SQL Slammer is a computer worm that first appeared in the wild in January 2003, and caused a denial of service condition on tens of thousands of servers around the world. It did so by overloading Internet objects such as servers and routers with a massive number of network packets within 10 minutes of its first emergence.
The worm exploits a buffer overflow vulnerability in Microsoft SQL Server 2000 or MSDE 2000 by sending a formatted request to UDP port 1434. After the server is infected, it attempts to spread rapidly by sending the same payload to random IP addresses, causing a denial of service condition on its targets. This vulnerability was discovered by David Litchfield several months before Slammer first launched. Accordingly, Microsoft released a patch, but many installations had not been patched before Slammer’s first appearance.
There's a zero-day exploit in the wild that exploits a key file-sharing protocol in most supported versions of Windows, including Windows 10, the latest and most secure version of the Microsoft operating system. The exploit is probably not worth worrying about, but you'd never know that based on the statement Microsoft officials issued on Thursday when asked what kind of threat the exploit poses:
"Windows is the only platform with a customer commitment to investigate reported security issues and proactively update impacted devices as soon as possible," an unnamed spokesperson replied in an e-mail. "We recommend customers use Windows 10 and the Microsoft Edge browser for the best protection."
The popular Metasploit hacking kit has been upgraded to tackle today's Internet of Things (IoT) devices, granting researchers the opportunity to scour for bugs in modern vehicles.
Rapid7 Research director of transportation security Craig Smith announced on February 2 that the Metasploit framework can now link directly to hardware, permitting users to develop exploits to test their hardware and conduct penetration testing with less time wasted.
It is hoped that researchers will no longer have to build multiple tools to test today's modern devices and overcome previous network limitations.
"Metasploit condensed a slew of independent software exploits and tools into one framework and now we want to do the same for hardware," Smith says.