From f4a055c16207972430e4af811c811ecb4481bbe8 Mon Sep 17 00:00:00 2001 From: tbaker57 <tim.h.baker@gmail.com> Date: Mon, 25 Nov 2024 04:53:21 +1000 Subject: [PATCH] Update drvstore.yml (#93) Co-authored-by: Wietze <wietze@users.noreply.github.com> --- yml/microsoft/built-in/drvstore.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/yml/microsoft/built-in/drvstore.yml b/yml/microsoft/built-in/drvstore.yml index b361f570..658f6b3f 100644 --- a/yml/microsoft/built-in/drvstore.yml +++ b/yml/microsoft/built-in/drvstore.yml @@ -23,9 +23,16 @@ VulnerableExecutables: - Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US Type: Catalog +- Path: 'hvciscan_amd64.exe' + Type: Sideloading + ExpectedSignatureInformation: + - Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US + Type: Catalog Resources: - https://securityintelligence.com/posts/windows-features-dll-sideloading/ - https://github.com/xforcered/WFH +- https://www.microsoft.com/en-us/download/details.aspx?id=105437 Acknowledgements: - Name: Chris Spehn Twitter: '@ConsciousHacker'