Microsoft DirectShow vulnerability
Microsoft have recently announced a Microsoft DirectShow vulnerability via an advisory and multiple blog entries.
The advisory indicates that Microsoft are investigating public reports of a vulnerability within the DirectShow element of DirectX - CVE-2009- 1537 has been allocated to this vulnerability.
Microsoft have published quite a detailed set of actions which provide a temporary workaround for this issue to prevent the download of a crafted QuickTime formated file.
The following information has been posted:
http://blogs.technet.com/msrc/default.aspx
http://www.microsoft.com/technet/security/advisory/971778.mspx
http://blogs.technet.com/srd/
In the advisory Microsoft have indicated that a patch will be produced for this but give no timescales. To reduce the potential risk you should consider the impact of applying the workaround versus the period of nil-protection whilst it's MAPP/MSRA partners get definitions out for detection, etc.
SecurityFocus have reported that targeted exploits of this issue have been seen in the wild.
Stego in TCP retransmissions
I just started reading an interesting new paper out of the Warsaw University of Technology entitled Hiding Information in Retransmission. This got me to thinking, even those of us who have extensive monitoring of our network rarely will have the capability to compare retransmitted packets to the original to detect this. A really interesting idea. The abstract can be found here and the paper itself here.
More new volatility plugins
If you follow our diary at all, by now, you know I am a big fan of volatility for doing analysis of memory images. I use it quit a bit in my automated malware analysis environment.* Well, our friend, Michael Hale Ligh, who brought us the excellent malfind plugin has released another great plugin, the usermode_hook plugin. Read his writeup, it is well worth the time.
*Shameless plug: Come to SANSFIRE in Baltimore next month and meet many of the handlers, I'll be talking about my automated environment including how I currently use volatility and some of what I still want to do with it.
Comments
www
Nov 17th 2022
6 months ago
EEW
Nov 17th 2022
6 months ago
qwq
Nov 17th 2022
6 months ago
mashood
Nov 17th 2022
6 months ago
isc.sans.edu
Nov 23rd 2022
6 months ago
isc.sans.edu
Nov 23rd 2022
6 months ago
isc.sans.edu
Dec 3rd 2022
5 months ago
isc.sans.edu
Dec 3rd 2022
5 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
isc.sans.edu
Dec 26th 2022
5 months ago
isc.sans.edu
Dec 26th 2022
5 months ago