This entry is the first in a series about securely configuring the IPv6 protocol on selected operating systems. Although this entry focuses on how to disable IPv6, we are not recommending that everyone immediately disable IPv6. However, if critical parts of your infrastructure (firewall, IDS, etc.) do not yet fully support the IPv6 protocol, consider disabling IPv6 until those components can be upgraded.
The Kill-Bit (or "killbit") is a Microsoft Windows registry value that prevents an ActiveX control from being used by Internet Explorer. More information is available in Microsoft KB article 240797. If a vulnerability is discovered in an ActiveX control or COM object, a common mitigation is to set the killbit for the control, which will cause Internet Explorer to block use of the control. Or will it?
Slowloris is a denial-of-service (DoS) tool that targets web servers. We have some suggestions about mitigation techniques and workarounds to protect your server. However, use caution if you implement any of these suggestions because they will likely have some unintended side effects.
Two recent US-CERT Vulnerability Notes describe similar issues in the Adobe Reader and Foxit Reader PDF viewing applications. The vulnerabilities, that both applications failed to properly handle JPEG2000 (JPX) data streams, were discovered as part of our Vulnerability Discovery initiative. The two vulnerability notes are quite similar, except for one aspect: attack surface.
Hi, it's Will. As previously mentioned, we have been investigating and discovering ActiveX vulnerabilities over the past few years. Today we released the Dranzer tool that we have developed to test ActiveX controls.
We've been using the Dranzer ActiveX fuzz testing tool for over three years, and we've found a large number of vulnerabilities with it. I've tagged a few of the US-CERT Vulnerability notes with the "Dranzer" keyword to show the sort of vulnerabilities we've been discovering with the tool.
Hello, it's Ryan. We've talked about IPv6 in blog entries and vulnerability notes before. But instead of focusing on IPv6 vulnerabilities, this blog entry will show how functional IPv6 tunneling protocols can be used to bypass IPv4-only firewalls and ACLs. If you'd like a demonstration, watch this video that we created.
Hello, Sid Faber from the Network Situational Awareness group at CERT. Like just about everyone else, we've been following the Conficker worm for a while and thought some updated stats on the Conficker.C variant might be useful.
Hi, it's Will again. Recently, I was investigating the effectiveness of the workarounds for the Adobe Reader JBIG2 vulnerability, and I encountered an unexpected situation. In certain situations, the application resiliency feature of Windows Installer can actually undo some of the steps taken to mitigate a vulnerability.