Skip to content

Releases: itm4n/PrivescCheck

2026.07.02-1

Choose a tag to compare

@github-actions github-actions released this 02 Jul 10:02

Changelog

2026-07-02

Added

  • Add a function for calculating the Authenticode hash of a PE file.
  • Add Authenticode hash handling in vulnerable driver check.

Modified

  • Set handle leak check as "risky".

Fixed

  • Fix incorrect error handling in build script.

2026-06-27

Added

  • Add a check for extended service registry setting permissions.

Modified

  • Add start and stop access rights to third-party service enumeration.

2026-05-16

Fixed

  • Add TPM vendor ID "VMW" (VMWare) to Get-TpmDeviceType (issue #86).

2026-05-01

Added

  • Add check for CVE-2026-26128 (SMB signing required for loopback connections) in SMB server configuration.

2026.04.29-1

Choose a tag to compare

@github-actions github-actions released this 29 Apr 16:08

Changelog

2026-04-29

Modified

  • Split core reflection code in separate files.
  • Update build script and profiles.
  • Split misc checks into multiple files.
  • Reorganize code of main file.

Fixed

  • Handle DOS paths starting with "?" in COM image file permission check to avoid "illegal characters in path" exceptions (issue #82).

2026-04-25

Modified

  • Added check for "RunAsPPLBoot" registry value, in addition to "RunAsPPL".

2026.04.16-1

Choose a tag to compare

@github-actions github-actions released this 16 Apr 18:26

Changelog

2026-04-16

Fixed

  • Added TPM vendor IDs to fix improper TPM type resolution (issue #86).
  • Properly set "Vulnerable" flag in BitLocker check (issue #87).

2026-04-10

2026.04.10-1

Choose a tag to compare

@github-actions github-actions released this 10 Apr 12:12

Changelog

2024-04-10

Modified

  • Implemented a better alternative for "Invoke-Expression" when testing modules in the build script + better error handling.

2026-04-05

Added

  • Add AES encryption on top of GZIP compression to scramble the output script.

2026.03.28-1

Choose a tag to compare

@github-actions github-actions released this 28 Mar 17:21

Changelog

2026-03-28

Added

  • Add a wrapper for the FVE API to get the status of a BitLocker drive.

Modified

  • Refactor the BitLocker check to get its actual status on the system drive and thus resolve false positives (issue #84).

Fixed

  • Attempt to handle exceptions thrown by Get-MpPreference (issue #83).

2026.01.30-1

Choose a tag to compare

@github-actions github-actions released this 30 Jan 14:43

Changelog

2026-01-30

Added

  • Add progress status to process and thread permission check.

Fixed

  • Replace Get-EventLog with Get-WinEvent to avoid unhandled errors generated by the former.

2026-01-29

Added

  • Add a helper function for enumerating Microsoft Office Trust Center security settings.
  • Add a check for Microsoft Office macro execution settings.
  • Add a check for Microsoft Office Protected View settings.
  • Add a check for Microsoft Office Trusted Locations.

2026-01-28

Added

  • Check for MDE onboarding status and configuration.
  • AppLocker policy enumeration from the filesystem (rules deployed through Intune).

2026.01.26-1

Choose a tag to compare

@github-actions github-actions released this 26 Jan 13:09

Changelog

2026-01-21

Added

  • Add a check for SCOM agent "Run As" accounts (using the event logs).

2026.01.14-2

Choose a tag to compare

@github-actions github-actions released this 14 Jan 13:45

Changelog

2026-01-14

Fixed

  • Missing Write-Progress statements causing progress overlay to not be cleaned up after certain checks.

2026.01.14-1

Choose a tag to compare

@github-actions github-actions released this 14 Jan 13:08
Update data files (job)

2025.12.25-1

Choose a tag to compare

@github-actions github-actions released this 25 Dec 17:53

Changelog

2025-12-25

Added

  • Attempt to determine private key file path when enumerating machine and user personal certificates (issue #77).
  • Check for whitelisted MSI packages with potentially interesting custom actions (issue #76).

Modified

  • Add progress status to known vulnerable driver enumeration.
  • Add progress status to service permission check.
  • Add progress status to service image permission check.