Search
Keyword: ms04-011_microsoft_windows
following autorun registries: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run encReadmyAutoload = "{Malware path}\How to decrypt files.html" HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
"\Microsoft\Windows\Windows Activation Technologies\Defender" /xml Defender.xml /f schtasks /Run /tn "\Microsoft\Windows\Windows Activation Technologies\Defender" schtasks /Delete /tn "\Microsoft\Windows
specially crafted webpage using Microsoft Edge. An attacker who successfully exploited these vulnerabilities could take control of an affected system. (MS17-008) Security Update for Windows Hyper-V (4013082)
(MS10-006) Vulnerabilities in SMB Client Could Allow Remote Code Execution (978251) Risk Rating: Critical This security update resolves two privately reported vulnerabilities in Microsoft Windows
while using Microsoft Edge. Note that accounts that have administrator privileges are more impacted. (MS16-012) Security Update for Microsoft Windows PDF Library to Address Remote Code Execution (3138938)
This worm adds the following registry entries to enable its automatic execution at every system startup: HKEY_LOCAL_MACHINE\Software\Microsoft\ Windows\CurrentVersion\Run Microsoft Time Manager =
Server 2008, and Windows Server 2012.) Autostart Technique This Trojan adds the following registry entries to enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft
Trojan adds the following registry entries to enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run Locky = "%User Temp%\svchost.exe
Server 2008, and Windows Server 2012.) Autostart Technique This Trojan adds the following registry entries to enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft
as wallpaper (Note: %Desktop% is the desktop folder, where it usually is C:\Documents and Settings\{user name}\Desktop in Windows 2000, Windows Server 2003, and Windows XP (32- and 64-bit); C:\Users\
Microsoft addresses the following vulnerabilities in its February batch of patches: (MS12-008) Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2660465) Risk Rating:
\Policies\ Microsoft\Windows NT\Windows File Protection HKEY_LOCAL_MACHINE\SOFTWARE\Policies\ Microsoft\MRT It adds the following registry entries: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows
enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run Locky = "%User Temp%\svchost.exe" Other System Modifications This Trojan modifies
MS04-011,CVE-2003-0533 cve: Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT
\Software\Microsoft\ Windows\CurrentVersion\Run Locky = "%User Temp%\svchost.exe" Other System Modifications This Trojan adds the following registry entries as part of its installation routine:
startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run Windows Data Serivce = "system32.exe" This report is generated via an automated analysis system. Worm:Win32/Neeris.gen!C (Microsoft
enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run Locky = "%User Temp%\svchost.exe" Other System Modifications This Trojan modifies
Autostart Technique This Trojan adds the following registry entries to enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run Locky = "%User
Settings\{user name}\Desktop in Windows 2000, Windows Server 2003, and Windows XP (32- and 64-bit); C:\Users\{user name}\Desktop in Windows Vista (32- and 64-bit), Windows 7 (32- and 64-bit), Windows 8 (32-
Settings\{user name}\Desktop in Windows 2000, Windows Server 2003, and Windows XP (32- and 64-bit); C:\Users\{user name}\Desktop in Windows Vista (32- and 64-bit), Windows 7 (32- and 64-bit), Windows 8 (32-