BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:

Security Research

12

Fuzzing for MS15-010

Posted February 17, 2015    Bill Finlayson

Intro This past Patch Tuesday Microsoft released MS15-010: Vulnerabilities in Windows Kernel-Mode Driver Could Allow Remote Code Execution.  This patch addressed multiple privately reported vulnerabilities in win32k.sys and one publicly disclosed vulnerability in cng.sys. Win32k.sys Diff The first notable thing we noticed was that several handlers for TrueType instructions, @irtp_*, were touched.  While we did…

Tags:
, ,
ghost

GHOST Vulnerability…Scary Indeed

Posted January 28, 2015    BeyondTrust Research Team

A vulnerability discovered by Qualys security researchers has surfaced within the GNU C Library that affects virtually all Linux operating systems. The vulnerability lies within the various gethostbyname*() functions and, as such, has been dubbed “GHOST.” GHOST is particularly nasty considering remote, arbitrary code execution can be achieved. In an effort to avoid taxing DNS lookups, glibc developers introduced…

Tags:
,
flash-logo

Adobe Patches Zero-Day Flaw Being Exploited in the Wild

Posted January 22, 2015    BeyondTrust Research Team

Earlier this week, French malware researcher Kafeine reported on a new Adobe Flash zero-day vulnerability that was being exploited in the wild using the latest versions of the Angler Exploit Toolkit. “Any version of Internet Explorer or Firefox with any version of Windows will get owned if Flash up to 16.0.0.287 (included) is installed and enabled”…

Tags:
, , , , ,
Capture

MS15-002 Detection

Posted January 16, 2015    Bill Finlayson

MS15-002 was one of the more interesting patches this month.  As such, we spent quite a bit of time on it.  But alas, it appears as though a pretty thorough analysis has already been posted at WooYun (http://drops.wooyun.org/papers/4621) which mostly aligns with our analysis of the issue. We believe this issue to be difficult to exploit…

Tags:
patch-tuesday

January 2015 Patch Tuesday

Posted January 14, 2015    BeyondTrust Research Team

Starting off the new year, Microsoft directs its focus more toward user rights and access. For the majority of bulletins, an attacker would need some form of authentication prior to elevating their privileges. Aside from these, the most notable vulnerability lies within an old friend named Telnet, which even the newer versions of windows are…

Tags:
,
gwindows_logo

Git’s Case-Insensitive Discrepancies: Exploiting GitHub For Windows And Microsoft Visual Studio (still affected)

Posted December 23, 2014    BeyondTrust Research Team

A vulnerability within Git has been recently announced concerning the case-insensitive nature of the Windows file system. This vulnerability is unique in that fact that an attacker does have the ability to execute arbitrary code, however conventional exploitation methods, such as memory corruption, is not required. This article explores two ways to execute arbitrary, attacker…

Tags:
, , , ,
Dark Reading

2014: The Year of Privilege Vulnerabilities

Posted December 18, 2014    Chris Burd

Of the 30 critical-rated Microsoft Security Bulletins this year, 24 involved vulnerabilities where the age-old best practice of “least privilege” could limit the impact of malware and raise the bar of difficulty for attackers.

Tags:
, , , , ,
Patch Tuesday MS15-078

December 2014 Patch Tuesday

Posted December 9, 2014    BeyondTrust Research Team

This month marks the final Patch Tuesday of 2014. Most of what is being patched this month includes Internet Explorer, Exchange, Office, etc… and continues a trend of the greatest hits collection of commonly attacked Microsoft software. Probably the one thing that broke the mold this month is that for once there is not some…

Tags:
,
3_why_interseting2

CVE-2014-1824 – A New Windows Fuzzing Target

Posted November 25, 2014    BeyondTrust Research Team

As time progresses, due to constant fuzzing and auditing many common Microsoft products are becoming reasonably hard targets to fuzz and find interesting crashes.  There are two solutions to this: write a better fuzzer (http://lcamtuf.coredump.cx/afl/) or pick a less audited target. In a search for less audited attack surface, we are brought to MS14-038, Vulnerability…

Tags:
, ,
6

A Quick Look at MS14-068

Posted November 20, 2014    Bill Finlayson

Microsoft recently released an out of band patch for Kerberos.  Taking a look at the Microsoft security bulletin, it seems like there is some kind of issue with Kerberos signatures related to tickets. Further information is available in the Microsoft SRD Blogpost So it looks like there is an issue with PAC signatures.  But what…

Tags:
, , , ,