Rewterz

Rewterz Threat Advisory – Windows 10 themes can be abused to steal Windows passwords

September 8, 2020
Rewterz

Rewterz Threat Advisory – CVE-2020-1596 – TLS Information Disclosure Vulnerability

September 9, 2020

Rewterz Threat Advisory – CVE-2020-16884 – Microsoft Internet Explorer Browser Helper Object (BHO) Memory Corruption Vulnerability

Severity

Medium

Analysis Summary

A remote code execution vulnerability exists in the way that the IEToEdge Browser Helper Object (BHO) plugin on Internet Explorer handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.

Impact

Remote Code Execution

Affected Vendors

Microsoft

Affected Products

  • Internet Explorer
  • Microsoft Edge (Chromium)

Remediation

Refer to Microsoft advisory for the complete list of affected products and their respective patches.

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16884

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.