Results for windows

Threat Research

Patch Your Microsoft Windows and Office: Fortinet Discovers Three Zero-Day Remote Code Execution Vulnerabilities

On the April 9, 2019 Patch Tuesday, Microsoft released patches for several vulnerabilities in Windows and Office. Three of them were discovered and reported by FortiGuard Labs researcher Honggang Ren by following Fortinet’s responsible disclosure process.

By Honggang Ren April 10, 2019

Threat Research

Microsoft Windows JET Engine Msrd3x Code Execution Vulnerability

Fortinet's FortiGuard Labs discovered a code execution vulnerability in Windows JET Engine Msrd3x40 and reported it to Microsoft. On patch Tuesday of January 2019, Microsoft released a Security Bulletin that contains the fix for this vulnerability and identifies it as CVE-2019-0538.

By Honggang Ren January 11, 2019

Threat Research

Cookie Maker: Inside the Google Docs Malicious Network

FortiGuard Labs recently discovered a running Google Docs malware campaign that uses the names of Fortinet and FortiGuard. When we examined the documents, we encountered a long chain of redirects inside a malicious network, and the destination of this chain was dependent on our IP and the user-agent that was used. This malicious network targets all major platforms: Windows, Android, and MacOS.

By Artem SemenchenkoNovember 21, 2018

Threat Research

FakeSpy Comes Back. New Wave Hits Japan

FortiGuard Labs recently encountered malicious traffic traveling to a C2 server located in China. The connection was established by a domain using a name that closely resembled one of Japan’s most famous express post delivery services. Our analysis showed that the website making this connection is fake, and moreover, it is spreading an Android malware.

By Dario Durando, Evgeny AnaninOctober 02, 2018

Threat Research

Deep Analysis of a Driver-Based MITM Malware: iTranslator

The FortiGuard Labs research team recently captured a malware sample, an EXE file, which was signed by an invalid certificate. Once a victim opens the exe file, it installs two drivers to control the victim’s Windows system as well as monitors the Internet activities of the victim’s Web browser.

By Xiaopeng ZhangSeptember 21, 2018

Threat Research

Microsoft Windows Remote Kernel Crash Vulnerability

At the end of January 2018, the FortiGuard Labs team discovered a remote kernel crash vulnerability in Microsoft Windows and reported it to Microsoft by following Fortinet’s responsible disclosure process. On June 12, Microsoft released an advisory that contains the fix for this vulnerability and identifies it as CVE-2018-1040.

By Honggang RenJune 14, 2018

Threat Research

Non-Russian Matryoshka: Russian Service Centers Under Attack

With the help of FortiGuard’s in-house Threat Intelligence Platform (Kadena), FortiGuard Labs discovered a series of attacks targeted at service centers in Russia. These service centers provide maintenance and support for a variety of electronic goods.

Threat Research

WINS Server Remote Memory Corruption Vulnerability in Microsoft Windows Server

Summary In December 2016, FortiGuard Labs discovered and reported a WINS Server remote memory corruption vulnerability in Microsoft Windows Server. In June of 2017, Microsoft replied to FortiGuard Labs, saying, "a fix would require a complete overhaul of the code to be considered comprehensive. The functionality provided by WINS was replaced by DNS and Microsoft has advised customers to migrate away from it." That is, Microsoft will not be patching this vulnerability due to the amount of work that would be required. Instead, Microsoft...

By Honggang RenJune 14, 2017

Threat Research

Deep Analysis of Esteemaudit

A Windows 2003 RDP Zero Day Exploit In this blog, the FortiGuard team takes a look at Esteemaudit, which is an exploit that was included in the set of cybertools leaked by the hacker group known as "Shadow Brokers." They claim that they collected this set of cybertools from the compromised data of "Equation Group," a threat actor alleged to be tied to the United States National Security Agency (NSA). Esteemaudit is a Remote Desktop Protocol (RDP) exploit that targets Microsoft Windows Server 2003 / Windows XP. The vulnerability...

By Dehui YinMay 11, 2017

Threat Research

Deep Analysis of New Emotet Variant – Part 2

This is the second part of FortiGuard Labs’ deep analysis of the new Emotet variant. In the first part of the analysis we demonstrated that by bypassing the server-side Anti-Debug or Anti-Analysis technique we could download three or four modules (.dll files) from the C&C server. In that first blog we only analyzed one module (I named it ‘module2’). In this blog, we’ll review how the other modules work. Here we go.

By Xiaopeng ZhangMay 09, 2017