0day And Hitlist Week 01102024 Work ((install)) Today

Understanding 0-Day Exploits and Hitlist Weeks: A Cybersecurity Perspective

01102024

Review your logs for . If you see outbound connections to non-standard ports (4443, 8088) or anomalous clfs.sys calls, you may have been on the hitlist yourself. The 0days are patched. The question is: did your work catch them in time?

A. Ivanti Connect Secure & Policy Secure (CVE-2023-46805 & CVE-2024-21887)

  • work

    Tracked under a temporary identifier (awaiting CVE assignment), this 0day targeted the clfs.sys driver. Researchers noticed that the exploit leveraged a race condition in the log file’s base record validation. The required to weaponize this was significant: attackers needed to trigger a specific sequence of CreateLogFile and FlushBuffers calls. However, once stable, it granted SYSTEM-level access on fully patched Windows 11 23H2 and Server 2022. 0day and hitlist week 01102024 work

    Status:

    High Volume N-Day Exploitation

    The first 0day of the week was reported by Microsoft's Threat Intelligence Center (MSTIC) on October 2nd. Exploitation chains observed in the wild used a malicious printer driver to escape Low Integrity Level sandboxes. The key nuance? This 0day bypassed Patch Tuesday’s August mitigations for a related bug (CVE-2024-38124). work Tracked under a temporary identifier (awaiting CVE