Microsoft said a Windows SMB zero day, which has a public proof-of-concept exploit available, is low risk and won’t be patched until an upcoming Patch Tuesday.
Tag Archives: Johannes Ullrich
Badlock Vulnerability Clues Few and Far Between
Admins have to hold their breath for two more weeks on the Badlock vulnerability. Which will come first: the patch, or a public exploit?
Active DoS Exploits for MS15-034 Under Way
Public denial-of-service exploits for a critical vulnerability in Microsoft’s implementation of the HTTP protocol stack, HTTP.sys are under way, while remote code execution attacks may still be to come.
Shellshock Worm Exploiting Unpatched QNAP NAS Devices
A worm exploiting the Bash vulnerability in QNAP network attached storage devices has been discovered. The attack opens a backdoor and for now is carrying out a click-fraud scam against JuiceADV.
WordPress 4.0.1 Update Patches Critical XSS Vulnerability
The latest version of WordPress, 4.0.1, patches a critical cross-site scripting vulnerability in comment fields that enables admin-level control over a website.
SNMP-Based DDoS Attack Spoofs Google Public DNS Server
SNMP-based DDoS attacks spoofing Google’s public recursive DNS server have been spotted by the SANS Internet Storm Center.