Attack

Security Advisory 981374 Released

Hi everyone, Today we released Security Advisory 981374 addressing a publicly disclosed vulnerability in Internet Explorer 6 and Internet Explorer 7. Internet Explorer 8 is not affected by this issue. Customers using Internet Explorer 6 or 7 should upgrade to Internet Explorer 8 immediately to benefit from the improved security features and defense in depth …

Security Advisory 981374 Released Read More »

Security Advisory 981169 Released

Hello again, Today we released Security Advisory 981169 to address the VBScript issue involving Windows Help files that we blogged about yesterday. To reiterate what we said in that post, we are not aware of any active attacks at this time and the following operating systems are not affected by this issue: Windows 7, Windows …

Security Advisory 981169 Released Read More »

Out-of-Band Security Bulletin Webcast Q&A – January 21, 2010

  Hosts:             Adrian Stone, Senior Security Program Manager Lead                           Jerry Bryant, Senior Security Communications Manager Lead Website:       TechNet/security Chat Topic:    January 2010 Out-of-Band Security BulletinDate:               Thursday, January 21,  2010   Q: I understand the severity for workstaitons. Is the severity lower for servers in terms of this vulnerability, since most servers (except Terminal Servers) …

Out-of-Band Security Bulletin Webcast Q&A – January 21, 2010 Read More »

Assessing risk of IE 0day vulnerability

Yesterday, the MSRC released Microsoft Security Advisory 979352 alerting customers to limited, sophisticated attacks targeting Internet Explorer 6 customers. Today, samples of that exploit were made publicly available. Before we get into the details I want to make one thing perfectly clear. The attacks we have seen to date, including the exploit released publicly, only affect …

Assessing risk of IE 0day vulnerability Read More »

Know thy Enemy

I recently attended BlueHat for the second time and spoke about the SMS vulnerabilities Collin Mulliner and I discovered and exploited this summer. BlueHat is an interesting speaking venue because the audience consists entirely of Microsoft employees. Some people might think security researchers speaking at Microsoft is like speaking before the enemy, but that is …

Know thy Enemy Read More »

Attacking SMS

This year at BlackHat USA in Las Vegas, we presented on the topic of attacking Short Message Service (SMS). Our presentation focused on the different ways in which SMS can be used to compromise mobile security. We’re excited to give an updated version of our talk at the upcoming BlueHat v9 conference later this month, …

Attacking SMS Read More »

Collaborating on RIA Security

Microsoft and Adobe frequently work together on security. At this year’s BlueHat, we will come together to share our security research in the area of Rich Internet Applications (RIAs). While we independently place considerable thought and effort into our respective security models, attackers often look for methods in which to combine technologies for an attack. …

Collaborating on RIA Security Read More »

Announcing BlueHat v9: Through the Looking Glass

Handle:C-Lizzle IRL: Celene Temkin Rank: Program Manager 2 & BlueHat Project Manager Likes: Culinary warfare, BlueHat hackers and responsible disclosure Dislikes: Acts of hubris, MySpace, orange mocha Frappaccinos!  BlueHat v9 will take place from October 21 to 23 at the Microsoft campus in Redmond. Last year, we experimented with a day dedicated to attacks and …

Announcing BlueHat v9: Through the Looking Glass Read More »

August 2009 Bulletin Release

Summary of Microsoft’s Security Bulletin Release for August 2009 Hi everyone, This month, we released nine security bulletins. Five of those are rated Critical and four have an aggregate severity rating of Important. Of the nine updates, eight affect Windows and the last one affects Office Web Components (OWC). It is also important to note …

August 2009 Bulletin Release Read More »