CYBERɹ-ɹEDUCATIONɹ-ɹPENTESTɹ-ɹJSOCɹ-ɹ 119ɹ-ɹCONSULTING We provide IT total solutions based on advanced security technologies. supports your B usiness LAC ೥݄೔ גࣜձࣾϥοΫ αΠόʔηΩϡϦςΟࣄۀ෦ ·ͬͪΌ͍ͩ;͘ ˜-"$$P -UE ຐ๏ͷ֦ுࢠ

˜-"$$P -UE Win10ͷʮઃఆʯ༻ͷ γϣʔτΧοτͰ೚ҙͷίʔυΛ࣮ߦՄೳ

˜-"$$P -UE ֦ுࢠɿ.SettingContent-ms

˜-"$$P -UE ݩʑͷ༻్͸ɺʮઃఆʯ߲໨ͷىಈ༻ WindowsεϚʔτνϡʔχϯά(337) Win 10TPฤ: γϣʔτΧοτϑΝΠϧͰʮઃఆʯͷWindows UpdateΛݺͼग़͢ | ϚΠφϏχϡʔε → https://news.mynavi.jp/article/windows-337/

˜-"$$P -UE ֦ுࢠ͕ফ͑ͨʂ

˜-"$$P -UE Githubʹcalc.exeΛىಈ͢ΔPoC͕ʂʂʂ test.SettingContent-ms · GitHub → https://gist.github.com/enigma0x3/b948b81717fd6b72e0a4baca033e07f8

˜-"$$P -UE ࣮ࡍ΍ͬͯΈΔ

˜-"$$P -UE Ұॠcmd.exe͕ಈ͍ͯɺcalc.exe͕ىಈ

˜-"$$P -UE μ΢ϯϩʔυϑΝΠϧ͸Πϯλʔωοτκʔϯ

˜-"$$P -UE ܯࠂͳ͘ɺcalc.exeىಈ

˜-"$$P -UE ɹɹ2/16/2018: Report sent MSRC ɹɹ2/16/2018: MSRC acknowledged the report, case number assigned ɹɹ3/2/2018: MSRC confirmed that they could reproduce the issue ɹɹ4/24/2018: Requested status update ɹɹ4/25/2018: MSRC informed me of a case handler change. An update ɹɹɹɹɹɹɹɹɹɹɹwas requested from the engineering team and would be relayed to me ɹɹɹɹɹɹɹɹɹɹɹASAP ɹɹ6/1/2018: Requested another update from MSRC ɹɹ6/4/2018: MSRC responded with a note that the severity of the issue is ɹɹɹɹɹɹɹɹɹɹbelow the bar for servicing and that the case will be closed. ɹɹ6/11/2018: Report published MS͸मਖ਼͢Δͭ΋Γ͸ແ͘࢓༷ͰΫϩʔζΒ͍͠ June | 2018 | enigma0x3 → https://enigma0x3.net/2018/06/

˜-"$$P -UE OLEʹຒΊࠐ·ΕͨΒ΍͹͍ʂ ɹɹɹɹˠ͓ͦΒ͘ϒϥοΫϦετʹೖΕͯ͘Δ Windows Settings Shortcuts Can Be Abused for Code Execution on Windows 10
 → https://www.bleepingcomputer.com/news/security/windows-settings-shortcuts-can-be-abused-for-code-execution-on-windows-10/

˜-"$$P -UE SettingContent-MS-File-Execution/LoadPowershellDemo.SettingContent-MS at master · bvoris/SettingContent-MS-File-Execution · GitHub → https://github.com/bvoris/SettingContent-MS-File-Execution/blob/master/LoadPowershellDemo.SettingContent-MS PowerShellΛಈ͔͢PoC΋ग़ͯ·͢ʢThanksੴ઒͞Μʣ ೥݄೔ߋ৽

˜-"$$P -UE <?xml version="1.0" encoding="UTF-8"?> <PCSettings> <SearchableContent xmlns - pastebin.com → https://pastebin.com/HaBb87Av mshta.exeΛ࢖͏PoC΋ग़ͯ·͢ʢ࢖͑Δ͔ෆ໌ʣ ೥݄೔ߋ৽ JUN 23RD, 2018

˜-"$$P -UE ͜ͷ֦ுࢠ͸Symantec Cloud͸ݕ஌ ೥݄೔ߋ৽ ೥݄೔৘ใ

˜-"$$P -UE Ϛϧ΢ΤΞʹѱ༻ʂʂʂʂʢThanksੴ઒͞Μʣ(1/2) ೥݄೔ߋ৽ VirusTotal → https://www.virustotal.com/ja/file/09666731EFAB134CB6C882902D64B5E22D664FCAA4B97211D8C66AAC966709A4/analysis/

˜-"$$P -UE VirusTotal → https://www.virustotal.com/#/file/51b06db04512d3e3c415b015be59a324c940e9538e47ff8ebfe340188bffbb84/detection μ΢ϯϩʔυ͞ΕΔɺLAW231.exe ͸ɺREMCOS RAT Β͍͠Ͱ͢ɻ Ϛϧ΢ΤΞʹѱ༻ʂʂʂʂʢThanksੴ઒͞Μʣ(2/2)

CYBERɹ-ɹEDUCATIONɹ-ɹPENTESTɹ-ɹJSOCɹ-ɹ 119ɹ-ɹCONSULTING We provide IT total solutions based on advanced security technologies. supports your B usiness LAC Thank you. Any Questions ? ˜-"$$P -UE