Friday, March 13, 2015

DLL Hijacking Vulnerability

I hear that ICS-CERT has published a DLL hijacking advisory for an industrial control system on the US-CERT Secure Server. Since I don’t have access to that site I can’t confirm that, and if I did I wouldn’t be able to talk about it anyway. If they have, they will get around to publishing it on the ICS-CERT site in the near future.

In any case, if you are the owner operator of an industrial control system at a critical infrastructure facility, you should already have requested access to the Secure Server so that you would be up to date on these types of vulnerabilities.

If you are not a critical infrastructure facility, you might try contacting US-CERT to see if you can get access, I understand that they have liberalized their rules about who they will give access. They are certainly willing to talk to security researchers and system integrators.

No comments:

/* Use this with templates/template-twocol.html */