Microsoft Online Service Acknowledgements April 2020
In April 2020, I was proud to be included on the Microsoft Online Service Acknowledgements page. 🙂 https://msrc.microsoft.com/update-guide/en-us/acknowledgement/online
TrendMicro – CVE-2021-28646
I was reviewing TrendMicro products as part of an engagement and I found a permissions issue whereby a log file wasn’t configured correct permissions, and additionally I could take control of the permissions of the file. I reported this issue to the Trend team who issued two bulletins for products which are affected. SECURITY BULLETIN:Continue reading TrendMicro – CVE-2021-28646
Zyxel – CVE-2020-27667
Zyxel OneNetwork Utility V2.1.4C0 Towards the end of last year I reported a privilege escalation vulnerability to Zyxel which was found in their OneNetwork Utility which has now been fixed. This issue was easy to find and demonstrates the importance of validating applications for low hanging privilege escalation vectors. On installation, the application has weakContinue reading Zyxel – CVE-2020-27667