Microsoft adds free root certificate authority to Windows
Posted using ShareThis
Remember back in the days of Windows 95 when someone could use the OOB attack to remotely BSOD a PC? Well now you can relive your youth with a classic throwback from Microsoft! Windows Vista, 2008, and 2007 of all variants all have a similar vulnerability that allows a remote attacker take your machine down with a simple ampersand. Leave it up to Microsoft to do it all again more than a decade later.
The SMB 2.0 driver in x86 and x64 versions of Windows Vista, Server 2008, and Windows 7 are all one in the same. When sent the “&” character in the “Process ID High” SMB header, the process pagefaults and brings us the beloved Blue Screen of Death we’ve all come to know and love.
Credit goes to Laurent Gaffié and you can find the Proof-of-Concept on his blog.
On 07.06.09, In Software, By Kyle
Be sure to check for patches and network security appliance definitions/signatures today, Microsoft has been reminded again of why people hate ActiveX; Secunia is reporting a nasty new DirectShow Buffer Overflow attack is in the wild. This one is very dangerous, as it exploits the built-in DirectShow control in Internet Explorer (msvidctl.dll) by using specially-crafted image content to create a boundary error and subsequently cause a stack-based buffer overflow allowing the attacker to execute arbitrary code on the compromised machine.
The worst part? It’s already being actively used by bad people. Although Secunia’s site currently shows Windows XP as the only OS vulnerable, I wouldn’t be surprised to see more versions of Windows tacked on in the near future.
On 06.11.09, In Net Issues, Your Rights, By Kyle
I found this gem today. Great to hear we have some guy from Microsoft running the Cybersecurity show in the US (that was sarcasm):
The Department of Homeland Security (DHS) appointed former Microsoft executive Philip Reitinger as director of the National Cybersecurity Center.
In an announcement earlier this week, DHS Secretary Janet Napolitano filled three positions that support cybersecurity operations at DHS. Also appointed were Greg Schaffer as assistant secretary for cybersecurity and communications and Bruce McConnell as counselor tothe National Protection and Programs Directorate (NPPD) Deputy Under Secretary.
Reitinger fills the NCSC post left vacant with the departure of Rod Beckstrom. Beckstrom resigned in March citing his frustration with cybersecurity planning between federal agencies and the lack of funding for cybersecurity issues. Reitinger will also continue to serve as Deputy Under Secretary for the NPPD, a post he was appointed to in March.
KBT Computers, Jun 2009
Read the rest over at KBT Computers’ Blog
Translator
