diTii.com Digital News Hub

Sign up with your email address to be the first to know about latest news and more.

I agree to have my personal information transfered to MailChimp (more information)


Report of POC code bypasses Data Execution Prevention

Microsoft released an update to Advisory 979352, in relation to reports of proof of concept (POC) code that “bypasses Data Execution Prevention (DEP) and additional information on exploitability, mitigations and workarounds for, Microsoft products that use mshtml.dll.” “Based on our comprehensive monitoring, we continue to see only limited attacks, still target Internet Explorer 6 – this’s also confirmed by the attack samples our Microsoft Active Protections Program (MAPP) partners have sent in. Elevation of Privilege (EoP) vulnerability in Windows kernel, affecting all currently supported versions of 32-bit / 64-bit Windows, including Windows Server 2008 R2, are not affected. While we’ve not seen real-world attacks for any other platform.” Here’s the current state-of-the-art on each platform:

More info: MSRC blog

Share This Story, Choose Your Platform!

Do NOT follow this link or you will be banned from the site!