Log in
E-mail
Password
Remember
Forgot password ?
Become a member for free
Sign up
Sign up
Settings
Settings
Dynamic quotes 
OFFON

MarketScreener Homepage  >  News  >  Companies  >  All News

News : Companies
Latest NewsCompaniesMarketsEconomy & ForexCommoditiesInterest RatesBusiness LeadersFinance ProfessionalsCalendarSectors
All News
Analyst Recommendations
Rumors
IPOs
Capital Markets Transactions
New Contracts
Profits warnings
Appointments
Press Releases
Events
Corporate actions

Rapid7 : Metasploit Wrap-Up

share with twitter share with LinkedIn share with facebook
share via e-mail
0
08/23/2019 | 01:31pm EDT

All about that RPD

Things have been ramping back up as we have been getting back up to speed as we have rehydrated from our trek to the desert and now we have two Exploits That Shall Not Be Named focusing our attention on RDP. For now improvements to our protocol handling have focused on things that should be relevant into the future: TLS improvements by cnotin and CredSSP-based fingerprinting support by zeroSteiner based on work by Tom Sellers using Nmap.

Maldocs for all!

Word processing documents with malicious code (maldocs) have become quite a common vector for mass-exploitation over phishing. While most research has centered around Microsoft products, LibreOffice has also had a few vulnerabilities in this area. This week, we landed another file format exploit that uses an event listener to trigger silent, interactionless Python code execution in one of LibreOffice's bundled components. Contributed by LoadLow and gotten over the line by bcoles and our own Shelby Pace, it affects LibreOffice versions

New modules (1)

Enhancements and features

  • PR #12214 - This explicitly enables TLS 1.0 support with the RDP library, enabling compatibility with older versions of Windows.
  • PR #12203 - This disables Metasploit Pro autoexploitation for a couple modules due to false positives.
  • PR #12183 - This adds CredSSP-based fingerprinting to the RDP scanner and mixin which uses NLA to get Windows version information during NTLM negotiation.

Bugs fixed

  • PR #12221 - This fixes Metasploit RPC functionality enabling creation of multiple console instances simultaneously.
  • PR #12168 - This fixes redirection to an HTTPS url from an HTTP url with the HTTP client library.
  • PR #12181 - This fixes some bugs and adds some tests around our Juniper configuration file parser.

Get it

As always, you can update to the latest Metasploit Framework with
and you can get more details on the changes since the last blog post from
GitHub:

We recently announced the release of Metasploit 5. You can get it by cloning the Metasploit Framework repo (master branch). To install fresh without using git, you can use the open-source-only Nightly Installers or the binary installers (which also include the commercial editions).

Disclaimer

Rapid7 Inc. published this content on 23 August 2019 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on 23 August 2019 17:30:02 UTC
share with twitter share with LinkedIn share with facebook
share via e-mail
0
Latest news "Companies"
02:30pKBRA Releases Report Assigning an AA+ with a Stable Outlook to the Metropolitan Transit Authority of Harris County, TX Series 2019 A & B
BU
02:26pSALESFORCE COM : How Salesforce Accelerates New Customer Onboarding Using Journey Builder
PU
02:26pTRANSAT A T : 2019-08-23 — Special meeting of shareholders closing speech by Jean-Marc Eustache
PU
02:26pTRANSAT A T : 2019-08-23 — Special meeting of shareholders opening speech by Jean-Marc Eustache
PU
02:25pCourt affirms alternative Keystone XL oil pipeline route through Nebraska
RE
02:25pMACY'S : Macy's, Inc. Board Declares Quarterly Dividend
BU
02:20pDEADLINE REMINDER : The Law Offices of Howard G. Smith Reminds Investors of Looming Deadline in the Class Action Lawsuit Against NetApp, Inc. (NTAP)
BU
02:17p2Q GDP Revision Expected to Show Little Change -- Data Week Ahead
DJ
02:17pSinclair Eyes More Regional Sports Networks as Disney Deal Closes
DJ
02:16pFEDERAL HOME LOAN MORTGAGE : Self-Employed Mortgage Application Tips
PU
Latest news "Companies"
Advertisement

MOST READ NEWS

1China strikes back at U.S. with new tariffs on $75 billion in goods
2China strikes back at U.S. with new tariffs on $75 billion in goods
3ENTERTAINMENT ONE LTD : Shares in Peppa Pig owner rise past Hasbro offer
4SALESFORCE.COM : Salesforce Offers Upbeat Signal On Prospects for Tech Spending -- WSJ
5DEUTSCHE POST AG : DEUTSCHE POST : DHL stops deliveries for Amazon Fresh in Germany

HOT NEWS
Categories
Free services
Mobile App
Premium service
About
Stock Market Quotes Interactive brokers Offre Binck Best of des tweets Stock Market News Börse: Aktien, Kurse und Nachrichten
Copyright © 2019 Superformance. All rights reserved. Market data are provided by Factset, Morningstar and vwd Group