all InfoSec news
Micropatches For Another Remote Windows Event Log Denial Of Service ("LogCrusher", no CVE)
Malware Analysis, News and Indicators - Latest topics malware.news
While recently patching the (still 0day) "EventLogCrasher" vulnerability, we came across another similar vulnerability published in January 2023 by Dolev Taler, a security researcher at Varonis.
Dolev's article details two Windows Event Log-related vulnerabilities they had reported to Microsoft in May 2022: one ("LogCrusher") allowing a remote attacker to crash the Event Log service on any computer in a Windows domain, and the other ("OverLog") allowing for remotely filling up the disk on any domain computer by misusing …
0day article attacker cve denial of service event january log may may 2022 microsoft patching researcher security security researcher service varonis vulnerabilities vulnerability windows