From URGENT/11 to Frag/44: Analysis of Critical Vulnerabilities in the Windows TCP/IP Stack

|
From URGENT/11 to Frag/44: Analysis of Critical Vulnerabilities in the Windows TCP/IP StackBy Ben Seri, Yuval Sarel, Gal Levy, and Noam Afuta  Part 2: The Armis research team finds a new primitive to bypass firewalls using CVE-2021-24094, and provides a full analysis of this Windows TCP/IP stack vulnerability patched in ... Read More

From URGENT/11 to “Frag/44”: Microsoft patches critical vulnerabilities in Windows’ TCP/IP stack

|
A recent Patch Tuesday from Microsoft exposed vulnerabilities in the Windows TCP/IP stack that are similar to URGENT/11 and other such vulnerabilities disclosed over the last 18 months. And while such vulnerabilities in Windows may be rare, common belief is that the complexity associated with them would be difficult to ... Read More
NAT Slipstreaming 2.0 - Enterprise Network Bypass

NAT Slipstreaming v2.0: New Attack Variant Can Expose All Internal Network Devices to The Internet

|
Armis and security researcher Samy Kamkar identify NAT Slipstreaming v2.0, a new Attack Variant That Can Expose All Internal Network Devices to The Internet ... Read More
URGENT/11: Takeover of a Rockwell PLC

Unpatched, Unprepared, Unprotected: How Critical Device Vulnerabilities Remain Unaddressed

|
Armis has continued to track the exposures from the URGENT/11 and CDPwn vulnerabilities over the past 18 months. Based on that research, we have identified that 97% of the OT devices impacted by URGENT/11 remain unpatched, and 80% of those affected by CDPwn remain unpatched. As startling as those figures ... Read More