Posts Tagged ‘Windows’

An other day, an other bug…

Posted by spaquet on February 16, 2011  |   Comments Off

The flaw in “BrowserWriteErrorLogEntry()” function within the Windows mrxsmb.sys driver “could be exploited by remote attackers or malicious users to cause a denial of service or take complete control of a vulnerable system,” researchers from French security firm Vupen warned. The warning came after proof-of-concept code was posted on Monday to the Full-disclosure mailing list.

Vupen, which rates the vulnerability as critical, has confirmed the bug in Windows Server 2003 SP2 and Windows XP SP3. Secunia rates it as moderately critical, the third most serious notch in its five-tier system.

A Microsoft spokesman said company researchers are investigating the reports and “will take appropriate action to help protect customers” when the inquiry is complete.

More information on this vulnerability can be found here, here and here (sources: Vupen and Secunia)

UP4B offers a wide range of process and network analysis to make sure that your network is protected against what is really important for your business: information leak, network protection (penetration testing,…), network availability and more.

Feel free to contact us for more information on our IT Security services and get your company IT Sec ready.

How, How, How… It’s Christmas !

Posted by spaquet on January 3, 2011  |   Comments Off

Well, looks like Microsoft is giving away some gifts to best friends “hackers” thanks to an other best friend: Googlebot.

According to Michal Zalewski, a security researcher at Google, data concerning at least one “clearly exploitable crash” in the Microsoft browser was inadvertently disclosed to people who were using a Chinese IP address. Details about the bug, which resides in the mshtml.dll component, were stored on a server that had accidentally been indexed by Google…

The bug leads to arbitrary crashes in the EIP, or extended instruction pointer, of machines running the Microsoft browser. Zalewski said the flaw “is pretty much fully attacker-controlled.” It was uncovered using cross_fuzz, a security tool the researcher developed in his spare time more than two years ago to identify potential security vulnerabilities in IE, Firefox, and other browsers. Since its release, the tool has helped to identify nearly 100 various browser bugs.

More information can ben obtained at Michal’s blogs : here and here