search menu icon-carat-right cmu-wordmark

Archive: September 2019

Update on the CERT Guide to Coordinated Vulnerability Disclosure

Update on the CERT Guide to Coordinated Vulnerability Disclosure

• CERT/CC Blog
Allen Householder

It's been two years since we originally published the CERT Guide to Coordinated Vulnerability Disclosure. In that time, it's influenced both the US Congress and EU Parliament in their approaches to vulnerability disclosure. I wanted to provide an update on how the Guide is evolving in response to all the feedback we received....

Read More
The Dangers of VHD and VHDX Files

The Dangers of VHD and VHDX Files

• CERT/CC Blog
Will Dormann

Recently, I gave a presentation at BSidesPGH 2019 called Death By Thumb Drive: File System Fuzzing with CERT BFF. (The slides from my presentation are available in the SEI Digital Library.) Although my primary goal was to find bugs in kernel file-system-parsing code, a notable part of my research was investigating attack vectors. In particular, I focused on VHD and VHDX files on Windows systems. In this post, I describe some of the risks associated...

Read More