COM

MS08-049 : When kind of authentication is needed?

MS08-049 is an update for the Windows Event System service to correct an authenticated elevation-of-privilege vulnerability. We received a question via email yesterday about the type of authentication needed to exploit CVE-2008-1456. Our security bulletin was a little ambiguous with one reference to “logon credentials” and another to “domain credentials”. The email question was from …

MS08-049 : When kind of authentication is needed? Read More »

MS08-050 : Locking an ActiveX control to specific applications.

MS08-050 concerns an ActiveX control that can be maliciously scripted to leak out personal information such as email addresses. There appeared to be no need for the control to have this behaviour so giving it a Kill-Bit seemed the correct approach to take. During the extensive testing that each security update undergoes, however, it became apparent …

MS08-050 : Locking an ActiveX control to specific applications. Read More »