Last Login: December 18, 2020
lvarela-r7's Contributions (5)
Actively exploited in the wild, interesting take here: https://www.secpod.com/blog/windows-zero-day-vulnerability-being-exploited-in-the-wild-cve-2020-17087/?utm_source=Windows%20Zero%20Day%20Nov%2003&utm_medium=email&utm_campaign=Windows%20Zero%20Day%20November%2003
Good SECPod blog on the vulnerability, also showing this is being actively exploited.
Some of the gotchas on patching this vuln:
- Not restarting the vulnerable asset, even after you apply the patch, keeps the asset vulnerable. Must restart.
- There have been cases where even with the patch reported as being installed, files on disk were vulnerable, manually checking termdd.sys, the file is normally located at C:\Windows\System32\drivers and the version retrieved with this powershell command:
get-item -Path ‘C:\Windows\System32\drivers\termdd.sys’ | Format-List -Force