Kusto hunting query for CVE-2021-40444

Introduction On September 7th 2021, Microsoft published customer guidance concerning CVE-2021-40444, an MSHTML Remote Code Execution Vulnerability: Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents.An attacker could craft a … Continue reading Kusto hunting query for CVE-2021-40444

Sentinel Query: Detect ZeroLogon (CVE-2020-1472)

In August 2020 Microsoft patched the ZeroLogon vulnerability CVE-2020-1472. In summary, this vulnerability would allow an attacker with a foothold in your network to become a domain admin in a few clicks. The attacker only needs to establish a network connection towards the domain controller. At NVISO we are supporting multiple clients with our MDR … Continue reading Sentinel Query: Detect ZeroLogon (CVE-2020-1472)