Tuesday, July 14, 2009
Today we released MS09-029, which addresses vulnerabilities related to EOT font files. To answer a few commonly asked questions, here is a brief FAQ regarding the update: Q: What is the EOT file format? A: EOT stands for Embedded OpenType Font. EOT support in Microsoft applications has existed for many years.
Tuesday, April 14, 2009
This morning we released MS09-012, an update to address the publicly-disclosed issue commonly referred to as Token Kidnapping (http://www.argeniss.com/research/TokenKidnapping.pdf). This vulnerability allows escalation from the Network Service account to the Local System account. Normally malicious users are not running as Network Service, except for a very few programs like IIS, where arbitrary code can be executed within a service running as Network Service.
Tuesday, April 14, 2009
Following up on Security Advisory 953818, today we released MS09-014, rated as Moderate, which addresses aspects of the Safari Carpet Bomb vulnerability. On a Windows operating system this vulnerability allows an attacker, through Safari, to drop arbitrary files on a user’s desktop. As of Safari 3.1.2 Apple has removed this behavior from Safari.
Tuesday, April 14, 2009
We just released eight security bulletins, five of which are rated Critical on at least one platform. We built a reference table of bulletin severity rating, exploitability index rating, and attack vectors. This table is sorted first by bulletin severity, next by exploitability index rating, and then by bulletin number. We hope it helps you choose an order of bulletins to start your prioritization and testing if you can’t deploy them all out immediately.
Thursday, October 16, 2008
I spent a lot of time trying to think about what to write for a BlueHat pre-conference blog entry and had a pretty hard time focusing on one topic. To handle this, I decided to comment on the state of security. While I’ve found plenty of things to be excited about with security, including improved awareness, ~~~~enhanced vendor responsiveness to issues (although some still lag behind), increasing global awareness of security concerns, etc.
Monday, October 13, 2008
The past few days, we have had service isolation on our minds here in Redmond after the POC code posting last week from Cesar Cerrudo. Nazim Lala from the IIS team posted a great blog entry about the fix and why it is taking so long to release it. I expect it to be close to the amount of code churn as XP SP2.
Thursday, June 05, 2008
Recently, there was a public post in milw0rm (http://www.milw0rm.com/exploits/5530), talking about an issue in the ActiveX control of Microsoft Works 7 WkImgSrv.dll. The PoC claims that it would achieve remote code execution. McAfee Avert Labs Blog also had a post about this (http://www.avertlabs.com/research/blog/index.php/2008/04/17/potential-microsoft-works-activex-0-day-surfaces/). At first glance the issue sounds serious, right?
Thursday, January 10, 2008
Part 3 of our MS08-001 blog post series mentioned that Windows Server 2003 does not expose an attack vector to the vulnerable IGMP code execution vulnerability by default. Windows XP and Vista enable UPnP (Universal Plug-and-Play) which exposes an attack vector to the vulnerable code but Windows Server 2003 does not enable UPnP.
