This week started off with a bang when a vulnerability in BIND was accidentally disclosed earlier than expected. BIND is an open source and extremely popular DNS software solution that is used world-wide. The vulnerability, CVE-2011-2464 (link), can lead to a denial of service against DNS by sending a specially crafted packet to the DNS [...]

Microsoft has announced an out-of-band release for a vulnerability (CVE-2009-3103) in the SMB2 protocol which exposes Windows Server 2008 and Windows Vista users to possible remote code execution attacks. It does not appear that Windows 2000 and Windows XP are affected because they do not have the vulnerable SMB2 driver. The vulnerability is labeled as [...]

Conficker is back in the news as there are reports of new variants popping up. I’m sure that you’ve all heard the news and hype about how many endpoints Conficker has infected, and even more speculation on what the bot herder will do with the massive botnet. Here’s some background info on Conficker and what [...]