Mike Gibson

@cyb3rops I have struggled with choosing what is the right path here. I am just not sure that level of detail applies enough pressure to get it resolved. The pressure needs to come from their customers and they will apply more pressure if the risk of exploitation is higher.

If I were in their place and disappointed by Microsoft’s “Moderate” rating, I would’ve done it differently: Just state the facts. - Privilege escalation in AD - Full domain compromise, default config - No patch, no fix - No DC access, no code exec, no RPC Then ask: “Microsoft rated this Moderate. Does that sound right to you?” No need to release full details or a working attack. If the goal was to apply pressure, that would’ve done the job.

#BadSuccessor - a textbook example of why the security ecosystem is broken - A privilege escalation vuln in Windows Server 2025 AD (via dMSA) - Full domain compromise with default config - Microsoft was told, agreed it’s real, but rated it "moderate" - No patch, No fix - No code execution needed - No need to touch the DC - No RPC, no ntds.dit - Just a write to one attribute on an account you can create - Rubeus already supports dMSA abuse (since February) - Metasploit module is in the works Researchers published everything anyway. Because… "we respectfully disagree with Microsoft’s assessment". So yeah, let’s just drop an end-to-end domain takeover technique online to prove a point. To be fair, Windows Server 2025 isn’t widely deployed yet, so the real-world blast radius today is limited. But this isn’t about today - it’s about trust, process, and what happens when security decisions are driven by vendor priorities and researcher egos. What this tells me: 1. Microsoft either: - Can’t assess bugs anymore - Or stopped caring about on-prem AD completely (because Entra ID is what they want to sell) 2. And the offensive sec crowd? - They knew this would hit hard - But chose to burn the world anyway - Because their urge to be right > everyone else’s security In the end, both sides look bad. Microsoft, for being dysfunctional or apathetic Researchers, for chasing clout over coordinated disclosure Congrats. In a rare show of unity, both sides managed to screw this up. Blog: akamai.com/blog/security-… LinkedIn: linkedin.com/feed/update/ur… Metasploit issue: github.com/rapid7/metaspl…

@thezdi @SinSinology Here we go!! #pwn2own

The first attempt at #Pwn2Own Automotive is a success! Sina Kheirkhah (@SinSinology) was able to execute an attack against the ChargePoint Home Flex. Now off to the disclosure room for confirmation.

The new @TrendMicro Vision One platform release marks a leap forward in enterprise #cybersecurity, encompassing robust attack surface risk management and next generation XDR - now amplified by powerful generative #AI technology. Find out more here: bit.ly/3N8Ql7V

@onepeloton Too late! If you released this 24 months ago I would still be a customer and have my bike and this. You are getting out innovated!!

Rowing, meet Peloton. 🤝 It’s officially here. Our long-anticipated Peloton Row is now available for pre-order—but it's not the rowing you thought you knew. Pre-order now at onepeloton.com/row

The latest blog from the Trend Micro Research Team looks at CVE-2022-26937: a Microsoft Windows NFS NLM Portmap stack buffer overflow that could lead to RCE. They provide root cause, source code walkthrough, and detection guidance. zerodayinitiative.com/blog/2022/6/7/…

@Dustin_Childs & @thezdi & @MaliciousInput provide examples of systemic problems with security patches and how those problems negatively impact enterprise security, based on disclosing over 9,500 vulnerabilities across 17 years, in #BHUSA Briefing informatech.co/3wvA6e4

Here's a quick demonstration of the #Microsoft Teams 0-click exploit demonstrated by @starlabs_sg during #Pwn2Own last week.

This was fun to watch live today. Congrats again to the @Synacktiv team.

Amazing first day of the 15th anniversary of #Pwn2Own. Can’t wait to see what happens tomorrow. @TrendMicro @thezdi

Can’t wait to arrive in Vancouver and join the team for our 15th anniversary of Pwn2Own. Going to be a great week.

Since #Ubuntu has a new release, we will be using version 22.04 at #Pwn2Own Vancouver instead of 21.10. We've updated the rules to reflect this change. Hope to see you there. zerodayinitiative.com/Pwn2OwnVancouv…

We’re excited to announce that @TrendMicro has joined the Cortex XSOAR Marketplace! Learn more about Vision One here! bit.ly/3oQ9yQB #securityautomation #xsoar #marketplace #VisionOne

We have joined the Cortex XSOAR Marketplace! Trend Micro Vision One and Cortex will work seamlessly to simplify incident investigations and drive automated response. Learn more about Vision One here: bit.ly/3oPWJFY

@itsrichiemane And super excited they announced a Season 2 already!! Great books, great show.

Reacher was pretty dope. Definitely going to rewatch

Zero Day Initiative — Looking Back at the Zero Day Initiative in 2021 thezdi.com Very proud of the team's accomplishments in 2021. Almost $4M awarded to the research community in total. Congratulations @trendmicro @thezdi!!

Some may say I have a fascination with tech gadgets. I typically argue, but after applying a firmware update to a softball just now, I think they may be right.

Age yourself with a computer game.

@NBohusch @GossiTheDog Good feedback. Certainly wasn't intentional. We were getting mostly mitigation questions when we initially authored the article. We added a link at the top to jump to our own product information to make it easier to find. Thanks!!

@GossiTheDog Trend Micro doesn't hide it, but also puts the information about their own products only at the end of their article. I think most customers/partners are looking for the information if the product itself is vulnerable and not about how it can help mitigate...

@cyb3rops once again accurately describes the current situation! Suggest everyone reads this.