Microsoft’s advisories giving clues to hackers
How's this for a new twist on the old responsible disclosure debate: Hackers are taking advantage of information released in Microsoft's pre-patch security advisories to create exploits for zero-day vulnerabilities. The latest zero-day flaw in the Windows DNS Server RPC interface implementation is a perfect example of the tug-o-war within the MSRC (Microsoft Security Response Center) about how much information should be included in the pre-patch advisory.
Using clues in the workarounds section of the advisory, Errata Security researcher David Maynor said he was able to pinpoint the source of the vulnerability without much trouble.
Read the article HERE.
Using clues in the workarounds section of the advisory, Errata Security researcher David Maynor said he was able to pinpoint the source of the vulnerability without much trouble.
Read the article HERE.
posted by vanish at 8:45 AM
0 Comments:
Post a Comment
<< Home