lvarela-r7 (13)
Last Login: February 05, 2021
lvarela-r7's Latest (5) Contributions
Technical Analysis
Actively exploited in the wild, interesting take here: https://www.secpod.com/blog/windows-zero-day-vulnerability-being-exploited-in-the-wild-cve-2020-17087/?utm_source=Windows%20Zero%20Day%20Nov%2003&utm_medium=email&utm_campaign=Windows%20Zero%20Day%20November%2003
Technical Analysis
Technical Analysis
Good SECPod blog on the vulnerability, also showing this is being actively exploited.
https://www.secpod.com/blog/chrome-zero-day-under-active-exploitation-patch-now/?utm_source=Chrome%20Zero-Day%20October&utm_medium=Email&utm_campaign=Google%20Chrome%20Zero-Day%20October
Technical Analysis
Some of the gotchas on patching this vuln:
- Not restarting the vulnerable asset, even after you apply the patch, keeps the asset vulnerable. Must restart.
- There have been cases where even with the patch reported as being installed, files on disk were vulnerable, manually checking termdd.sys, the file is normally located at C:\Windows\System32\drivers and the version retrieved with this powershell command:
get-item -Path ‘C:\Windows\System32\drivers\termdd.sys’ | Format-List -Force
Firefox version 83 fixes this zero-day vulnerability. The bug could only be exploited if a rarely used, hidden preference is toggled. It only affects the Linux and Android operating systems. More details here: https://bugs.chromium.org/p/chromium/issues/detail?id=1139963