KapWing

X1377 Patched | FAST • 2024 |

The x1377 exploit worked because it manipulated the page table. HVCI forces the kernel to run in a virtual secure mode, making such memory hijacks impossible. Even if a new "x1378" appears, HVCI will stop it.

At its core, CVE-2024-21412 is a SmartScreen Security Feature Bypass vulnerability.

Microsoft SmartScreen is a cloud-based anti-phishing and anti-malware component integrated into Windows. You know that annoying blue popup that says "Windows protected your PC" when you try to run an unrecognized app? That’s SmartScreen. It acts as a gatekeeper, warning users before they execute untrusted or malicious files. x1377 patched

The "x1377" vulnerability allows an attacker to craft a malicious file in a specific way that tricks Windows into thinking the file is trusted. Consequently, SmartScreen does not show the warning popup, allowing the malware to execute silently.

This was a Zero-Day vulnerability, meaning it was actively exploited in the wild by threat actors before Microsoft released a fix. The x1377 exploit worked because it manipulated the

On March 4, 2024, JetBrains released a critical security update for TeamCity On-Premises. The update addressed a severe authentication bypass vulnerability allowing an unauthenticated attacker with network access to the TeamCity server to bypass the login page and gain administrative access to the system.

This vulnerability poses a significant supply chain risk. TeamCity is a Continuous Integration/Continuous Deployment (CI/CD) server used to build and deploy software. An attacker gaining access to a TeamCity server can steal source code, inject malicious code into build pipelines, compromise production environments, and exfiltrate secrets (API keys, database passwords) stored within the build configurations. At its core, CVE-2024-21412 is a SmartScreen Security

Run the following PowerShell command to check if your Windows build includes the CET enforcement patch:

Get-WinUserLanguageList | ForEach-Object  if ((Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" -Name "CetEnforcedOffsets").CetEnforcedOffsets -like "*1377*")  Write-Host "x1377 Patched - Secure"