• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Advisory – Microsoft Windows Server 2019 Multiple Vulnerabilities
November 14, 2018
Rewterz Threat Advisory – CVE-2018- 8416 – Microsoft .NET core security bypass vulnerability
November 15, 2018

Rewterz Threat Advisory – CVE-2018-8256 & CVE-2018-8415 – Windows PowerShell Multiple Vulnerabilities

November 14, 2018

Multiple vulnerabilities in Windows PowerShell can be exploited to bypass logging restrictions and execute arbitrary code.

 

 

IMPACT:  NORMAL

 

 

PUBLISH DATE:  11-14-2018

 

 

OVERVIEW

 

 

Multiple vulnerabilities have been reported in Windows PowerShell. By successfully exploiting them, malicious local users can bypass certain security restrictions. Malicious people may also compromise a vulnerable system. Updated versions are available.

 

 

ANALYSIS

 

 

The “ExpandArchive()” function contains an error when handling files. If exploited successfully, it will allow malicious people to execute arbitrary code.

 

 

Another error related to log management when handling special characters can be exploited to bypass logging restrictions and subsequently execute unlogged code.

 

 

AFFECTED PRODUCTS

 

 

Windows PowerShell 6.x

 

  • versions 6.0 prior to 6.0.5
  • 1 prior to 6.1.1
  • 2

 

 

UPDATES

 

 

Update to a fixed version if available.

 

  • Versions 6.0:

Update to version 6.0.5.

 

 

  • Versions 6.1:

Update to version 6.1.1.

 

 

  • Versions 6.2:

Fixed in the source code repository.

 

 

If you think you’re the victim of a cyber-attack, immediately send an email to soc@rewterz.com.

  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.