eEye Digital Security - Research Blog: November 2006

« October 2006 | Main | December 2006 »

November 29, 2006

Derek's Thanksgiving Present

Happy belated Thanksgiving everyone! We have two updates for you this week to the eEye Research Portal.

The first is an update to an already solid tool, Faultmon. This has a few added features to help with your debugging experience.

The second update to the Portal is a new presentation fresh off of the pdf printer. "Memory Retrieval Vulnerabilities" is a presentation prepared by eEye researcher Derek Soeder back in October 2006 however it never found a suitable home at a conference so we are just releasing it here. It discusses theoretical coding flaws that could offer an attacker a glimpse into the stack or heap, or possibly arbitrary process memory, thereby allowing the construction of more reliable exploits against a vulnerable process -- even in spite of generic security measures such as /GS and ASLR that rely upon unpredictability. Select real-world examples are provided, including a NETAPI32 (Server Service) vulnerability silently fixed in MS06-040. Notes are included on many of the slides to provide additional details.

Stay tuned for more updates in the near future!

Posted by eEye Research on November 29, 2006 at 06:00 PM | Permalink | Comments (0)

November 15, 2006

Patch Tuesday Infoz

Howdy Ya'all,

Just wanted to take a breather for the normal patch Tuesday whirlwind and give everyone some links to some cool eEye information regarding this months update from Redmond.
1 - Workstation Service NetpManageIPCConnect Buffer Overflow - Microsoft released MS06-070, removing one of our upcoming advisories and adding one published advisory. This is a pretty cool find by JeongWook Matt Oh, who you've also seen tear it up with the eEye Binary Diffing Suite (EBDS) (which I'm sure everyone has used the Patch Tuesday, right?).
2 - Microsoft Patch Summary - We geared this patch summary for both the CSO-type as well as the IT admin in the trenches. We hope this help you read between the lines of the Microsoft advisories as you prepare your patch prioritization plan. Don't forgot our old VERSA article that can help you with that plan.

In the words of Kip,
Peace Out.

Posted by eEye Research on November 15, 2006 at 01:22 PM | Permalink | Comments (0)

November 03, 2006

Tool Updates

Hey Gang, got some tool updates for you. eEye Boot Root and the eEye Binary Diffing Suite were both updated because of requests from users like you and posted to research.eeye.com. We appreciate the input, and we are glad to see our tools are being used out there! Keep your xml-differs pointed here for more fair-and-balanced security research for eEye Digital Security.

Posted by eEye Research on November 03, 2006 at 01:00 PM | Permalink | Comments (0)

November 02, 2006

Upcoming Advisory - IE6

Happy Friday-eve! As a present, eEye has posted a new upcoming advisory. But you already knew that cause you are syndicating our RSS feed, right? Just goes to show that after 6 Microsoft updates affecting IE6 in the past 12 months, there are still plenty of bugs to go around.

Posted by eEye Research on November 02, 2006 at 03:43 PM | Permalink | Comments (0)

Tool Update: EEREAP bug fix

EEREAP v0.81 is now available for download.

Thanks to Philippe Biondi for pointing out the incorrect emulation of opcodes 93h through 97h, and to Ben Nagy for finding a mistake in one of the readme examples.

Posted by eEye Research on November 02, 2006 at 03:05 PM | Permalink | Comments (0)

eEye Digital Security - Research Blog

The best way to get up-to-date information from the eEye Research Team.

Archives

Recent Posts

Recent Comments