vulnerability

CVE-2021-20047: DLL Search Order Hijacking Vulnerability

When looking for methods of execution in controlled environments, software components are an essential area of review. With the implementation of controls such as AppLocker, running arbitrary executables becomes more difficult. In most environments we test, AppLocker is now a common configuration implementation which serves to reduce the attack surface by defining the permitted locations an executable is allowed to run from.

OpenSSL "Heartbleed" Vulnerability

You may have already seen reference to the OpenSSL 'Heartbleed' vulnerability which was published this week (http://heartbleed.com/).

If you have not yet seen this advisory, this is a very serious vulnerability in OpenSSL version 1.0.1 through 1.0.1f inclusive, and when exploited this bug allows a connecting attacker to retrieve sensitive memory contents from affected servers.