* . *
  • About
  • Advertise
  • Privacy & Policy
  • Contact
Saturday, July 5, 2025
Earth-News
  • Home
  • Business
  • Entertainment
    Kennedy Publishing, MGA Entertainment Launch Yummiland Magazine – License Global

    Kennedy Publishing, MGA Entertainment Launch Yummiland Magazine – License Global

    MAY HER SOUL REST IN PEACE 🙏 Veteran entertainment columnist and talent manager Lolit Solis has passed away. She was 78 years old. https://tinyurl.com/6kumarkx | LatestChika.com – Facebook

    Beloved Entertainment Icon Lolit Solis Passes Away at 78 – A Life Remembered with Love and Respect 🙏

    Neil Young Plays Rare Full-Band ‘Ambulance Blues’ With The Chrome Hearts – Yahoo

    Neil Young Stuns Fans with Rare Full-Band Performance of ‘Ambulance Blues’ Alongside The Chrome Hearts

    BTS Announce Their Big Return and Yes, They Already Have Some Major Plans in the Works – Yahoo

    BTS Announce Their Big Return and Yes, They Already Have Some Major Plans in the Works – Yahoo

    Nantucket Dance Festival opens July 8 – The Inquirer and Mirror

    Nantucket Dance Festival Launches with Thrilling Performances Beginning July 8

    A Secret Society, Ritualistic Killings, and a Century-Old Curse Netflix and YRF Entertainment’s ‘Mandala Murders’ Premieres July 25 – About Netflix

    A Secret Society, Ritualistic Killings, and a Century-Old Curse: Dive into the Chilling World of ‘Mandala Murders’ Premiering July 25

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    New Technology for Water Efficiency and Working with Mexico on Screwworm – AG INFORMATION NETWORK OF THE WEST

    Revolutionary Water Efficiency Technology and Cross-Border Collaboration to Defeat Screwworm

    Environmental cognitive distance, R&D capability distance, and supply chain green technology innovation – Nature

    Bridging Gaps: How Environmental and R&D Differences Drive Green Technology Innovation in Supply Chains

    LG Innotek CEO Moon Hyuksoo: “Our Next-gen Substrate Technology Will Change the Industry Paradigm” – TechPowerUp

    LG Innotek CEO Moon Hyuksoo: “Our Next-Gen Substrate Technology Will Revolutionize the Industry” Revolutionizing the Future: LG Innotek’s CEO Unveils Game-Changing Next-Gen Substrate Technology

    Inspira Technologies Secures Landmark $22.5M Deal: Major Revenue Breakthrough After FDA Clearance – Stock Titan

    Inspira Technologies Secures Landmark $22.5M Deal: Major Revenue Breakthrough After FDA Clearance – Stock Titan

    Meiwu Technology Company Limited and Shenzhen Zhinuo – GlobeNewswire

    Meiwu Technology Company Limited and Shenzhen Zhinuo – GlobeNewswire

    Owls inspire new revolutionary noise reduction technology – KTEN

    Owls inspire new revolutionary noise reduction technology – KTEN

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
  • Home
  • Business
  • Entertainment
    Kennedy Publishing, MGA Entertainment Launch Yummiland Magazine – License Global

    Kennedy Publishing, MGA Entertainment Launch Yummiland Magazine – License Global

    MAY HER SOUL REST IN PEACE 🙏 Veteran entertainment columnist and talent manager Lolit Solis has passed away. She was 78 years old. https://tinyurl.com/6kumarkx | LatestChika.com – Facebook

    Beloved Entertainment Icon Lolit Solis Passes Away at 78 – A Life Remembered with Love and Respect 🙏

    Neil Young Plays Rare Full-Band ‘Ambulance Blues’ With The Chrome Hearts – Yahoo

    Neil Young Stuns Fans with Rare Full-Band Performance of ‘Ambulance Blues’ Alongside The Chrome Hearts

    BTS Announce Their Big Return and Yes, They Already Have Some Major Plans in the Works – Yahoo

    BTS Announce Their Big Return and Yes, They Already Have Some Major Plans in the Works – Yahoo

    Nantucket Dance Festival opens July 8 – The Inquirer and Mirror

    Nantucket Dance Festival Launches with Thrilling Performances Beginning July 8

    A Secret Society, Ritualistic Killings, and a Century-Old Curse Netflix and YRF Entertainment’s ‘Mandala Murders’ Premieres July 25 – About Netflix

    A Secret Society, Ritualistic Killings, and a Century-Old Curse: Dive into the Chilling World of ‘Mandala Murders’ Premiering July 25

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    New Technology for Water Efficiency and Working with Mexico on Screwworm – AG INFORMATION NETWORK OF THE WEST

    Revolutionary Water Efficiency Technology and Cross-Border Collaboration to Defeat Screwworm

    Environmental cognitive distance, R&D capability distance, and supply chain green technology innovation – Nature

    Bridging Gaps: How Environmental and R&D Differences Drive Green Technology Innovation in Supply Chains

    LG Innotek CEO Moon Hyuksoo: “Our Next-gen Substrate Technology Will Change the Industry Paradigm” – TechPowerUp

    LG Innotek CEO Moon Hyuksoo: “Our Next-Gen Substrate Technology Will Revolutionize the Industry” Revolutionizing the Future: LG Innotek’s CEO Unveils Game-Changing Next-Gen Substrate Technology

    Inspira Technologies Secures Landmark $22.5M Deal: Major Revenue Breakthrough After FDA Clearance – Stock Titan

    Inspira Technologies Secures Landmark $22.5M Deal: Major Revenue Breakthrough After FDA Clearance – Stock Titan

    Meiwu Technology Company Limited and Shenzhen Zhinuo – GlobeNewswire

    Meiwu Technology Company Limited and Shenzhen Zhinuo – GlobeNewswire

    Owls inspire new revolutionary noise reduction technology – KTEN

    Owls inspire new revolutionary noise reduction technology – KTEN

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
Earth-News
No Result
View All Result
Home Technology

New attack uses MSC files and Windows XSS flaw to breach networks

June 25, 2024
in Technology
New attack uses MSC files and Windows XSS flaw to breach networks
Share on FacebookShare on Twitter

Windows

A novel command execution technique dubbed ‘GrimResource’ uses specially crafted MSC (Microsoft Saved Console) and an unpatched Windows XSS flaw to perform code execution via the Microsoft Management Console.

In July 2022, Microsoft disabled macros by default in Office, causing threat actors to experiment with new file types in phishing attacks. The attackers first switched to ISO images and password-protected ZIP files, as the file types did not properly propagate Mark of the Web (MoTW) flags to extracted files.

After Microsoft fixed this issue in ISO files and 7-Zip added the option to propagate MoTW flags, attackers were forced to switch to new attachments, such as Windows Shortcuts and OneNote files.

Attackers have now switched to a new file type, Windows MSC (.msc) files, which are used in the Microsoft Management Console (MMC) to manage various aspects of the operating system or create custom views of commonly accessed tools.

The abuse of MSC files to deploy malware was previously reported by South Korean cybersecurity firm Genian. Motivated by this research, the Elastic team discovered a new technique of distributing MSC files and abusing an old but unpatched Windows XSS flaw in apds.dll to deploy Cobalt Strike.

Elastic found a sample (‘sccm-updater.msc’) recently uploaded onto VirusTotal on June 6, 2024, which leverages GrimResource, so the technique is actively exploited in the wild. To make matters worse, no antivirus engines on VirusTotal flagged it as malicious.

While this campaign is using the technique to deploy Cobalt Strike for initial access to networks, it could also be used to execute other commands.

The researchers confirmed to Bleepingcomputer that the XSS flaw is still unpatched in the latest version of Windows 11.

How GrimResource works

The GrimResource attack begins with a malicious MSC file that attempts to exploit an old DOM-based cross-site scripting (XSS) flaw in the ‘apds.dll’ library, which allows the execution of arbitrary JavaScript through a crafted URL.

The vulnerability was reported to Adobe and Microsoft in October 2018, and while both investigated, Microsoft determined that the case did not meet the criteria for immediate fixing.

As of March 2019, the XSS flaw remained unpatched, and it is unclear if it was ever addressed. BleepingComputer contacted Microsoft to confirm if they patched the flaw, but a comment wasn’t immediately available.

The malicious MSC file distributed by attackers contains a reference to the vulnerable APDS resource in the StringTable section, so when the target opens it, MMC processes it and triggers the JS execution in the context of ‘mmc.exe.’

Reference to apds.dll redirect in StringTableReference to apds.dll redirect in StringTable
Source: Elastic Security

Elastic explains that the XSS flaw can be combined with the ‘DotNetToJScript’ technique to execute arbitrary .NET code through the JavaScript engine, bypassing any security measures in place.

The examined sample uses ‘transformNode’ obfuscation to evade ActiveX warnings, while the JS code reconstructs a VBScript that uses DotNetToJScript to load a .NET component named ‘PASTALOADER.’

The malicious VBScript fileThe malicious VBScript file
Source: Elastic Security

PASTALOADER retrieves a Cobalt Strike payload from the environment variables set by the VBScript, spawns a new instance of ‘dllhost.exe,’ and injects it using the ‘DirtyCLR’ technique combined with function unhooking and indirect system calls.

Cobalt Strike injected into dllhost.exeCobalt Strike injected into dllhost.exe
Source: Elastic Security

Elastic researcher Samir Bousseaden shared a demonstration of the the GrimResource attack on X.

Demonstration of the GrimResource attack
Demonstration of the GrimResource attack

Stopping GrimResource

In general, system administrators are advised to be on the lookout for the following:

File operations involving apds.dll invoked by mmc.exe.
Suspicious executions via MCC, especially processes spawned by mmc.exe with .msc file arguments.
RWX memory allocations by mmc.exe that originate from script engines or .NET components.
Unusual .NET COM object creation within non-standard script interpreters like JScript or VBScript.
Temporary HTML files created in the INetCache folder as a result of APDS XSS redirection.

Elastic Security has also published a complete list of GrimResource indicators on GitHub and provided YARA rules in the report to help defenders detect suspicious MSC files.

>>> Read full article>>>
Copyright for syndicated content belongs to the linked Source : BleepingComputer – https://www.bleepingcomputer.com/news/security/new-grimresource-attack-uses-msc-files-and-windows-xss-flaw-to-breach-networks/

Tags: AttackFilestechnology
Previous Post

Indiana Women’s Basketball Coach Teri Moren Wins Gold Medal With USA U18 Team

Next Post

Chrome for Android tests feature that securely verifies your ID with sites

New Technology for Water Efficiency and Working with Mexico on Screwworm – AG INFORMATION NETWORK OF THE WEST

Revolutionary Water Efficiency Technology and Cross-Border Collaboration to Defeat Screwworm

July 4, 2025
California AG Rob Bonta says online fantasy sports platforms are illegal in the state – KCRA

California AG Rob Bonta Cracks Down, Declares Online Fantasy Sports Platforms Illegal

July 4, 2025
Bridge Point Tacoma permit and settlement – Washington State Department of Ecology (.gov)

Bridge Point Tacoma permit and settlement – Washington State Department of Ecology (.gov)

July 4, 2025
Accelerated data-driven materials science with the Materials Project – Nature

Accelerated data-driven materials science with the Materials Project – Nature

July 4, 2025
Downtown Louisville, Ky., gets new lifestyle hotel – hotelmanagement.net

Downtown Louisville Welcomes Exciting New Lifestyle Hotel

July 4, 2025
Romer: Finding common ground in a divided world – VailDaily.com

Romer: Building Bridges to Unite a Divided World

July 4, 2025
The Republican Budget Bill Is an Economy Killer – Bloomberg.com

The Republican Budget Bill Is an Economy Killer – Bloomberg.com

July 4, 2025
Kennedy Publishing, MGA Entertainment Launch Yummiland Magazine – License Global

Kennedy Publishing, MGA Entertainment Launch Yummiland Magazine – License Global

July 4, 2025
Trump says his 6th phone call with Putin this year ‘didn’t make any progress’ – PBS

Trump says his 6th phone call with Putin this year ‘didn’t make any progress’ – PBS

July 4, 2025
Environmental cognitive distance, R&D capability distance, and supply chain green technology innovation – Nature

Bridging Gaps: How Environmental and R&D Differences Drive Green Technology Innovation in Supply Chains

July 4, 2025

Categories

Archives

July 2025
MTWTFSS
 123456
78910111213
14151617181920
21222324252627
28293031 
« Jun    
Earth-News.info

The Earth News is an independent English-language daily published Website from all around the World News

Browse by Category

  • Business (20,132)
  • Ecology (705)
  • Economy (731)
  • Entertainment (21,619)
  • General (15,711)
  • Health (9,768)
  • Lifestyle (735)
  • News (22,149)
  • People (731)
  • Politics (738)
  • Science (15,947)
  • Sports (21,229)
  • Technology (15,715)
  • World (711)

Recent News

New Technology for Water Efficiency and Working with Mexico on Screwworm – AG INFORMATION NETWORK OF THE WEST

Revolutionary Water Efficiency Technology and Cross-Border Collaboration to Defeat Screwworm

July 4, 2025
California AG Rob Bonta says online fantasy sports platforms are illegal in the state – KCRA

California AG Rob Bonta Cracks Down, Declares Online Fantasy Sports Platforms Illegal

July 4, 2025
  • About
  • Advertise
  • Privacy & Policy
  • Contact

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

Go to mobile version