Category Archives: responsible disclousure

Microsoft issues patch for wormable Windows DNS Server flaw

Posted on by

Microsoft is issuing a patch for a severe and wormable Windows Domain Name System Server vulnerability that could allow attackers to execute arbitrary code against targets and gain control of targets’ entire IT infrastructure. The vulnerability, which was uncovered by a researcher at Check Point, would allow hackers to intercept and interfere with users’ emails and network traffic, tamper with services, and steal users’ credentials, by exploiting Windows’ Domain Name System (DNS) Server; DNS is essentially the protocol that translates between website names and their corresponding IP addresses. The vulnerability can be triggered by a malicious DNS response, which could lead to a heap-based buffer overflow, according to Check Point. The vulnerability is widespread as it affects all Windows Server versions, according to Microsoft. It’s the third serious vulnerability Microsoft has addressed just this month, following the emergency disclosure and patching of two critical vulnerabilities affecting Windows 10 and Windows Server distributions. Those […]

The post Microsoft issues patch for wormable Windows DNS Server flaw appeared first on CyberScoop.

Continue reading Microsoft issues patch for wormable Windows DNS Server flaw

EU needs one set of vulnerability disclosure rules, says expert task force

Posted on by

Cybersecurity researchers in the European Union need legal certainty and consistent standards across its 28 member states if they are to hunt for software vulnerabilities, according to a blue-ribbon commission established by the Center for European Policy Studies. “What we should avoid is that there are 27 or 28 different [legal] frameworks for coordinated vulnerability disclosure and also that there are different definitions being used — of hacking or vulnerability or disclosure — so that this again creates uncertainty for people working in the field,” said European Parliament member Marietje Schaake, chair of the CEPS Task Force on Software Vulnerability Disclosure. Only three of 28 member states currently have a policy on responsible disclosure, although 13 are in the stages of developing one, she told a recent roundtable at the European Parliament. Each member-state has been taking their own approach to vulnerability disclosure, Schaake said, “ranging from sophisticated thinking … […]

The post EU needs one set of vulnerability disclosure rules, says expert task force appeared first on Cyberscoop.

Continue reading EU needs one set of vulnerability disclosure rules, says expert task force