Attack

Update on Security Advisory 981374

Hi everyone, I’m writing to let you know that we have updated Security Advisory 981374 with new workaround information. We are aware that exploit code has been made public for this issue. As with our last update, Internet Explorer 8 remains unaffected by the vulnerability addressed in the advisory and we continue to encourage all …

Update on Security Advisory 981374 Read More »

Who Gets It and Who Doesn’t? (Windows Genuine Advantage and Security Updates)

Handle:Mando Picker IRL: Dustin Childs Rank: Security Program Manager Likes: Protecting customers, working with security researchers, second Tuesdays, bourbon, mandolins Dislikes: Using “It’s hard” as an excuse, quitting when it gets tough, banjos One of the things I get to do in the Microsoft Security Response Center (MSRC) is talk to our customers and tell …

Who Gets It and Who Doesn’t? (Windows Genuine Advantage and Security Updates) Read More »

Security Advisory 981374 Released

Hi everyone, Today we released Security Advisory 981374 addressing a publicly disclosed vulnerability in Internet Explorer 6 and Internet Explorer 7. Internet Explorer 8 is not affected by this issue. Customers using Internet Explorer 6 or 7 should upgrade to Internet Explorer 8 immediately to benefit from the improved security features and defense in depth …

Security Advisory 981374 Released Read More »

Security Advisory 981169 Released

Hello again, Today we released Security Advisory 981169 to address the VBScript issue involving Windows Help files that we blogged about yesterday. To reiterate what we said in that post, we are not aware of any active attacks at this time and the following operating systems are not affected by this issue: Windows 7, Windows …

Security Advisory 981169 Released Read More »

Out-of-Band Security Bulletin Webcast Q&A – January 21, 2010

  Hosts:             Adrian Stone, Senior Security Program Manager Lead                           Jerry Bryant, Senior Security Communications Manager Lead Website:       TechNet/security Chat Topic:    January 2010 Out-of-Band Security BulletinDate:               Thursday, January 21,  2010   Q: I understand the severity for workstaitons. Is the severity lower for servers in terms of this vulnerability, since most servers (except Terminal Servers) …

Out-of-Band Security Bulletin Webcast Q&A – January 21, 2010 Read More »

Assessing risk of IE 0day vulnerability

Yesterday, the MSRC released Microsoft Security Advisory 979352 alerting customers to limited, sophisticated attacks targeting Internet Explorer 6 customers. Today, samples of that exploit were made publicly available. Before we get into the details I want to make one thing perfectly clear. The attacks we have seen to date, including the exploit released publicly, only affect …

Assessing risk of IE 0day vulnerability Read More »

Know thy Enemy

I recently attended BlueHat for the second time and spoke about the SMS vulnerabilities Collin Mulliner and I discovered and exploited this summer. BlueHat is an interesting speaking venue because the audience consists entirely of Microsoft employees. Some people might think security researchers speaking at Microsoft is like speaking before the enemy, but that is …

Know thy Enemy Read More »

Attacking SMS

This year at BlackHat USA in Las Vegas, we presented on the topic of attacking Short Message Service (SMS). Our presentation focused on the different ways in which SMS can be used to compromise mobile security. We’re excited to give an updated version of our talk at the upcoming BlueHat v9 conference later this month, …

Attacking SMS Read More »

Collaborating on RIA Security

Microsoft and Adobe frequently work together on security. At this year’s BlueHat, we will come together to share our security research in the area of Rich Internet Applications (RIAs). While we independently place considerable thought and effort into our respective security models, attackers often look for methods in which to combine technologies for an attack. …

Collaborating on RIA Security Read More »