Home
-
CVE-2026-2695
TeamViewer DEX Platform On-Premises before 9.2 contains a command injection vulnerability caused by missing server-side input validation in instruction input. Authenticated users with at least questioner privileges can inject commands in specific instructions.
-
Windows 8.1 and Windows Server 2012 R2 ESU Analysis
The original Windows 7 ESU Analysis can be found here. With the ending of support for Windows 8.1 and Server 2012 R2 in 2023, additional research was conducted to see if similar techniques would work for these operating systems as well. It was determined that both Windows 8.1 and Windows Server 2012 R2 can be fully patched past the supported period.
-
CVE-2026-0689
In ExtremeCloud IQ - Site Engine before 26.2.10, the NAC administration interface allows an authenticated NAC administrator to retrieve masked sensitive parameters from HTTP responses.
-
Windows 7 ESU Analysis Updates
The original Windows 7 ESU Analysis can be found here. With the September 2020 Cumulative Update, the technique as described no longer works to install this update. However, only slight modifications need to be made in order for this new update to also install.
-
Windows 7 ESU Patching
With the May 2020 Windows 7 updates, I went on a mission to determine the minimum set of updates needed to enable all features within Windows 7, including optional hotfixes, and to have the most up-to-date installation possible. After extensive testing, I concluded that 42 updates not offered through Windows Update would need to be installed to reach this objective. The following sections describe the updates required and provide links to each.