Mu Dynamics, Inc., a player in testing next-generation network services, has announced that it discovered and helped remediate the fix for one of the zero-day vulnerabilities detailed in Microsoft (News - Alert) Patch recent security bulletin.
Microsoft credited Mu Dynamics with finding TLSv1 Record Client Denial of Service Vulnerability (CVE-2010-3229), which is categorized as Important.
Officials with Mu Dynamics (News - Alert) said that the vulnerability pertains to a low-level Secure Channel (Schannel) package that handles security negotiations for networked applications of any Microsoft IIS-based web site or cloud service deployed on Windows Server 2008. As a result, un-authenticated users could crash the entire Windows Server 2008 using a single packet.
Company officials said that using the Mu Studio Fuzz solution, Mu Dynamics worked closely with Microsoft to demonstrate and reproduce the vulnerability. Microsoft was able to quickly identify the problem, develop a patch and re-test to validate the fix.
According to company officials, as an active member of the Microsoft Security Development Lifecycle (SDL) Pro Network, Mu Dynamics periodically tests products, such as Windows Server 2008, for vulnerabilities using the Mu Test Suite.
Input validation of error and exception handling is consistently one of the most challenging areas to test. The Mu Test Suite auto-generates tens of thousands of fuzz tests that systematically and intelligently manipulates the fields in every packet of a custom transaction.
The Mu solution, company officials said, also enables quick and efficient remediation by isolating the issue, facilitating communication between the development and test teams, and integrating into automated regression test beds.
Anil Sharma is a contributing editor for TMCnet. To read more of his articles, please visit his columnist page.
Edited by Stefanie Mosca