Microsoft Hyper-V Exploit and Wi-Fi Spoofing Among 100-Plus Year-to-Date Updates to Core Security's CORE IMPACT Pro

Microsoft Hyper-V Exploit and Wi-Fi Spoofing Among 100-Plus Year-to-Date Updates to Core Security's CORE IMPACT Pro

Rapid Exploit Releases by Industry-Leading Security Testing Solution Recognizes Aggressive Nature of Threat Landscape

BOSTON - April 12, 2011 - Core Security Technologies, the market’s leading provider of IT security test and measurement software solutions, today announced that this year it has released more than 100 updates for CORE IMPACT Pro, the company’s award-winning penetration testing software solution. Among the updates are 73 new exploits designed to assess systems against real-world data breach attempts. For instance, one recent IMPACT exploit targets a vulnerability in Microsoft’s Hyper-V hypervisor, which plays a key role in managing the virtualization layer in many cloud computing infrastructures.

“To further address the rapidly evolving threat environment, we have streamlined our quality assurance process and now are able to equip our customers with the latest  exploit capabilities and vulnerability information at an even faster rate,” said Alex Horan, product manager for CORE IMPACT Pro. “Our exploit library is developed entirely in-house, and each exploit is designed to target as many different system configurations as possible. As a result, our customers are effectively able to proactively assess their IT security against thousands of real attack scenarios.”

“Core Security has a long history of releasing commercial-grade exploits based on our own CoreLabs vulnerability research and that of the broader security community. Core’s heavy investment in R&D is evident in the speed and quality of updates made available in the first quarter of 2011, further demonstrating our commitment to being the leader in security test and measurement,” said Mark Hatton, CEO of Core Security.

New Exploits, Plus Functionality and Integration Enhancements

In addition to the 73 new exploits released to date, recent CORE IMPACT Pro functionality enhancements include:

  • the ability to spoof the Internet and create fake access points, replicating an actual attacker’s attempts to intercept wireless network traffic
  • more efficient testing of WiFi connections during wireless penetration testing
  • improved integration with the free, open-source Metasploit Framework

Learn more in the blog post by product manager Alex Horan and on CORE IMPACT Pro’s What’s New page:

http://blog.coresecurity.com/2011/03/18/stopping-to-smell-the-updates/

http://www.coresecurity.com/content/core-impact-pro-whats-new

High-Profile Hyper-V Security Concerns Addressed

The December 2010 Microsoft Patch Tuesday included one bulletin regarding Hyper-V: “Hyper-V VMBus Vulnerability – CVE-2010-3960.” Per the bulletin, a hacker could potentially capitalize on the vulnerability to cause a Hyper-V instance to stop running, killing all the virtual machines on a specific host. Core Exploit Writing team researchers deconstructed the vulnerability and discovered how data flowed between a guest OS and specific driver functions that were patched by the Microsoft update. This research enabled Core’s exploit writing team to produce a related exploit, which was delivered to customers on February 15. The IMPACT exploit remains the only known, commercially available exploit for this vulnerability.

Learn more about the development of this exploit:

http://blog.coresecurity.com/2011/02/23/behind-the-curtain-a-journey-into-reversing-the-hyper-v-vmbus-exploit-ms10-102/

The Hyper-V vulnerability can be removed by installing the Microsoft patch made available in December 2010. Core recommends re-testing after the patch to ensure that this weakness can no longer be exploited and that the patching was effective. For more information on this vulnerability and the systems affected, please visit: http://www.microsoft.com/technet/security/bulletin/ms10-102.mspx

About CoreLabs


CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. Research is conducted in several important areas of computer security including system vulnerabilities, cyber-attack planning and simulation, source code auditing and cryptography. Results from these efforts include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at:  http://www.coresecurity.com/corelabs





About Core Security Technologies

Core Security Technologies provides organizations with real-world security intelligence. In today’s highly secured organizations, there is no shortage of available security data, but there is a shortage of security intelligence. Core’s security test and measurement solutions fill the gap between the mass of security data and the intelligence to constantly know where the real exposures reside. Core’s customers gain real intelligence and visibility into their security standing, real validation of their security controls, and real metrics to more effectively secure their organizations and manage IT risks.



Core Security’s software solutions are used by more than a thousand commercial and government organizations. Solutions range from desktop software tools for technical security experts to infrastructure-wide automated testing and measurement platforms and services that leverage over a decade of trusted research and leading-edge threat expertise from the company’s Security Consulting Services, CoreLabs and Engineering groups. Core Security Technologies can be reached at +1 (617) 399-6980 or on the Web at: http://www.coresecurity.com



Contacts:

Leslie Sullivan 

Schwartz Communications

781-684-6576

CoreSecurity@Schwartzcomm.com

Tue, April 12