Improved

• Pro: We expanded the error messages that return when duplicate emails are added to social engineering target lists with conflicting user detail.

• PR 15972  - This updates the log4shell scanner with the LEAK_PARAMS option, which provides a way to leak more target information such as environment variables.

• PR 16320  - This updates Windows Meterpreter payloads to support a new MeterpreterDebugBuild datastore option. When set to true the generated payload will have additional logging support which is visible via Window’s DbgView program.

• PR 16373  - This adds initial support for ruby 3.1.

• PR 16403  - This adds more checks to the post/windows/gather/checkvm module to better detect if the current target is a Qemu / KVM virtual machine.

Fixed

• PR 16364  - This adds a fix for a crash in auxiliary/spoof/dns/native_spoofer as well as documentation for the module.

• PR 16386  - This Ensures Exploit::Remote::SocketServer does not call the associated Rex::ServiceManager service wait method if the service has already stopped.

• PR 16398  - A number of recent payload adds did not conform to the patterns used for suggesting spec configurations. Tests for these payloads have now been manually added to ensure they will be appropriately tested as part of rspec checks.

• PR 16408  - This fixes an edgecase with the multi/postgres/postgres_copy_from_program_cmd_exec module, which would crash when a randomly generated table name started with a number.

• PR 16419  - A bug has been fixed whereby when using the search command and searching by disclosure_date, the help menu should instead appear. This has been fixed by improving the date handling logic for the search command.

Modules

• PR 16082  - This updates the shadow_mitm_dispatcher module by adding a new RubySMB Dispatcher. This allows a better integration with RubySMB and enables the use of all the features provided by its client. Also, both SMBv2 and SMBv3 are now supported.

• PR 16381  - This adds a post module that enumerates applications installed with Chocolatey on Windows systems.

• PR 16382  - This adds an exploit for CVE-2022-26904, which is an LPE vulnerability affecting Windows 7 through Windows 11. Leveraging this vulnerability can allow a local attacker running as a standard user, who has knowledge of another standard user’s credentials, to execute code as NT AUTHORITY\SYSTEM. ThePromptOnSecureDesktop setting must also be set to 1 on the affected machine for this exploit to work, which is the default setting.

• PR 16395  - This achieves unauthenticated remote code execution by executing SpEL (Spring Expression Language) queries against Spring Cloud Function versions prior to 3.1.7 and 3.2.3.

• PR 16399  - A new module has been added that exploits CVE-2022-28381, a remotely exploitable SEH buffer overflow vulnerability in AllMediaServer version 1.6 and prior. Successful exploitation results in remote code execution as the user running AllMediaServer.

• PR 16401  - This change adds support for CVE-2022-22616 to the existing Gatekeeper bypass exploit module which reportedly covers macOS Catalina all the way to MacOS Monterey versions below 12.3. Since this now targets two CVEs, we’ve introduced a new CVE option to select which CVE to exploit. The default is the most recent CVE.

Offline Update

• https://updates.metasploit.com/packages/cc9a145a18cd2e7782ce9ffee85d4b390bd567bf.bin 

Metasploit Framework and Pro Installers

• https://github.com/rapid7/metasploit-framework/wiki/Downloads-by-Version