search menu icon-carat-right cmu-wordmark

CERT/CC Blog

Vulnerability Insights

Latest Posts

Expectations of Windows RDP Session Locking Behavior

Expectations of Windows RDP Session Locking Behavior

• CERT/CC Blog
Will Dormann

This post was co-written by Will Dormann and Joe Tammariello. Recently, CERT researchers published a vulnerability note (VU#576688 - Microsoft Windows RDP can bypass the Windows lock screen). In this blog post, we provide a little more insight into how the vulnerability was discovered and what it may mean to people who use Microsoft Windows RDP. The following steps reproduce VU#576688: Use a Microsoft Windows RDP client to connect to Windows Server 2019 or Windows...

Read More
Comments on Voluntary Voting System Guidelines 2.0 Principles and Guidelines

Comments on Voluntary Voting System Guidelines 2.0 Principles and Guidelines

• CERT/CC Blog
Allen Householder

The U.S. Election Assistance Commission recently held a public comment period on their Voluntary Voting System Guidelines 2.0 Principles and Guidelines. At the CERT/CC, we focus our attention on sectors that are new to (or perhaps slow to adopt) common vendor security practices like Coordinated Vulnerability Disclosure (CVD). To that end, Deana Shick, Jonathan Spring, Art Manion, and I collaborated to provide our feedback to the EAC. The remainder of this post contains the comments...

Read More
API Hashing Tool, Imagine That

API Hashing Tool, Imagine That

• CERT/CC Blog
Kyle O'Meara

In the fall of 2018, the CERT Coordination Center (CERT/CC) Reverse Engineering (RE) Team received a tip from a trusted source about a YARA rule that triggered an alert in VirusTotal. This YARA rule was found in the Department of Homeland Security (DHS) Alert TA17-293A, which describes nation state threat activity associated with Russian activity. I believed this information warranted further analysis....

Read More
DGA Domains with SSL Certificates?  Why?

DGA Domains with SSL Certificates? Why?

• CERT/CC Blog
Leigh Metcalf

CertStream is a free service for getting information from the Certificate Transparency Log Network. I decided to investigate the presence of domains generated by Domain Generation Algorithms (DGA) in this stream and I found some intersting phenomena....

Read More
Towards Improving CVSS

Towards Improving CVSS

• CERT/CC Blog
Deana Shick

If you are a software vendor, IT administrator, or CSIRT team, you are probably using the Common Vulnerability Scoring System (CVSS) in one way or another. The CERT/CC recently published a white paper entitled Towards Improving CVSS that outlines what we consider to be major challenges with the standard and discusses some ways forward. This post is a summary of that paper; if you are interested, please review the full paper for an elaboration of...

Read More
New SEI CERT Tool Extracts Artifacts from Free Text for Incident Report Analysis

New SEI CERT Tool Extracts Artifacts from Free Text for Incident Report Analysis

• CERT/CC Blog
Matthew Sisk

This post is co-authored with Sam Perl. The CERT Division of the Software Engineering Institute (SEI) at Carnegie Mellon University recently released the Cyobstract Python library as an open source tool. You can use it to quickly and efficiently extract artifacts from free text in a single report, from a collection of incident reports, from threat assessment summaries, or any other textual source....

Read More
Life Beyond Microsoft EMET

Life Beyond Microsoft EMET

• CERT/CC Blog
Will Dormann

Approximately eight years ago (September 2010), Microsoft released EMET (Enhanced Mitigation Experience Toolkit) 2.0. In the world of software defenders, there was much rejoicing. EMET allows users to not be at the mercy of their software vendors when it comes to opting in to vulnerability exploit mitigations. As we fast-forward to November 2016, Microsoft released a blog post called Moving Beyond EMET, which announced the end-of-life (EOL) date of EMET and explained why Windows 10...

Read More
When

When "ASLR" Is Not Really ASLR - The Case of Incorrect Assumptions and Bad Defaults

• CERT/CC Blog
Will Dormann

As a vulnerability analyst at the CERT Coordination Center, I am interested not only in software vulnerabilities themselves, but also exploits and exploit mitigations. Working in this field, it doesn't take too long to realize that there will never be an end to software vulnerabilities. That is to say, software defects are not going away. For this reason, software exploit mitigations are usually much more valuable than individual software fixes. Being able to mitigate entire...

Read More