privilege escalation

Pierluigi Paganini August 27, 2020
Microsoft fixes code execution, privilege escalation in Microsoft Azure Sphere

Microsoft addressed vulnerabilities in Microsoft Azure Sphere that could lead to the execution of arbitrary code or to the elevation of privileges. Microsoft has recently addressed some vulnerabilities impacting Microsoft Azure Sphere that could be exploited by attackers to execute arbitrary code or to elevate privileges. Azure Sphere OS adds layers of protection and ongoing security […]

Pierluigi Paganini June 01, 2020
VMware addresses Fusion flaw introduced in the attempt to fix CVE-2020-3950 issue

VMware has released an update to address a privilege escalation flaw in VMware for the macOS version of Fusion that was introduced by a previous patch. In March, VMware patched a high-severity privilege escalation vulnerability (CVE-2020-3950) in Fusion, Remote Console (VMRC) and Horizon Client for Mac. The CVE-2020-3950 is a privilege escalation vulnerability caused by the […]

Pierluigi Paganini May 22, 2020
Experts found a Privilege escalation issue in Docker Desktop for Windows

A severe privilege escalation vulnerability, tracked as CVE-2020-11492, has been addressed in the Windows Docker Desktop Service.  Cybersecurity researchers from Pen Test Partners publicly disclosed a privilege escalation vulnerability in the Windows Docker Desktop Service.  The CVE-2020-11492 issue affects the way the service uses named pipes when communicating as a client to child processes.  “Docker Desktop for […]

Pierluigi Paganini April 01, 2020
Experts published PoC exploits for CVE-2020-0796 privilege escalation flaw on Windows

Researchers published proof-of-concept (PoC) exploits for the CVE-2020-0796 Windows flaw, tracked as SMBGhost, that can be exploited for local privilege escalation. Researchers Daniel García Gutiérrez (@danigargu) and Manuel Blanco Parajón (@dialluvioso_) have published proof-of-concept (PoC) exploits for the CVE-2020-0796 Windows vulnerability, tracked as SMBGhost, that can be exploited by attackers for local privilege escalation. Cybersecurity firms Kryptos […]

Pierluigi Paganini March 18, 2020
VMware fixes high severity privilege escalation and DoS in its products

VMware released security updates to address high severity privilege escalation and DoS in the Workstation, Fusion, VMware Remote Console and Horizon Client. VMware has released security updates to address high severity privilege escalation and denial-of-service (DoS) flaws in the Workstation, Fusion, Remote Console and Horizon Client. The two security vulnerabilities have been tracked as CVE-2020-3950 and CVE-2020-3951 respectively. The CVE-2020-3950 is […]

Pierluigi Paganini January 15, 2020
VMware addresses flaws in VMware Tools and Workspace ONE SDK

VMware has released security updates to address a local privilege escalation vulnerability in VMware Tools version 10 for Windows. VMware has released VMware Tools 11.0.0 that addresses a local privilege escalation issue in Tools 10.x.y tracked as CVE-2020-3941. The issue, classified as a race condition flaw that could be exploited by an attacker to access […]

Pierluigi Paganini October 11, 2019
Tens of million PCs potentially impacted by a flaw in HP Touchpoint Analytics

SafeBreach experts discovered that the HP Touchpoint Analytics service is affected by a potentially serious vulnerability. Security researchers at SafeBreach have discovered that the HP Touchpoint Analytics service is affected by a serious flaw tracked as CVE-2019-6333. The vulnerability received a CVSS score of 6.7 (medium severity). The TouchPoint Analytics is a service that allows the vendor to […]

Pierluigi Paganini September 23, 2019
Privilege Escalation flaw found in Forcepoint VPN Client for Windows

Security researcher Peleg Hadar of SafeBreach Labs discovered a privilege escalation flaw that impacts all versions of Forcepoint VPN Client for Windows except the latest release. Security expert Peleg Hadar of SafeBreach Labs discovered a privilege escalation vulnerability, tracked as CVE-2019-6145, that affects all versions of VPN Client for Windows except the latest release. The […]

Pierluigi Paganini September 05, 2019
Zero-day vulnerability in Android OS yet to be patched

Maintainers of the Android Open Source Project (AOSP) failed to address a privilege escalation bug in the Android mobile OS that was reported six months ago. Experts disclosed details of a zero-day vulnerability that affects the Android mobile operating system. The high-severity zero-day issue resides in the driver for the Video For Linux 2 (V4L2) […]

Pierluigi Paganini August 23, 2019
Lenovo Solution Centre flaw allows hacking Windows laptop in 10 minutes

Researchers at Pen Test Partners (PTP) discovered a privilege-escalation vulnerability in Lenovo Solution Centre (LSC) tracked as CVE-2019-6177. Security experts at Pen Test Partners (PTP) discovered a privilege-escalation vulnerability in Lenovo Solution Centre (LSC) that exists since 2011. “A vulnerability reported in Lenovo Solution Center version 03.12.003, which is no longer supported, could allow log […]