The exploit involves creating a malicious Windows theme file that contains a link to an attacker-controlled SMB server. When the victim opens this theme file, their NTLM hash is captured by the attacker. This vulnerability is identified as CVE-2024-21320.
The exploit involves abusing MS Office URI schemes to fetch a document from a remote source. By invoking a specific URI scheme on a victim computer, an attacker can capture and relay NTLMv2 hash over SMB and HTTP.
The Ancillary Function Driver for WinSock in Microsoft Windows 11 Pro 23H2 allows local users to gain privileges via a crafted application, leading to privilege escalation. This vulnerability is identified as CVE-2024-38193.
The exploit allows an attacker to escalate privileges on Microsoft Windows 11 systems by leveraging a vulnerability in the kernel. By manipulating IOCTL buffers and exploiting the SystemHandleInformation method, an attacker can gain elevated privileges on the target system. This vulnerability has been assigned CVE-2024-21338.
The Microsoft Windows XRM-MS file type, associated with software licensing, allows adversaries to inject XML stylesheets pointing to LAN network shares or attacker-controlled infrastructure. This leads to outbound connections leaking the target's NTLM hash. The exploit works through LAN network shares or remote drive-by downloads, requiring user interaction to open the file. The xrm-ms file type bypasses some security measures and appears trust-worthy as it defaults to opening in Internet Explorer or Edge on Windows systems.
The Microsoft library-ms file format was found to have an NTLM hash disclosure vulnerability, where sensitive information could be exposed. Initially considered not severe by MSRC in 2018, it was later acknowledged by Microsoft and assigned CVE-2025-24054 in 2025. This vulnerability allows remote attackers to access sensitive information.
The exploit allows an attacker to elevate privileges on Microsoft Windows 11 23h2 by exploiting a vulnerability in the CLFS.sys driver. By leveraging this vulnerability, an attacker can escalate their privileges on the system.
The exploit targets Windows 10, 11 <10.0.26100.1457 and Server 2016-2019-2022 <10.0.17763.6189, allowing an attacker to cause denial-of-service. By corrupting the tcpip.sys memory per batch, the attacker can disrupt the normal functioning of the system. This vulnerability is identified as CVE-2024-38063.
Windows Defender fails to detect and prevent execution of TrojanWin32Powessere.G when leveraging rundll32.exe, leading to an 'Access is denied' error. The bypass was first disclosed in 2022 by passing an extra path traversal with mshtml, which was later mitigated. Subsequently, on Feb 7, 2024, using multiple commas as part of the path allowed bypassing the mitigation until it was fixed. Another trivial bypass was discovered soon after.
The exploit targets Microsoft Windows 10.0.17763.5458 and allows for a privilege escalation within the kernel. By exploiting this vulnerability, an attacker could potentially gain elevated privileges on the system.
Services By CQR