:: tell em your dog or cat got ahold of it (or it met with an accident) ::
Package arrived damaged.
HMMMMM...wasn’t it SolarWinds we were looking at a while ago - for the election???
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Hacked SolarWinds Software Lacked Basic Anti-Exploit Mitigation: Microsoft
Software vendor SolarWinds failed to enable an anti-exploit mitigation available since the launch of Windows Vista 15 years ago, an oversight that made it easy for attackers to launch targeted malware attacks in July this year.
The missing mitigation was flagged by Microsoft in a post mortem of last month’s zero-day attack that hit businesses using the SolarWinds Serv-U Managed File Transfer and Serv-U Secure FTP products.
Microsoft originally shipped the mitigation — called ASLR (Address Space Layout Randomization) in Windows Vista back in 2006 as part of a larger plan to make it more difficult to automate attacks against the operating system.
However, according to Microsoft’s newly minted Offensive Research & Security Engineering team, SolarWinds developers failed to enable ASLR compatibility in some modules.
“Enabling ASLR is a simple compile-time flag. [It] is a critical security mitigation for services which are exposed to untrusted remote inputs, and requires that all binaries in the process are compatible in order to be effective at preventing attackers from using hardcoded addresses in their exploits, as was possible in Serv-U,” Microsoft said. moar...