Month of Kernel Bugs to Come

Over the river and through the wood, to the bug hunter's house we go

5:45 PM -- Remember the Month of Browser Bugs? (See Getting Buggy with the MOBB.) Well, hold on to your turkey dinner: November will be the Month of Kernel Bugs (MOKB) -- and we're not talking corn here.

A Metasploit researcher who goes only by "LMH" has decided to disclose an OS kernel bug a day starting on November 1. This is the very same LMH, who along with HD Moore and Aviv Raff, developed the eVade-o-Matic Module (VOMM) which hides browser exploit code from signature-based systems.

LMH was apparently frustrated with how OS vendors handle patching these bugs after trying to collaborate with Red Hat on bugs he found in their OS with a fuzzing tool he had developed. Anyway, LMH is asking for "fresh" bug submissions for XNU, win32, *BSD, etc., such as denial-of-service, privilege escalation, or other typical kernel bugs. LMH is also offering his fuzzing tool to help bug hunters.

But before you start your Christmas shopping, you should know that rumor has it there may even be a Month of Apple Bugs in the works by some other researchers. It may be a long, cold winter.

— Kelly Jackson Higgins, Senior Editor, Dark Reading