CVE-2012-35211

Name of the Vulnerable Software and Affected Versions Windows Defender (affected versions not specified) Psexec (affected versions not specified) Goanywhere (affected versions not specified) Serv-u (affected versions not specified) Windows Registry (affected versions not specified) Task Scheduler (affected versions not specified) NSIS Installer (affected versions not specified) Chrome (affected versions not specified) Windows Service (affected versions not specified) Whatsapp (affected versions not specified)

Description The issue concerns financially motivated actors, including Fin11, Whisper spider, and Ta505, who utilize various threats such as Cobalt strike, Truebot, and Flawedgrace rat. The threats target the financial industry, specifically in Chile. The estimated number of potentially affected devices worldwide is not available. There have been real-world incidents where this issue was exploited, but specific details are not provided.

Technical details about exploitation include the use of API endpoints and vulnerable parameters or variables, but specific information is not provided. However, the issue involves various functions, including NSIS and Killer, and utilizes algorithms such as bzip, rc4, 7zip, sha1, and sha256. The Win API functions VirtualAllocEx, CreateThread, SetThreadContext, CreateRemoteThread, RtlCreateUserThread, CloseHandle, SeShutdownPrivilege, and ExitWindowsEx are also involved.

Recommendations For Windows Defender, consider disabling the vulnerable components until a patch is available. For Psexec, restrict access to the vulnerable module to minimize the risk of exploitation. For Goanywhere, avoid using the vulnerable parameters in the affected API endpoints until the issue is resolved. For Serv-u, consider temporarily disabling the vulnerable function until a patch is available. For Windows Registry, Task Scheduler, NSIS Installer, Chrome, Windows Service, and Whatsapp, at the moment, there is no information about a newer version that contains a fix for this vulnerability.