Activity Feed
- Government or Industry Alert (https://www.cisa.gov/known-exploited-vulnerabilities-catalog)
- Government or Industry Alert (https://www.cisa.gov/known-exploited-vulnerabilities-catalog)
Technical Analysis
CVE-2022-33638
Description:
An attacker could host a specially crafted website designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. However, in all cases, an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action, typically by an enticement in an email or instant message, by getting the user to open an attachment sent through email, or send a chat message with a malicious with malicious attachment link.
STATUS:
- Medium Vulnerability;
WARNING!
- Dear all,
usual Users
, pleasekeep your Windows
Defender –Turned ON
!
- Don’t try to be heroes!
Note!
Windows Defender can protect you from an attack like this!
- This malicious web page is made on hand, and this will not be uploaded!
- For security reasons. From Microsoft are restricted a vectorizing attack technique on their domains, but not in 100% ;)
- The exploit will not be uploaded!
Proof and Exploit:
- Government or Industry Alert (https://www.cisa.gov/known-exploited-vulnerabilities-catalog)
- Government or Industry Alert (https://www.cisa.gov/known-exploited-vulnerabilities-catalog)
Technical Analysis
CVE-2022-30174
Description:
Microsoft Office Remote Code Execution Vulnerability.
This attack requires a specially crafted file to be placed either in an online directory or in a local network location.
When a victim runs this file, it loads the malicious DLL or EXE file.
WARNING:
Use your Windows Defender
turned
on
and update
him regularly!!!
Conclusion:
-
- So. I’ve decided to test this stupid and forever stupid thing MS Office 365 which is from 7 maybe 10 years just like that. Some things will never change.
- So. I’ve decided to test this stupid and forever stupid thing MS Office 365 which is from 7 maybe 10 years just like that. Some things will never change.
Tested on Windows 11.
365 don’t give a f*** what you give him to execute, it depends on the lure…
For the
usual users
: If you don’t have some virus protection software, you are lost…😯 😝 🤫 😛 😎STATUS: Medium vulnerability but it is there! Watch out, dear friends! 😎