November 2009 Security Bulletin Webcast

Hello. This is Jerry Bryant letting you know that the questions and answers from our November Security Bulletin webcast have been posted and the video from the webcast is below.

We did not get very many questions this month and the ones we did get covered various topics and were not focused in one particular area. One very good question we received had to do with the Microsoft Word bulletin, MS09-068. The user asked if an attack could execute via the Outlook 2007 preview function. This function allows a user to preview certain document types from within Outlook as demonstrated in these screen shots:

Above: what the user sees when clicking on the attached file.

Above: what the user sees after clicking the “Preview file” button.

The answer to the question is no. The preview option does not offer an attack vector for this vulnerability.

Here is the video from the webcast where Adrian Stone and I cover the bulletins in detail:

Get Microsoft Silverlight More listening and viewing options:

Please plan to join us next month for our regularly scheduled Security Bulletin webcast which will be held on December 9 at 11:00 a.m. PDT (UTC -8). You can register now for that webcast at this link.


Jerry Bryant

*This posting is provided "AS IS" with no warranties, and confers no rights*