* . *
  • About
  • Advertise
  • Privacy & Policy
  • Contact
Saturday, July 26, 2025
Earth-News
  • Home
  • Business
  • Entertainment
    City of Pelham announces entertainment district plans for former Oak Mountain Amphitheatre site – WVTM

    Pelham Unveils Exciting New Entertainment District Plans for Former Oak Mountain Amphitheatre Site

    Black Box Players presents ‘The Three Musketeers’ – CBS 19 News

    Experience the Adventure: Black Box Players Bring ‘The Three Musketeers’ to Life!

    AP Entertainment SummaryBrief at 1:51 p.m. EDT – Channel 3000

    Entertainment Highlights: Key Updates You Can’t Miss

    ‘Devil Wears Prada 2’ casts Anne Hathaway’s love interest replacing Adrian Grenier’s Nate – Entertainment Weekly

    Devil Wears Prada 2′ Casts New Love Interest for Anne Hathaway, Replacing Adrian Grenier’s Nate

    12 ‘Late Show’ Moments Proving Stephen Colbert Can’t Be Replaced – The Mountaineer

    12 Unforgettable ‘Late Show’ Moments That Prove Stephen Colbert Is Truly One of a Kind

    Canes owner Tom Dundon’s real estate firm eyes entertainment complex near RDU – The Business Journals

    Canes Owner Tom Dundon’s Real Estate Firm Unveils Plans for Thrilling New Entertainment Complex Near RDU

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    Validea’s Top Information Technology Stocks Based On Peter Lynch – 7/25/2025 – Nasdaq

    Validea’s Top Information Technology Stocks Based On Peter Lynch – 7/25/2025 – Nasdaq

    WhoFi: New surveillance technology can track people by how they disrupt Wi-Fi signals – Tech Xplore

    WhoFi: New surveillance technology can track people by how they disrupt Wi-Fi signals – Tech Xplore

    Google Cloud Announced as a Key Technology Partner for Odoo Connect 2025 in San Francisco – GlobeNewswire

    Google Cloud Announced as a Key Technology Partner for Odoo Connect 2025 in San Francisco – GlobeNewswire

    Behind the Screens: The Impact of Technology on Real Estate – TRREB

    Behind the Screens: How Technology is Transforming the Future of Real Estate

    Sustainserv and Palau Announce Technology Partnership to Leverage Innovative AI Platform to Advance Sustainability Reporting – Business Wire

    Sustainserv and Palau Team Up to Transform Sustainability Reporting with Breakthrough AI Technology

    Morgan Adamski Joins PwC in Newly Created Cyber, Data & Technology Risk Division – HSToday

    Morgan Adamski Leads the Charge in PwC’s Cutting-Edge Cyber, Data & Technology Risk Division

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
  • Home
  • Business
  • Entertainment
    City of Pelham announces entertainment district plans for former Oak Mountain Amphitheatre site – WVTM

    Pelham Unveils Exciting New Entertainment District Plans for Former Oak Mountain Amphitheatre Site

    Black Box Players presents ‘The Three Musketeers’ – CBS 19 News

    Experience the Adventure: Black Box Players Bring ‘The Three Musketeers’ to Life!

    AP Entertainment SummaryBrief at 1:51 p.m. EDT – Channel 3000

    Entertainment Highlights: Key Updates You Can’t Miss

    ‘Devil Wears Prada 2’ casts Anne Hathaway’s love interest replacing Adrian Grenier’s Nate – Entertainment Weekly

    Devil Wears Prada 2′ Casts New Love Interest for Anne Hathaway, Replacing Adrian Grenier’s Nate

    12 ‘Late Show’ Moments Proving Stephen Colbert Can’t Be Replaced – The Mountaineer

    12 Unforgettable ‘Late Show’ Moments That Prove Stephen Colbert Is Truly One of a Kind

    Canes owner Tom Dundon’s real estate firm eyes entertainment complex near RDU – The Business Journals

    Canes Owner Tom Dundon’s Real Estate Firm Unveils Plans for Thrilling New Entertainment Complex Near RDU

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    Validea’s Top Information Technology Stocks Based On Peter Lynch – 7/25/2025 – Nasdaq

    Validea’s Top Information Technology Stocks Based On Peter Lynch – 7/25/2025 – Nasdaq

    WhoFi: New surveillance technology can track people by how they disrupt Wi-Fi signals – Tech Xplore

    WhoFi: New surveillance technology can track people by how they disrupt Wi-Fi signals – Tech Xplore

    Google Cloud Announced as a Key Technology Partner for Odoo Connect 2025 in San Francisco – GlobeNewswire

    Google Cloud Announced as a Key Technology Partner for Odoo Connect 2025 in San Francisco – GlobeNewswire

    Behind the Screens: The Impact of Technology on Real Estate – TRREB

    Behind the Screens: How Technology is Transforming the Future of Real Estate

    Sustainserv and Palau Announce Technology Partnership to Leverage Innovative AI Platform to Advance Sustainability Reporting – Business Wire

    Sustainserv and Palau Team Up to Transform Sustainability Reporting with Breakthrough AI Technology

    Morgan Adamski Joins PwC in Newly Created Cyber, Data & Technology Risk Division – HSToday

    Morgan Adamski Leads the Charge in PwC’s Cutting-Edge Cyber, Data & Technology Risk Division

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
Earth-News
No Result
View All Result
Home Technology

New attack uses MSC files and Windows XSS flaw to breach networks

June 25, 2024
in Technology
New attack uses MSC files and Windows XSS flaw to breach networks
Share on FacebookShare on Twitter

Windows

A novel command execution technique dubbed ‘GrimResource’ uses specially crafted MSC (Microsoft Saved Console) and an unpatched Windows XSS flaw to perform code execution via the Microsoft Management Console.

In July 2022, Microsoft disabled macros by default in Office, causing threat actors to experiment with new file types in phishing attacks. The attackers first switched to ISO images and password-protected ZIP files, as the file types did not properly propagate Mark of the Web (MoTW) flags to extracted files.

After Microsoft fixed this issue in ISO files and 7-Zip added the option to propagate MoTW flags, attackers were forced to switch to new attachments, such as Windows Shortcuts and OneNote files.

Attackers have now switched to a new file type, Windows MSC (.msc) files, which are used in the Microsoft Management Console (MMC) to manage various aspects of the operating system or create custom views of commonly accessed tools.

The abuse of MSC files to deploy malware was previously reported by South Korean cybersecurity firm Genian. Motivated by this research, the Elastic team discovered a new technique of distributing MSC files and abusing an old but unpatched Windows XSS flaw in apds.dll to deploy Cobalt Strike.

Elastic found a sample (‘sccm-updater.msc’) recently uploaded onto VirusTotal on June 6, 2024, which leverages GrimResource, so the technique is actively exploited in the wild. To make matters worse, no antivirus engines on VirusTotal flagged it as malicious.

While this campaign is using the technique to deploy Cobalt Strike for initial access to networks, it could also be used to execute other commands.

The researchers confirmed to Bleepingcomputer that the XSS flaw is still unpatched in the latest version of Windows 11.

How GrimResource works

The GrimResource attack begins with a malicious MSC file that attempts to exploit an old DOM-based cross-site scripting (XSS) flaw in the ‘apds.dll’ library, which allows the execution of arbitrary JavaScript through a crafted URL.

The vulnerability was reported to Adobe and Microsoft in October 2018, and while both investigated, Microsoft determined that the case did not meet the criteria for immediate fixing.

As of March 2019, the XSS flaw remained unpatched, and it is unclear if it was ever addressed. BleepingComputer contacted Microsoft to confirm if they patched the flaw, but a comment wasn’t immediately available.

The malicious MSC file distributed by attackers contains a reference to the vulnerable APDS resource in the StringTable section, so when the target opens it, MMC processes it and triggers the JS execution in the context of ‘mmc.exe.’

Reference to apds.dll redirect in StringTableReference to apds.dll redirect in StringTable
Source: Elastic Security

Elastic explains that the XSS flaw can be combined with the ‘DotNetToJScript’ technique to execute arbitrary .NET code through the JavaScript engine, bypassing any security measures in place.

The examined sample uses ‘transformNode’ obfuscation to evade ActiveX warnings, while the JS code reconstructs a VBScript that uses DotNetToJScript to load a .NET component named ‘PASTALOADER.’

The malicious VBScript fileThe malicious VBScript file
Source: Elastic Security

PASTALOADER retrieves a Cobalt Strike payload from the environment variables set by the VBScript, spawns a new instance of ‘dllhost.exe,’ and injects it using the ‘DirtyCLR’ technique combined with function unhooking and indirect system calls.

Cobalt Strike injected into dllhost.exeCobalt Strike injected into dllhost.exe
Source: Elastic Security

Elastic researcher Samir Bousseaden shared a demonstration of the the GrimResource attack on X.

Demonstration of the GrimResource attack
Demonstration of the GrimResource attack

Stopping GrimResource

In general, system administrators are advised to be on the lookout for the following:

File operations involving apds.dll invoked by mmc.exe.
Suspicious executions via MCC, especially processes spawned by mmc.exe with .msc file arguments.
RWX memory allocations by mmc.exe that originate from script engines or .NET components.
Unusual .NET COM object creation within non-standard script interpreters like JScript or VBScript.
Temporary HTML files created in the INetCache folder as a result of APDS XSS redirection.

Elastic Security has also published a complete list of GrimResource indicators on GitHub and provided YARA rules in the report to help defenders detect suspicious MSC files.

>>> Read full article>>>
Copyright for syndicated content belongs to the linked Source : BleepingComputer – https://www.bleepingcomputer.com/news/security/new-grimresource-attack-uses-msc-files-and-windows-xss-flaw-to-breach-networks/

Tags: AttackFilestechnology
Previous Post

Indiana Women’s Basketball Coach Teri Moren Wins Gold Medal With USA U18 Team

Next Post

Chrome for Android tests feature that securely verifies your ID with sites

Validea’s Top Information Technology Stocks Based On Peter Lynch – 7/25/2025 – Nasdaq

Validea’s Top Information Technology Stocks Based On Peter Lynch – 7/25/2025 – Nasdaq

July 25, 2025
From sports day to shelter: Thai family flees shelling from Cambodia – Reuters

From sports day to shelter: Thai family flees shelling from Cambodia – Reuters

July 25, 2025
When can we detect lianas from space? Toward a mechanistic understanding of liana-infested forest optics – ESA Journals

Unveiling Forest Canopies: How Satellite Technology Detects Lianas from Space

July 25, 2025
China launches world’s first robot that can run by itself 24/7 — watch it change its own batteries in unsettling new footage – Live Science

China launches world’s first robot that can run by itself 24/7 — watch it change its own batteries in unsettling new footage – Live Science

July 25, 2025
Enjoy Indoor Summer Fun at This Science Center in Rye, New Hampshire – Only In Your State

Discover Exciting Indoor Summer Adventures at This Science Center in Rye, New Hampshire

July 25, 2025
Superhero Lifestyle Collections – Trend Hunter

Discover the Ultimate Superhero Lifestyle Collections Transforming Everyday Living

July 25, 2025
How to watch Katie Ledecky at the 2025 World Swimming Championships – NBC Sports

Don’t Miss a Second: How to Watch Katie Ledecky Shine at the 2025 World Swimming Championships

July 25, 2025
Space Foundation Study: Space economy worth $600bn+ – news.satnews.com

Space Foundation Study: Space economy worth $600bn+ – news.satnews.com

July 25, 2025
City of Pelham announces entertainment district plans for former Oak Mountain Amphitheatre site – WVTM

Pelham Unveils Exciting New Entertainment District Plans for Former Oak Mountain Amphitheatre Site

July 25, 2025
Advocates talk benefits of single-payer health care in Greenfield forum – Athol Daily News

Advocates Highlight the Benefits of Single-Payer Health Care at Greenfield Forum

July 25, 2025

Categories

Archives

July 2025
MTWTFSS
 123456
78910111213
14151617181920
21222324252627
28293031 
« Jun    
Earth-News.info

The Earth News is an independent English-language daily published Website from all around the World News

Browse by Category

  • Business (20,132)
  • Ecology (738)
  • Economy (762)
  • Entertainment (21,643)
  • General (16,102)
  • Health (9,800)
  • Lifestyle (770)
  • News (22,149)
  • People (764)
  • Politics (771)
  • Science (15,977)
  • Sports (21,260)
  • Technology (15,745)
  • World (745)

Recent News

Validea’s Top Information Technology Stocks Based On Peter Lynch – 7/25/2025 – Nasdaq

Validea’s Top Information Technology Stocks Based On Peter Lynch – 7/25/2025 – Nasdaq

July 25, 2025
From sports day to shelter: Thai family flees shelling from Cambodia – Reuters

From sports day to shelter: Thai family flees shelling from Cambodia – Reuters

July 25, 2025
  • About
  • Advertise
  • Privacy & Policy
  • Contact

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

Go to mobile version