“Cybersecurity vendors, software providers, and CISA are issuing daily vulnerability disclosures alerting the industry to the fact that all software is built with mistakes that must be addressed, often immediately,” said Yotam Perkal, director of vulnerability research at Rezilion. The CLI tool helps researchers and developers quickly know if their containers and hosts are impacted by a specific vulnerability to shorten the attack window and create an effective remediation plan.
Vulnerability software platform firm Rezilion on August 12 announced the availability of its new open-source tool MI-X from the GitHub repository. New Open-Source Tool Helps Devs Spot Exploits Let’s get caught up on the latest open-source software industry news. But no apology was rendered for BitLocker locking out Linux users. Meanwhile, Microsoft apologized to open-source software devs. SymCrypt is the core cryptographic library in Windows and it uses AVX instructions featured on the latest Intel and AMD processors, especially the server-grade ones.As IT workers continue their daunting job of protecting network users from bad guys, a few new tools might help stem the tide of vulnerabilities that continue to link open source and proprietary software.Ĭanonical and Microsoft reached a new agreement to make their two cloud platforms play nicer together. The data integrity vulnerability was caused by the addition of new code paths to the Windows 11 (original release) and Windows Server 2022 versions of SymCrypt to take advantage of VAES instructions.
Performance issues should be fixed with the installation of the Jpreview or the Jsecurity release. Enterprise customers may also experience slower disk throughput. However, these updates apparently slow down CPU performance by up to 2x in applications like Bitlocker and Transport Layer Security load balancers. This issue is fixed with the preview release and the Jsecurity release. Intel’s Alder Lake and upcoming Raptor Lake are partially affected as the platforms do not officially support VAES, but the feature can be enabled through custom BIOS firmware. Affected processors that could be susceptible to data damage include Intel’s Ice Lake, Tiger Lake, Ice Lake-SP and Sapphire Rapids-SP models, while AMD’s affected models include the Ryzen 5000, Ryzen 5000X3D, EPYC Milan, EPYC Milan-X and EPYC Genoa, plus the upcoming Zen 4 processors.
Micorosft recently identified a data integrity vulnerability that impacts Windows 11 / Windows Server 2022 devices supporting the newest Vector Advanced Encryption Standard (AES) (VAES) instruction.
0 kommentar(er)
