mitigations



On the heels of last week’s release of exploit code for a crippling denial-of-service vulnerability in Windows 7 and Windows Server 2008 R2, Microsoft has issued a security advisory to confirm the issue and offer pre-patch mitigations.The flaw, in the Microsoft Server Message Block (SMB) Protocol which affects SMBv1 and SMBv2, could cause a system to stop functioning or become unreliable, Microsoft said, describing the published exploit code as “detailed.”

Microsoft Corp. pours more money into software security than any other
major vendor both because it has to and because it can. Yet for all the
investments in security, the number of vulnerabilities discovered in
the company’s products has increased over the years, prompting
questions over whether the company has reached the limits of its
ability to debug software. 

Microsoft has released
a free tool for retroactively hardening applications against known
attacks, without recompiling the program with a special compiler flag.
The Enhanced Mitigation Evaluation Toolkit
(EMET) allows developers and administrators to activate specific
protection mechanisms in compiled binaries without requiring access to
the source code. The tool is currently able to prevent or impede four
attack techniques. Read the full story [The H Online]  See Microsoft blog post on EMET [technet.com]

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.