This article is contributed. See the original author and article here.
This bugfix update to Sysmon resolves a series of config parsing issues.
Previous versions of PsExec are susceptible to a named pipe squatting attack. If a low-privileged attacker creates a named pipe on a server to which a PsExec client connects, they could intercept explicit authentication credentials or sensitive command-line arguments sent by the client. The PsExec client now drops a key into file protected with an administrator-only security descriptor with a name formatted as PSEXEC-.key into the Windows directory on the remote system that the PsExec service uses to authenticate to the client.
Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.