BrightStor Code Execution Zero-Day, BootRoot, & Versa

Hey readers,

We have a few notable updates regarding eEye Research projects and findings:

• BrightStor PoC Released: This vulnerability was original reported as a denial of service, but with a minor change to the proof-of-concept, an exploitable condition is reached.  eEye Research is keeping a close eye on exploits for this vulnerability, and will update the ZDT entry as more information becomes available.
• eEye BootRoot Update: We've included source code for two of our BootRoot-derivative works, SysRq and PiXiE.  Both projects are known to have problems with certain BIOSes, and the PiXiE source code is incomplete, but we hope releasing the code will encourage further development on the BootRoot concept.
• Versa Newsletter: This monthly installment of Versa includes an interesting article regarding the shift from network-based attacks to client-side ones.  Although this shift that has been occurring over quite some time, we have seen an increase in these trends over recent months.

As always, you can send any questions directly to us at skunkworks@eeye.com.