// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE BRF-01DTG 0600Z
ColdRecon / Brief Archive / Week of January 13, 2025
Signal Brief · Archived

Week of January 13, 2025

2025-01-13 — 2025-01-19 · 3 PUBLIC EVENTS · GENERAL / NON-PERSONALIZED

In the week of January 13, 2025, ColdRecon logged 3 public endpoint-security events from open-source reporting — 2 vuln disclosures, 1 research poc. Vendors in the record this week: Microsoft, WatchGuard.

The Week's Public Record

Events

2025-01-18
research poc
New BYOVD Technique Uses Symbolic Links to Blind EDR by Overwriting Service ExecutablesBYOVD-Symlink-EDR-Blind
A researcher disclosed a method that combines Bring Your Own Vulnerable Driver (BYOVD) with Windows symbolic links to expand the pool of exploitable drivers. The technique leverages any driver with file-writing capability to overwrite EDR user-mode service executables during boot, effectively blinding the EDR. A proof-of-concept demonstrates disabling Microsoft Defender on Windows 11.
2025-01-14
vuln disclosure
CVE-2025-21213: Windows 10 1507 Secure Boot Bypass VulnerabilityCVE-2025-21213
A vulnerability in Windows 10 version 1507 allows bypassing Secure Boot protections. This flaw could enable attackers to load untrusted code during the boot process, undermining endpoint security guarantees.
2025-01-13
vuln disclosure
WatchGuard Endpoint Protection Privilege Escalation in PSANHost Enables Arbitrary File Delete as SYSTEMCVE-2024-8424
WatchGuard disclosed CVE-2024-8424, an improper privilege management vulnerability in the PSANHost.exe module of its endpoint protection products. The flaw allows a local attacker to delete arbitrary files with SYSTEM privileges. The issue is resolved in updated versions.
Every event in this brief is a record in ColdRecon's canonical set, drawn from public open-source reporting and linked to its source. This is the general, non-personalized signal — published 7 days after the fact. The live daily brief, written for your deals, is for cleared officers.

This is last week, public. Get this morning's, written for you.

The live ColdRecon brief lands at 0600 daily — the same signal, filtered to your competitors and framed for your deals. Request clearance and tomorrow's is yours.

Request Clearance →