I'm getting really good feedback on our bug hunt. I've had a couple of people report interesting vulnerabilities to ISC or me directly that they have discovered using the technique outline on the ISC Diary here (https://isc.sans.edu/diary/Help+eliminate+unquoted+path+vulnerabilities/14464). The vulnerability reported can be used by malware instead of creating registry entries to survive a reboot. In cases where the program run as a service they can be used for privilege escaltation.
As you are checking your programs, be sure to occationally check for instances of CALC.EXE running invisibly in the background. Those are sometime the more interesting processes to look at. :)
Thanks to everyone reporting vulnerabilites. Be sure to post a comment on the bug hunt diary and read the comments from other people finding the bugs.
Join me in San Antonio Texas November 27th for SANS 504 Hacker Techniques, Exploits and Incident Response! Register Today!!
Follow me on Twitter @MarkBaggett
Nov 7th 2012
6 years ago