all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Micropatches Released For Two Windows CNG Key Isolation Service Vulnerabilities (CVE-2023-28229, CVE-2023-36906)

Add to bookmarks
Oct. 9, 2023, 5:20 p.m. | MalBot

Malware Analysis, News and Indicators - Latest topics malware.news

 


Last month, security researcher @k0shl of Cyber Kunlun published a proof-of-concept for CVE-2023-28229, an elevation of privilege vulnerability in CNG Key Isolation Service. The same POC also demonstrated exploitation of CVE-2023-36906, an information disclosure vulnerability in the same service discovered by the same researcher.

Microsoft had previously provided fixes for these issues in April and August 2023, respectively. According to CISA, CVE-2023-28229 was found to be exploited in the wild.

 

CVE-2023-28229

This bug is a race condition …

concept cve cyber disclosure elevation of privilege exploitation fixes information information disclosure information disclosure vulnerability isolation key microsoft poc privilege proof proof-of-concept researcher security security researcher service vulnerabilities vulnerability windows

Visit resource

More from malware.news / Malware Analysis, News and Indicators - Latest topics

Phishing multibanking sfrutta nome e loghi della Presidenza del Consiglio dei Ministri 29 minutes ago | malware.news
cert dei non phishing
RSAC 2024: Session speakers explore practical applications of AI an hour ago | malware.news
applications article can conference +11
ISC Stormcast For Thursday, May 9th, 2024 https://isc.sans.edu/podcastdetail/8974, (Thu, May 9th) 2 hours ago | malware.news
topic
Tech firms pledge to release products with built-in security features 7 hours ago | malware.news
agency companies cybersecurity design +11
Why Protecting Public Sector Personnel’s Devices is Essential 8 hours ago | malware.news
attackers attacks can case +29
RSAC 2024: Securing ‘fragmented’ identities in the cloud age 9 hours ago | malware.news
access age article assessments +15
Ransomware Attacks are Up, but Profits are Down: Chainalysis 12 hours ago | malware.news
attacks chainalysis control cyber +20
Apple security advisory (AV24-247) 12 hours ago | malware.news
advisory apple apple security article +8
‘TunnelVision’ DHCP flaw lets attackers bypass VPNs, redirect traffic 12 hours ago | malware.news
article attackers bypass dhcp +11

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Assistant Manager, IT Security

@ CIMB | Cambodia
View on infosec-jobs.com

IT Security Engineer - GRC

@ Xtremax | Bandung City, West Java, Indonesia
View on infosec-jobs.com

Senior Engineer - Application Security

@ ANZ Banking Group Limited | Quezon City, PH
View on infosec-jobs.com

Penetration Tester Manager

@ RSM | USA-IL-Chicago-30 South Wacker Drive, Suite 3300
View on infosec-jobs.com

Offensive Security Engineer, Device Wireless Connectivity

@ Google | Amsterdam, Netherlands
View on infosec-jobs.com

IT Security Analyst I

@ Mitsubishi Heavy Industries | Houston, TX, US, 77046
View on infosec-jobs.com
View more jobs