每日安全动态推送(09-09)

  • A+
所属分类:安全新闻
Tencent Security Xuanwu Lab Daily News


• [Windows] WSUS Attacks Part 2: CVE-2020-1013 a Windows 10 Local Privilege Escalation 1-Day:
https://www.gosecure.net/blog/2020/09/08/wsus-attacks-part-2-cve-2020-1013-a-windows-10-local-privilege-escalation-1-day/

   ・ Windows WSUS 更新服务 CVE-2020-1013 提权漏洞的利用 – Jett


• [Tools] Using Qiling to resolve obfuscated import on windows:
https://gist.github.com/y0ug/b83fcf121f80d419c8d5eb342ca31a59

   ・ 利用 Qiling 框架自动化分析混淆样本的导入表信息 – Jett


• [Android] Attacking the Qualcomm Adreno GPU:
https://googleprojectzero.blogspot.com/2020/09/attacking-qualcomm-adreno-gpu.html

   ・ 从 Android App 沙箱内攻击 Qualcomm Adreno GPU,实现内核代码执行 – Jett


• [Tools] Creating Extensions for Visual Studio Code: A Complete Guide | Syncfusion Blogs:
https://www.syncfusion.com/blogs/post/creating-extensions-for-visual-studio-code-a-complete-guide.aspx

   ・ 为Visual Studio Code创建新扩展功能:完整指南手册。 – lanying37


• [Windows] TALOS-2020-1098 || Cisco Talos Intelligence Group - Comprehensive Threat Intelligence:
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1098

   ・ Windows 10 CLFS.sys ValidateRegionBlocks 堆溢出漏洞分析 – Jett


• Critical Adobe Flaws Allow Attackers to Run JavaScript in Browsers:
https://threatpost.com/critical-adobe-flaws-attackers-javascript-browsers/159026/

   ・ Adobe 发布补丁更新,修复多个产品的多个的漏洞 – Jett


• [Tools, Windows] 2051 - Windows: CloudExperienceHostBroker Unsafe COM Object EoP - project-zero:
https://bugs.chromium.org/p/project-zero/issues/detail?id=2051

   ・ Issue 2051: Windows: CloudExperienceHostBroker Unsafe COM Object EoP  – Jett


• [Fuzzing] [PDF] https://hexgolems.com/talks/fuzzcon2020.pdf:
https://hexgolems.com/talks/fuzzcon2020.pdf

   ・ Fuzzcon 2020 会议 “Stateful Fuzzing with Snapshots” 议题的 PPT – Jett


• GitHub - saaramar/echo_googlequals2020:
https://github.com/saaramar/echo_googlequals2020

   ・ Google Quals CTF 2020 Echo PWN Challenge Writeup – Jett


• [Linux] Introduction to Embedded Linux Security - part 1:
https://embeddedbits.org/introduction-embedded-linux-security-part-1/

   ・ 嵌入式Linux安全性介绍-第1部分。 – lanying37


• September 2020 Security Updates:
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Sep

   ・ 微软发布 9 月份 Windows 补丁更新 – Jett


• DmEnrollment Service - MDMdiagnostics - Google Docs:
https://docs.google.com/document/d/120J4YG5FoycAsOhMe0SRYt_8sgEYY8A23tQBRwR5zSU/edit#

   ・ DmEnrollment 服务 MDMdiagnostics 注册表项权限问题导致本地提权 – Jett


• [Web] h2c Smuggling: Request Smuggling Via HTTP/2 Cleartext (h2c):
https://labs.bishopfox.com/tech-blog/h2c-smuggling-request-smuggling-via-http/2-cleartext-h2c

   ・ h2c Smuggling: Request Smuggling Via HTTP/2 Cleartext – Jett


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: