Honeypots TEHTRIS: Vulnerabilities focus of the week (Week 37)

This week, TEHTRIS observed the following activity on its computer decoys deployed all around the world. Summary Focus on 3 kinds of vulnerabilities scanning this week Eternal Blue TEHTRIS detected a large number of EternalBlue exploits using TCP/445. The EternalBlue computer exploit (CVE-2017-0144) developed by the NSA became infamous in 2017 when it was leaked […]

Zerologon Vulnerability

A vulnerability named Zerologon, with the number CVE-2020-1472, has been made public on August 11, 2020 by Microsoft [1]. It impacts MS-NRPC [2], a protocol required for the proper operation of a Microsoft domain, and used by domain controllers (RODC [3] included). On September 11, 2020, an exploitation code and a white paper associated with […]

SIGRed vulnerability

A vulnerability named SIGRed and numbered CVE-2020-1350 was discovered in 2020 May by the Checkpoint Security Research Team. Risks Remote code execution Server compromission Data exfiltration SIGRed Vulnerability Affected systems The following server versions are affected (when the DNS service is activated): Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for […]

European network sensors

When reviewing logs from a company, TEHTRIS CERT found multiple instances where an IP address had been trying to contact sensitive servers. Since these servers were unknown to open source databases, an investigation was conducted to understand how a potential attacker could identify the IP addresses of the company’s sensitive servers. Approach In order to […]

UPnP CallStranger vulnerability

A new critical vulnerability has been detected. It interferes in the UPnP (Universal Plug and Play) protocol directly affecting the majority of Internet of Things (IoT) devices. Risks Remote code execution Data exfiltration Involuntary participation in a DDoS attack UPnP CallStranger Vulnerability Affected Systems List of systems being updated whose vulnerability is confirmed: Windows 10 […]

Windows Type 1 Font Parsing RCE Vulnerability – Microsoft ADV200006

On the 23rd of March 2020, Microsoft has released an important security advisory concerning two critical flaws allowing a remote code execution (RCE). Theses flaws exists in the way that Windows Adobe Type Manager improperly handles some specially crafted fonts. They can be exploited by the opening of a malicious file containing one of these […]


A spoofing vulnerability has been discovered in the way the Windows cryptographic library (crypt32.dll) validates certificates composed of elliptical curves (ECC). Successful exploitation of this flaw could lead to “man-in-the-middle” (MitM) attacks or decrypt confidential data. Only Windows 10, Windows Server 16 and 19 are affected by this vulnerability. Execution of a Trojan horse signed […]