, indeed. Open / Comment

2021-06-15 12:03:30 Today I will talk about the Positive Hack Days conference, which took place on May 20 and May 21 in Moscow. I can say that this was and remains the main event for Information Security Practitioners in Russia.
Video:


Text version: https://avleonov.com/2021/06/15/phdays-10-u-s-sanctions-my-talk-on-vulristics-other-great-talks-related-to-vm/ Open / Comment

2021-06-09 03:49:35 I will not describe all the features of Microsoft Intune here. Simply because at this stage they are not very interesting to me. The task I needed to solve was how to get the timestamp of the last activity for all hosts in Microsoft Intune using the official API.
Video:


Text version: https://avleonov.com/2021/06/09/getting-hosts-from-microsoft-intune-mdm-using-python/ Open / Comment

2021-06-01 08:15:42 Metasploit Wrap-Up
#Rapid7Blog

"## RCE Exploit For CVE-2020-0796 (SMBGhost)
This week our very own Spencer McIntyre has added an exploit for CVE-2020-0796, which leverages a vulnerability within the Microsoft Server Message Block 3.1.1 (SMBv3) protocol to gain unauthenticated remote code execution against unpatched Windows 10 v1903 and v1909 systems. Previously, Metasploit offered an LPE version of this exploit but not RCE support. The exploit is heavily based on the chompie1337/SMBGhost_RCE_PoC PoC.
Note that there is a high probability that, even when the exploit is successful, the remote target will crash within about 90..."

https://blog.rapid7.com/2021/05/28/metasploit-wrap-up-113/ Open / Comment

2021-06-01 08:15:07 More than a year has passed, and finally we got the SMBGhost RCE exploit just in Metasploit. By the way, it seems to me that there is a big problem that after the initial prioritization, no one monitors what happens with vulnerabilities further. Well, unless it's highlighted by the mainstream media.

Upd. SMBGhost was firstly mentioned in March 2020 MS Patch Tuesday review Open / Comment

2021-05-28 11:23:32 Yes, I completely agree with the results of this survey. This is why this is the main slide in my latest presentation about Vulnerability Prioritization. Open / Comment

2021-05-21 11:17:08 I arrived at the building and listen to Ilya Zuev about vulnerability scanning in Rambler. I'm next at 12:00 MSK. #phdays10 #studio2

You can watch it here: https://standoff365.com/phdays10/ Open / Comment