Friday, March 5, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

PoC for Windows VCF zero-day published online

January 16, 2019
in Internet Security
PoC for Windows VCF zero-day published online
587
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

A security researcher has published details and proof-of-concept (PoC) code for an unpatched Windows vulnerability that affects the way Windows handles vCard files (VCFs).

The vulnerability was discovered last year by security researcher John Page (@hyp3rlinx) and reported to Microsoft via Trend Micro’s Zero Day Initiative (ZDI) vulnerability disclosure program.

You might also like

GAO report finds DOD’s weapons programs lack clear cybersecurity guidelines

With its acquisition of Auth0, Okta goes all in on CIAM

Singapore Airlines frequent flyer members hit in third-party data security breach

While initially Microsoft said in October that it would address the VCF vulnerability in this month’s Patch Tuesday security updates train, the OS maker changed its mind at the last moment and deferred to fix to Windows v.Next (the codename of the next major version of the Windows OS, known currently as 19H1, set for release in April 2019).

After a patch fell through, both the researcher and the ZDI program maintainers published security advisories about the vulnerability so that users and companies can take note, put in place mitigations, or issue internal security alerts, until a fix will be available in the spring.

According to both of these advisories, the vulnerability exists in the way the Windows OS processes vCard files (VCFs).

A threat actor can craft a malicious VCF that displays a benign link, which when clicked by the user, can trigger the execution of malicious code instead of viewing the URL. The researcher has published a demo of the vulnerability in action, available below.

The good news is that this vulnerability can lead to remote code execution, but is not remotely exploitable, as it requires user interaction first.

ZDNet reached out to a few malware researchers about this zero-day today, and they explained that the vulnerability can be weaponized in a way that can be used for mass malware distribution campaigns.

The PoC shared by Page requires the presence of another secondary malicious file on the system, but that file could be easily hidden from the victim’s view by an attacker.

As always, the good ol’ advice of not opening files received from unknown sources over the internet stands.

More cybersecurity news:

Credit: Source link

Previous Post

Unprotected VOIP Server Exposed Millions of SMS Messages, Call Logs

Next Post

Scan your app to find and fix OWASP Top 10

Related Posts

GAO report finds DOD’s weapons programs lack clear cybersecurity guidelines
Internet Security

GAO report finds DOD’s weapons programs lack clear cybersecurity guidelines

March 5, 2021
With its acquisition of Auth0, Okta goes all in on CIAM
Internet Security

With its acquisition of Auth0, Okta goes all in on CIAM

March 5, 2021
Singapore Airlines frequent flyer members hit in third-party data security breach
Internet Security

Singapore Airlines frequent flyer members hit in third-party data security breach

March 5, 2021
Ransomware as a service is the new big problem for business
Internet Security

Ransomware as a service is the new big problem for business

March 5, 2021
Microsoft: We’re cracking down on Excel macro malware
Internet Security

Microsoft: We’re cracking down on Excel macro malware

March 4, 2021
Next Post
Scan your app to find and fix OWASP Top 10

Scan your app to find and fix OWASP Top 10

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

GAO report finds DOD’s weapons programs lack clear cybersecurity guidelines
Internet Security

GAO report finds DOD’s weapons programs lack clear cybersecurity guidelines

March 5, 2021
Convergence of AI, 5G and Augmented Reality Poses New Security Risks 
Artificial Intelligence

Convergence of AI, 5G and Augmented Reality Poses New Security Risks 

March 5, 2021
2021 Gartner Magic Quadrant for Data Science and Machine Learning Platforms
Machine Learning

2021 Gartner Magic Quadrant for Data Science and Machine Learning Platforms

March 5, 2021
With its acquisition of Auth0, Okta goes all in on CIAM
Internet Security

With its acquisition of Auth0, Okta goes all in on CIAM

March 5, 2021
Survey Finds Many Companies Do Little or No Management of Cloud Spending  
Artificial Intelligence

Survey Finds Many Companies Do Little or No Management of Cloud Spending  

March 5, 2021
UVA doctors give us a glimpse into the future of artificial intelligence
Machine Learning

UVA doctors give us a glimpse into the future of artificial intelligence

March 5, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • GAO report finds DOD’s weapons programs lack clear cybersecurity guidelines March 5, 2021
  • Convergence of AI, 5G and Augmented Reality Poses New Security Risks  March 5, 2021
  • 2021 Gartner Magic Quadrant for Data Science and Machine Learning Platforms March 5, 2021
  • With its acquisition of Auth0, Okta goes all in on CIAM March 5, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates