A Bug Has No Name: Multiple Heap Buffer Overflows In the Windows DNS Client

Posted: 10/17/2017 | Leave a Comment

CVE-2017-11779 fixed by Microsoft in October of 2017, covers multiple memory corruption vulnerabilities in the Windows DNS client. The issues affect computers running Windows 8/ Server 2012 or later, and can be triggered by a malicious DNS response. An attacker can exploit this issue to gain arbitrary code execution in the context of the application that made the DNS request.

https://www.bishopfox.com/blog/2017/10/a-bug-has-no-name-multiple-heap-buffer-overflows-in-the-windows-dns-client/

CSIAC Journal - Insider Threat and the Malicious Insider Threat

This issue of the CSIAC Journal presents five articles which represent different perspectives on Insider Threat and approaches to understand and remediate that threat.

Read the Journal

CSIAC Journal - Serious Games to Enhance Defense Capabilities

This 2017 special edition of the CSIAC Journal focuses on wargames and the many uses of Modeling and Simulation (M&S) that support decision making needed at the various levels of combat.

Read the Journal

CSIAC Reference Document - Recent Developments in Cyberlaw: 2018

CSIAC SME and member of the American Bar Association’s Information Security Committee, Richard “Rick” Aldrich, gives a snapshot of the recent developments in cyberlaw, policy, standards, court cases and industry legal frameworks. These slides focus on emerging issues such as cloud data storage, the scope of 3rd-party doctrine, encryption, warrants for electronic searches, and artificial intelligence.

Read the Document

CSIAC Report - Defense Acquisition University Secure Systems Design Course Experiment

CSIAC developed a course experiment with the Defense Acquisition University (DAU) Cybersecurity Enterprise Team. The goal of this exercise was to study the techniques & strategies used to provide cybersecurity-based training, in an effort to educate the entire acquisition workforce on cybersecurity best practices & techniques.

Read the Report

Jun 11

Transport Security and Safety Expo – TSSX 2018

June 11 - June 12

Washington DC

United States

Jun 25

AIAA Modeling and Simulation Technologies Conference

June 25 - June 29

Alanta GA

United States

Aug 04

Black Hat USA 2018

August 4 - August 9

Las Vegas

United States

Organizer: UBM

+1 866 203 8081

Aug 09

DEF CON 26

August 9 - August 12

Las Vegas NV

United States

Organizer: DEF CON

Aug 27

Linux Security Summit (LSS)

August 27 - August 28

Vancouver

Canada

Organizer: The Linux Foundation

415-723-9709

View all Events

Phone:	800-214-7921
Email:	info@csiac.org
Address:	266 Genesee St. Utica, NY 13502

A Bug Has No Name: Multiple Heap Buffer Overflows In the Windows DNS Client

Leave a Comment Cancel

CSIAC Products & Services

About CSIAC

Contact Us

Reader Interactions

Leave a Comment Cancel

Footer

CSIAC Products & Services

About CSIAC

Contact Us