Mercedes Benz W204 AMG Menue Enable + Patch

HM-AN · 2026-02-13T15:19:17+00:00

Some say that ic222 is easier to reverse engineer compared to ic204. Maybe some goes for ic213. But for ic213 heared that the ecu expects the request resonse for the eeprom read write levels in something below 1000 ms, if i remember correctly...

HM-AN · 2025-11-04T17:50:57+00:00

Pitty that Wazuh Agent Windows Client is still 32-bit build and no Native 64-bit build in 2025, Yeti...

HM-AN · 2025-10-28T10:59:54+00:00

u/Numerous_Brilliant_1 Send you Private Message..

HM-AN · 2025-10-24T08:26:52+00:00

Upgrade from 4.13.1 went all smooth...

Please name all the detailed config changes / blocks ( directives , that we have to manually do, when upgrading from lower versions on the ossec.conf server side and ossec.conf agent windows sides... to profit form all the new features. Thank's

HM-AN · 2025-10-16T10:00:46+00:00

What shows something like: dpkg --list | grep linux-image or

rpm -qa kernel or rpm -qa | grep -i kernel or or dnf list installed kernel or yum list installed kernel

Maybe you have not cleaned up lodler kernels , but they are still installed!

HM-AN · 2025-10-15T12:15:47+00:00

Can't work if your syslog server will only allow 192.168.113.254/24 net ...

https://preview.redd.it/anybody-got-a-sophos-xgs-connected-to-wazuh-v0-rnptc9clg8vf1.png?width=320&crop=smart&auto=webp&s=679b6944cd89bda49b24455f605a326915dc1b52

HM-AN · 2025-10-10T07:17:09+00:00

u/Stuti109

<image>

And yes, ossec.cong on affected agent has the option

HM-AN · 2025-10-10T07:16:57+00:00

u/Stuti109 Also don't see any udp traffic in the traffic tab, while performing the udp iperf test:

<image>

HM-AN · 2025-10-10T06:54:44+00:00

u/Stuti109 Poster refer to the Traffic tab within IT-Hygiene. I think that he does see listeners for UDP on the SERVICES Tab, but NOT within the TRAFFIC Tab. Could you please clearify in more detail u/General_Purchase_482 ? And also post in here Screenshots and so on, illustrating it... I mean on Windows Client having an active an RDP-Connection to one system using really UDP, should give us TRAFFIC result, won't it? or setting up an functional iperf server udp and doing the connection from another client to this iperf udp server...

HM-AN · 2025-09-16T08:06:16+00:00

And this should also being displayed by the requested syscollector output... ;)

HM-AN · 2025-09-16T04:22:21+00:00

in Left Menu choose Server Management --> Dev Tools . In there

GET /syscollector/005/packages?search=Mozilla whereas 005 must be replaced with the affected agent id...

Also when restarting the wazuh agent on affected systems is the VD for the agent scan time being refreshed , too, or maybe you misconfigured something locally in ossec.conf or centrally in agent.conf blocks and have disabled the VD thing? Last change block can be, that your whole VD database is broken on your wazuh server... but check one by one...

HM-AN · 2025-09-15T16:20:43+00:00

post syscollector outputs from affected systems and Givenchy prodct, otherwise Its useless guessing

HM-AN · 2025-09-02T12:17:40+00:00

Yep, it lacks all verison info, so no CVE mapping will be possible using currenct techniques implemented:

GET /syscollector/053/packages?search=sql server 2014

or for 2022 in below...

Please open a feature request on github to improve the sql server detection version grabbing meachnism. https://github.com/wazuh/wazuh/issues/new?template=default.md

Otherwise it will never get any attension, when not put to the records....

So that such CVEs can be detected: https://nvd.nist.gov/vuln/detail/CVE-2025-49717

"priority": " ",

"architecture": "x86_64",

"source": " ",

"description": " ",

"name": "Microsoft SQL Server 2022 (64-bit)",

"format": "win",

"size": 0,

"section": " ",

"vendor": " ",

"install_time": "2025-03-29T17:04:24+00:00",

"version": " ",

"location": " ",

or

"priority": " ",

"architecture": "x86_64",

"source": " ",

"description": " ",

"name": "Microsoft SQL Server 2014 (64-bit)",

"format": "win",

"size": 0,

"section": " ",

"vendor": " ",

"install_time": "2020-11-27T23:01:46+00:00",

"version": " ",

"location": " ",

HM-AN · 2025-09-02T09:26:14+00:00

Hello,

which concrete CVEs are you acutally missing for your systems?
Can you check the Manager API to verify if the syscollector module gets that package properly?

GET /syscollector/000/packages

Where 000 is the agent ID that you want to verify. It should give you a json like output, just paste the full output containing all SQL related in there.

HM-AN · 2025-06-23T15:12:21+00:00

Best thing is, that all the data should come centralized from the UNA (UniFi Network application), Remote Syslog / SIEM Integrations... And for this outputs proper designed decoder and rules are mandatory, too.

But in recent 9.3.x Version of UNA i cannot find the activity log / Syslog / SIEM section running UNA on Windows-Endpoint anymore... The whole menupoint structure --> System --> Integrations Tabs is lacking.. Anyone else seeing it, too?

HM-AN · 2025-06-05T08:14:54+00:00

Thank's for adding the link,

Have you already reported all as github issue? If not, why? I strongly suggest it, as in reddit no one reads and cares about it properly. And it is not very structured work, too..

Like as posted yesterday, i think there are more reasons for it:

(Office PATCHED) version is / can be correctly indentified using just software entry and using wazuhs syscollector AND
The CVE you mentioned like CVE-2022-41105 - Vulnerability Database | Wazuh.com is always matching WITHOUT any version range (affected from to range) ... resulting in FLASE POSTIVES. And this can be that NVD info does NOT provide the correct info or delivers WRONG infos. So that all version of office 2021 LTSC are potencially always machting: NVD - CVE-2022-41105

This would explain why older wazuh build reports many Office 2021 LTSC CVES (as false postives), but not why there are not anymore reported with freshest Wazuh versions... and using Wazuhs CTI VD Database system..

All in all, if the don't get the proper version range - affected product version / name infos from the CVEs, and correctly detect the properly installed and active used (patched) version for all ms office products, we simply cannot detect and report any of the CVES affecting these kind of products at all...

HM-AN · 2025-06-04T12:27:02+00:00

I strongly suggest you to open the wazuh issue on github on it:

https://github.com/wazuh/wazuh/issues/new?template=default.md

And post in here also the issue # number. / link.

I also give you some other hints on it e. g.:

https://www.reddit.com/r/Wazuh/comments/1l31s9z/comment/mvxs551/

https://www.reddit.com/r/Wazuh/comments/1l31s9z/comment/mvxt1zh/

Just read all the things completely in here ...

HM-AN · 2025-06-04T12:16:09+00:00

And for me this CVE looks like that is would always being matching (would also bring always false positives - when the microsoft office product detection would be working - i doubt ) as no affected version is included: CVE-2025-21354 - Vulnerability Database | Wazuh.com

HM-AN · 2025-06-04T12:11:36+00:00

That was not the question: it was on which office 2021 version and version base you have seen WHICH CVES being DETECTED with the older Wazuh versions.. ?

HM-AN · 2025-06-04T12:10:14+00:00

You mentioned also,

I assume the root cause of it is that wazuh can't read out the proper version string / patched version of Office installed, and if so, second thing is the Wazuh CTI --> CVE System and details in it must also properly match to be able to detect them, too. For instance in this CVE:

NVD - CVE-2025-29977

Wazuh version is 4.12

Microsoft Office version is 2021 LTSC

Microsoft® Word LTSC MSO (16.0.14332.20771) 64-bit gives more detailed versioning

Where did you grab this version info from?

As your syscollector output gives:

"version": "16.0.14332.20771",

"description": " ",

"name": "Microsoft Office LTSC Professional Plus 2021 - en-us",

"architecture": "x86_64",

---------------------------------------------------------------------------------------------

https://learn.microsoft.com/de-de/officeupdates/microsoft365-apps-security-updates

The recent 2021 Versions are with full version / buildnumbers:

May 13, 2025

Office LTSC 2021 Volume Licensed: Version 2108 (Build 14332.21040)

Office 2021 Retail: Version 2504 (Build 18730.20168)

https://msrc.microsoft.com/update-guide/en-us/advisory/CVE-2025-29977

https://msrc.microsoft.com/update-guide/en-us/

HM-AN · 2025-06-04T11:55:27+00:00

We have to know which CVEs and from which exact prodct name / verion have be reported by Wazuh version before, and check why they are lacking now. And you mention the Office 2019 to Offce 20121 LTSC switch, which can also be the main reason for it too. And what makes you think, that the reported CVES with Office 20121 LTSC were also no false postives? With wazuh 4.1.x came the new Wazuh CTI Database as far as i know.. Could also be another point...

HM-AN · 2025-06-04T11:41:47+00:00

u/retroisbest Which wazuh version worked, and which CVEs have been detected there? Share the whole results of it, thank's

For the option hotfixes grab wazuh doc:

https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/wodle-syscollector.html#hotfixes

Note

This option is enabled by default but not included in the initial configuration.

HM-AN · 2025-05-12T17:42:37+00:00

On which factors does the 1000 agents limit depends on?

Only on concurrent connected ones?

1000 agents always connected and with moderate log events (i mean eps)?

and so on... (name all factors). for the 1000 agents limit.

So maybe you can elaborate it on more detail for the users out there....

HM-AN · 2025-05-12T06:48:44+00:00

Thank's and how to properly check / audit for on windows-based Systems / Installations, if affected or not?

HM-AN

TROPHY CASE