Steve Povolny is the Head of Advanced Threat Research for McAfee Enterprise, which delivers groundbreaking vulnerability research spanning nearly every industry. With more than a decade of experience in network security, Steve is a recognized authority on hardware and software vulnerabilities, and regularly collaborates with influencers in academia, government, law enforcement, consumers and enterprise businesses of all sizes. Steve is a sought after public speaker and media commentator who often blogs on key topics. He brings his passion for threat research and a unique vision to harness the power of collaboration between the research community and product vendors, through responsible disclosure, for the benefit of all.
Steve Povolny Blog FeedMore from Steve Povolny
Major HTTP Vulnerability in Windows Could Lead to Wormable Exploit
Today, Microsoft released a highly critical vulnerability (CVE-2021-31166) in its web server http.sys. This product is a Windows-only HTTP server...
Beyond Clubhouse: Vulnerable Agora SDKs Still in Widespread Use
On February 17th, 2021, McAfee disclosed findings based on a 10-month long disclosure process with major video conferencing vendor Agora,...
Researchers Follow the Breadcrumbs: The Latest Vulnerabilities in Windows’ Network Stack
The concept of a trail of breadcrumbs in the offensive security community is nothing new; for many years, researchers on...
McAfee ATR Launches Education-Inspired Capture the Flag Contest!
McAfee’s Advanced Threat Research team just completed its second annual capture the flag (CTF) contest for internal employees. Based on tremendous...
CVE-2020-17051: Remote kernel heap overflow in NFSv3 Windows Server
CVSS Score: 9.8 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Overview Microsoft released a patch today for a critical vulnerability (CVE-2020-17051) in the Windows NFSv3 (Network File System) server. NFS is typically...
CVE-2020-16898: “Bad Neighbor”
CVE-2020-16898: “Bad Neighbor” CVSS Score: 8.8 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Overview Today, Microsoft announced a critical vulnerability in the Windows IPv6 stack,...
Dopple-ganging up on Facial Recognition Systems
Co-authored with Jesse Chick, OSU Senior and Former McAfee Intern, Primary Researcher. Special thanks to Dr. Catherine Huang, McAfee Advanced...
Ripple20 Critical Vulnerabilities – Detection Logic and Signatures
This document has been prepared by McAfee Advanced Threat Research in collaboration with JSOF who discovered and responsibly disclosed the...
What’s in the Box? Part II: Hacking the iParcelBox
Package delivery is just one of those things we take for granted these days. This is especially true in the...
SMBGhost – Analysis of CVE-2020-0796
The Vulnerability The latest vulnerability in SMBv3 is a “wormable” vulnerability given its potential ability to replicate or spread over...
