Microsoft’s ‘million dollar’ bug-finder

Microsoft is previewing a cloud-based bug detector, dubbed Project Springfield, that it calls one of its most sophisticated tools for finding potential security vulnerabilities.

Project Springfield uses “whitebox fuzzing,” which uncovered one-third of the “million dollar” security bugs during the development of Windows 7. Microsoft has been using a component of the project called SAGE since the mid-2000s to test products prior to release, including fuzzing both Windows and Office applications.

To learn more click here.

MySQL zero-day exploit puts servers at risk

A publicly disclosed vulnerability in the MySQL database could allow attackers to completely compromise some servers.The vulnerability affects “all MySQL servers in default configuration in all version branches (5.7, 5.6, and 5.5) including the latest versions,” as well as the MySQL-derived databases MariaDB and Percona DB, according to Dawid Golunski, the researcher who found it.

The flaw, tracked as CVE-2016-6662, can be exploited to modify the MySQL configuration file (my.cnf) and cause an attacker-controlled library to be executed with root privileges if the MySQL process is started with the mysqld_safe wrapper script.

To learn more click here.

Technology news and I.T. services provider.

%d bloggers like this: