Sysmon v13.01 and PsExec v2.30

Published Jan 12 2021 03:01 PM 7,250 Views
Microsoft

Sysmon v13.01

This bugfix update to Sysmon resolves a series of config parsing issues.
 

PsExec v2.30

Previous versions of PsExec are susceptible to a named pipe squatting attack. If a low-privileged attacker creates a named pipe on a server to which a PsExec client connects, they could intercept explicit authentication credentials or sensitive command-line arguments sent by the client. The PsExec client now drops a key into file protected with an administrator-only security descriptor with a name formatted as PSEXEC-.key into the Windows directory on the remote system that the PsExec service uses to authenticate to the client.
5 Comments
Version history
Last update:
‎Jan 12 2021 03:01 PM
Updated by: