Signal Brief · Archived
Week of September 23, 2024
The Week's Public Record
Events
2024-09-27
vuln disclosure
ESET Windows Product File Deletion Vulnerability via Improper Privilege ManagementCVE-2024-7400
CVE-2024-7400 is a high-severity vulnerability in ESET's Windows security products that allows a local low-privileged attacker to delete arbitrary files without proper permissions during the removal of a detected file. This could lead to data loss or system instability. No public exploit or in-the-wild exploitation has been observed.
2024-09-25
research poc
Python Script Automates Windows Defender Tamper Protection Bypass via Safe ModeTamperBypass
A publicly available Python script automates booting into Windows Safe Mode to disable Windows Defender services and scheduled tasks, effectively bypassing tamper protection. The technique requires administrator privileges and leverages Safe Mode's reduced security posture to stop Defender components. This demonstrates a practical method for attackers to disable endpoint protection on Windows 10/11 systems.
2024-09-25
vuln disclosure
Grafana Agent Flow Mode on Windows Privilege Escalation via Unquoted Search PathCVE-2024-8996
CVE-2024-8996 is a high-severity vulnerability in Grafana Agent (Flow mode) on Windows that allows a local user to escalate privileges to SYSTEM. The issue stems from an unquoted search path or element vulnerability. It affects Grafana Agent Flow versions before 0.43.2.
Every event in this brief is a record in ColdRecon's canonical set, drawn from public open-source reporting and linked to its source. This is the general, non-personalized signal — published 7 days after the fact. The live daily brief, written for your deals, is for cleared officers.