Jump to content


  • Content Count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About dsanchez

  • Rank

Contact Methods

  • Website URL

Profile Information

  • Location
  • Interests
    if(EIP == 0x41414141) 0day++

Recent Profile Visitors

2,238 profile views
  1. Hi @CKMorgus and @hatesallbugs Process Hollowing is already fixed in 1.12.X.124. Could you update to that version? Best regards David Sánchez
  2. Hi all, @Skunk1966 helped us to fix the issue, so as soon as possible the new version will be released for all of you. We really appreciate the kind help offered by @Skunk1966 to solve this issue. Best regards
  3. Hi @RuitBier @Skunk1966 @zubairahmed It seems that Microsoft might have updated something in their Office apps (or Windows) that makes this issue. We are working to fix it as soon as possible. Actually, we do have a new release that gets some extra info from the false positive but nothing related to the user nor to his/her machine. We created this version because we are not able to reproduce the same issue in our lab so far. If you are willing to try this version on your machine and send me back the logs, please drop me an email to dsanchez@malwarebytes.com Thank you David S
  4. Hi @Skunk1966 Thanks for the information and sorry for any inconvenience you have had, we are working hard to fix the issue as soon as possible. Regards David Sánchez
  5. Hi @AdamM and @DanielC Thank you for letting us know. I checked the issue and fixed it and I am glad to tell you that next release will fix the issue. Best regards David
  6. Hi @zubairahmed Thank you for letting use know. We are currently working on it. However, could you tell me which Office version you are working with? so, we will be able to check your case closely. Best regards Thank you.
  7. Hi @motjr During this month we will release a new version that already fixes that issue. Sorry for any inconveniences. Best regards
  8. Hi Forrest. Thank you for letting use know. I'm personally looking at the issue but please could you tell me the version of Windows too? Best Regards
  9. Hi @AdamM Thank you for letting us know. I will fix it as soon as posible. Instead of disabling the whole protections you might only want to turn the "Memory Patch Hijacking Protection" off in the meantime. Please, let me know if it works for you while we are fixing it. Best regards David Sánchez
  10. Hi @MisterWeather There are some articles on Internet that are a bit misleading because this vuln only affects when the System-wide Mandatory-ASLR configuration is enabled. You might not be affected by it because it is not enabled by default. Although MBAE bottom-up ASLR might help it will depend on whether the operative system takes advantage of MBAE's protection. Of course, that Bottom-up ASLR is another security layer that you might turn it on to protect your shielded application but keep in mind that not all the applications are not compatible with it. Best regards
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.