Last week Microsoft issued an advisory on a new vulnerability with the IIS FTP service. This vulnerability already has a published exploit and can result in allowing the attacker to execute unauthorized code on the target. Details of the vulnerability are available at the US-CERT website. If you have an anonymous account on your ftp server then you are especially at risk because no theft of credentials would be needed to execute this exploit.
To me the key to this issue is that a fix won’t be included in today’s Microsoft security patch release. There simply wasn’t enough time to identify, code and test the patch before it was released. Microsoft complained that the security researcher didn’t report the vulnerability responsibly. While this may be true, it certainly highlights the weakness of a desktop security plan that relies on patching and antivirus signatures. Continue reading this post…
Last week I blogged about the general momentum around application whitelisting citing our meetings with Neil MacDonald from Gartner and a recent post from George Kurtz of McAfee.
This week, I want to speak more specifically about using application whitelisting to both meet the letter and the spirit of NERC CIP-007 compliance requirements. This is an area where application whitelisting is gaining significant momentum as a supplement or alternative to traditional blacklist antivirus. There are many reasons why the energy industry is ahead of the general curve in adopting whitelisting technologies. Continue reading this post…
The most recent piece of evidence comes courtesy of the 2009 Black Hat conference going on right now in Las Vegas. MX Logic reports from this year’s conference that a new trojan called “Clampi” is being used for highly sophisticated identity theft. The researcher cited from SecureWorks claims that hundreds of thousands of PCs have already been infected. Continue reading this post…
The associated press is reporting that Microsoft is warning of a vulnerability that isn’t yet patched in their operating system. Details on how to protect yourself can be found in the link above.
The proposed solution from Microsoft involves pushing out a large registry change (that you must assemble yourself) that disables the compromised ActiveX control – that then must be applied to each and every system. Continue reading this post…
This week, CoreTrace announced the latest version of our award-winning application whitelisting product, BOUNCER. In a seemingly unrelated note, Microsoft officially launched the beta version of its free antivirus offering, Microsoft Security Essentials (MSE, previously code-named “Morro”).
Seemingly unrelated, and yet completely related. Continue reading this post…