Attack

心の会合: The Gathering

Handle: Cap’n Steve IRL: Steve Adegbite Rank: Senior Security Program Manager Lead Likes: Reverse Engineering an obscene amount of code and ripping it up on a snowboard Dislikes: Not much but if you hear me growl…run Konnichiwa! I guess you are wondering why I said hello in Japanese. I have just recently returned from attending …

心の会合: The Gathering Read More »

New vulnerability in MPEG2TuneRequest ActiveX Control Object in msvidctl.dll

We are aware of active attacks exploiting a remote code execution vulnerability in Microsoft’s MPEG2TuneRequest ActiveX Control Object. We have released advisory 972890 providing guidance to help our customers stay protected. In this blog post, we’d like to go into more detail to help you understand this issue. What’s the attack vector? (i.e. How could …

New vulnerability in MPEG2TuneRequest ActiveX Control Object in msvidctl.dll Read More »

Securing our Legacy

Hi, this is Scott Stender from iSEC Partners. I recently had the privilege of speaking at Microsoft’s BlueHat event in Brussels on the topic of securing legacy systems. With all of the recent coverage on the need to secure our networked systems — national, corporate, and individual alike — I felt that the BlueHat event …

Securing our Legacy Read More »

A Brussels retrospective from Oahu

Handle:Security Blanki IRL: Sarah Blankinship Rank: Senior Security Strategist Lead Likes: Vuln wrangling, teams of rivals, global climate change – the hotter the better Dislikes: Slack jawed gawkers (girls are geeks too!), customers @ risk, egos Aloha from the Shakacon III, a security conference held each year in lovely Honolulu, Hawaii! Although I’m currently in …

A Brussels retrospective from Oahu Read More »

Announcing the BlueHat Security Forum: EU Edition

Handle:C-Lizzle IRL: Celene Temkin Rank: Program Manager 2 & BlueHat Project Manager Likes: Culinary warfare, BlueHat hackers and responsible disclosure Dislikes: Acts of hubris, MySpace, orange mocha Frappaccinos! Hey folks! I know this is typically the time of year when birds are chirping, the rain is supposed to be letting up, and those of you …

Announcing the BlueHat Security Forum: EU Edition Read More »

Investigating the new PowerPoint issue

This afternoon, we posted Security Advisory 969136 describing a new vulnerability in PowerPoint while parsing the legacy binary file format. Unfortunately, we discovered this vulnerability being used to deploy malware in targeted attacks. We expect this blog post will: Help you protect your organization from being exploited, and Help you analyze suspicious PowerPoint files. The …

Investigating the new PowerPoint issue Read More »

Good Things Come in Blue Packages

Hello everyone, Celene Temkin here from the MSRC Ecosystem Strategy Team. BlueHat v8: C3P0wned ended a month ago and the success of the con lives on in the outstanding training and networking done between Microsoft employees and external speakers and guests. I’m happy to say the speaker video interviews, podcasts, anecdotes and archives are live …

Good Things Come in Blue Packages Read More »