A Bug Has No Name: Multiple Heap Buffer Overflows In the Windows DNS Client

Posted: 10/17/2017 | Leave a Comment

CVE-2017-11779 fixed by Microsoft in October of 2017, covers multiple memory corruption vulnerabilities in the Windows DNS client. The issues affect computers running Windows 8/ Server 2012 or later, and can be triggered by a malicious DNS response. An attacker can exploit this issue to gain arbitrary code execution in the context of the application that made the DNS request.

https://www.bishopfox.com/blog/2017/10/a-bug-has-no-name-multiple-heap-buffer-overflows-in-the-windows-dns-client/

The DoD Cybersecurity Policy Chart

This chart captures the tremendous breadth of applicable policies, some of which many cybersecurity professionals may not even be aware, in a helpful organizational scheme.

View the Policy Chart

CSIAC Journal - Cyber-As-Zoo: Multidisciplinary Cyber Struggle

This issue of the CSIAC Journal contains five articles that offer some perspectives to address the often-heard phrase "Cyber Is Hard", usually associated with gnashing of teeth and exasperated sighs.

Read the Journal

CSIAC Journal - Insider Threat and the Malicious Insider Threat

This issue of the CSIAC Journal presents five articles which represent different perspectives on Insider Threat and approaches to understand and remediate that threat.

Read the Journal

CSIAC Reference Document - Recent Developments in Cyberlaw: 2018

CSIAC SME and member of the American Bar Association’s Information Security Committee, Richard “Rick” Aldrich, gives a snapshot of the recent developments in cyberlaw, policy, standards, court cases and industry legal frameworks. These slides focus on emerging issues such as cloud data storage, the scope of 3rd-party doctrine, encryption, warrants for electronic searches, and artificial intelligence.

Read the Document