Releases: itm4n/PrivescCheck
Releases · itm4n/PrivescCheck
Release list
2026.07.02-1
Changelog
2026-07-02
Added
- Add a function for calculating the Authenticode hash of a PE file.
- Add Authenticode hash handling in vulnerable driver check.
Modified
- Set handle leak check as "risky".
Fixed
- Fix incorrect error handling in build script.
2026-06-27
Added
- Add a check for extended service registry setting permissions.
Modified
- Add start and stop access rights to third-party service enumeration.
2026-05-16
Fixed
- Add TPM vendor ID "VMW" (VMWare) to Get-TpmDeviceType (issue #86).
2026-05-01
Added
- Add check for CVE-2026-26128 (SMB signing required for loopback connections) in SMB server configuration.
2026.04.29-1
Changelog
2026-04-29
Modified
- Split core reflection code in separate files.
- Update build script and profiles.
- Split misc checks into multiple files.
- Reorganize code of main file.
Fixed
- Handle DOS paths starting with "?" in COM image file permission check to avoid "illegal characters in path" exceptions (issue #82).
2026-04-25
Modified
- Added check for "RunAsPPLBoot" registry value, in addition to "RunAsPPL".
2026.04.16-1
2026.04.10-1
Changelog
2024-04-10
Modified
- Implemented a better alternative for "Invoke-Expression" when testing modules in the build script + better error handling.
2026-04-05
Added
- Add AES encryption on top of GZIP compression to scramble the output script.
2026.03.28-1
Changelog
2026-03-28
Added
- Add a wrapper for the FVE API to get the status of a BitLocker drive.
Modified
- Refactor the BitLocker check to get its actual status on the system drive and thus resolve false positives (issue #84).
Fixed
- Attempt to handle exceptions thrown by Get-MpPreference (issue #83).
2026.01.30-1
Changelog
2026-01-30
Added
- Add progress status to process and thread permission check.
Fixed
- Replace Get-EventLog with Get-WinEvent to avoid unhandled errors generated by the former.
2026-01-29
Added
- Add a helper function for enumerating Microsoft Office Trust Center security settings.
- Add a check for Microsoft Office macro execution settings.
- Add a check for Microsoft Office Protected View settings.
- Add a check for Microsoft Office Trusted Locations.
2026-01-28
Added
- Check for MDE onboarding status and configuration.
- AppLocker policy enumeration from the filesystem (rules deployed through Intune).
2026.01.26-1
Changelog
2026-01-21
Added
- Add a check for SCOM agent "Run As" accounts (using the event logs).
2026.01.14-2
Changelog
2026-01-14
Fixed
- Missing Write-Progress statements causing progress overlay to not be cleaned up after certain checks.
2026.01.14-1
2025.12.25-1
Changelog
2025-12-25
Added
- Attempt to determine private key file path when enumerating machine and user personal certificates (issue #77).
- Check for whitelisted MSI packages with potentially interesting custom actions (issue #76).
Modified
- Add progress status to known vulnerable driver enumeration.
- Add progress status to service permission check.
- Add progress status to service image permission check.