Attack Vector

MS09-029: Vulnerabilities in the EOT parsing engine

Today we released MS09-029, which addresses vulnerabilities related to EOT font files. To answer a few commonly asked questions, here is a brief FAQ regarding the update: Q: What is the EOT file format?A: EOT stands for Embedded OpenType Font. EOT support in Microsoft applications has existed for many years. It allows the fonts used …

MS09-029: Vulnerabilities in the EOT parsing engine Read More »

Prioritizing the deployment of the April security bulletins

We just released eight security bulletins, five of which are rated Critical on at least one platform. We built a reference table of bulletin severity rating, exploitability index rating, and attack vectors. This table is sorted first by bulletin severity, next by exploitability index rating, and then by bulletin number. We hope it helps you …

Prioritizing the deployment of the April security bulletins Read More »

MS09-014: Addressing the Safari Carpet Bomb vulnerability

Following up on Security Advisory 953818, today we released MS09-014, rated as Moderate, which addresses aspects of the Safari Carpet Bomb vulnerability. On a Windows operating system this vulnerability allows an attacker, through Safari, to drop arbitrary files on a user’s desktop. As of Safari 3.1.2 Apple has removed this behavior from Safari. Why is …

MS09-014: Addressing the Safari Carpet Bomb vulnerability Read More »

MS09-012: Fixing “Token Kidnapping”

This morning we released MS09-012, an update to address the publicly-disclosed issue commonly referred to as Token Kidnapping (http://www.argeniss.com/research/TokenKidnapping.pdf). This vulnerability allows escalation from the Network Service account to the Local System account. Normally malicious users are not running as Network Service, except for a very few programs like IIS, where arbitrary code can be …

MS09-012: Fixing “Token Kidnapping” Read More »

State of the Union

I spent a lot of time trying to think about what to write for a BlueHat pre-conference blog entry and had a pretty hard time focusing on one topic. To handle this, I decided to comment on the state of security. While I’ve found plenty of things to be excited about with security, including improved …

State of the Union Read More »

Why there won’t be a security update for WkImgSrv.dll

Recently, there was a public post in milw0rm (http://www.milw0rm.com/exploits/5530), talking about an issue in the ActiveX control of Microsoft Works 7 WkImgSrv.dll. The PoC claims that it would achieve remote code execution. McAfee Avert Labs Blog also had a post about this (http://www.avertlabs.com/research/blog/index.php/2008/04/17/potential-microsoft-works-activex-0-day-surfaces/).   At first glance the issue sounds serious, right? Upon further investigation, …

Why there won’t be a security update for WkImgSrv.dll Read More »

MS08-001 – The case of the missing Windows Server 2003 attack vector

Part 3 of our MS08-001 blog post series mentioned that Windows Server 2003 does not expose an attack vector to the vulnerable IGMP code execution vulnerability by default.  Windows XP and Vista enable UPnP (Universal Plug-and-Play) which exposes an attack vector to the vulnerable code but Windows Server 2003 does not enable UPnP.  As a …

MS08-001 – The case of the missing Windows Server 2003 attack vector Read More »