Mitigations

MS08-043 : How to prevent this information disclosure vulnerability

In this month’s update for Excel we addressed an interesting CVE (CVE-2008-3003) – the first vulnerability to affect the new Open XML file format (but it doesn’t result in code execution). This is an information disclosure vulnerability that can arise when a user makes a data connection from Excel to a remote data source and …

MS08-043 : How to prevent this information disclosure vulnerability Read More »

MS08-041 : The Microsoft Access Snapshot Viewer ActiveX control

MS08-041 fixes a vulnerability in the Microsoft Access Snapshot Viewer ActiveX control. It’s an interesting vulnerability so we wanted to go into more detail about platforms at reduced risk and also more about the servicing strategy for this vulnerability. Windows Vista at reduced risk? We first heard about this vulnerability from customers sending in reports …

MS08-041 : The Microsoft Access Snapshot Viewer ActiveX control Read More »

Why there won’t be a security update for WkImgSrv.dll

Recently, there was a public post in milw0rm (http://www.milw0rm.com/exploits/5530), talking about an issue in the ActiveX control of Microsoft Works 7 WkImgSrv.dll. The PoC claims that it would achieve remote code execution. McAfee Avert Labs Blog also had a post about this (http://www.avertlabs.com/research/blog/index.php/2008/04/17/potential-microsoft-works-activex-0-day-surfaces/).   At first glance the issue sounds serious, right? Upon further investigation, …

Why there won’t be a security update for WkImgSrv.dll Read More »

MS08-015: Protocol Handler and its Default Security Zone

MS08-015, CVE-2008-0110, addresses a vulnerability in Microsoft Outlook’s implementation of “mailto” URI handling. The attack can be launched via IE or other applications which invoke the “mailto” protocol. Applications can register pluggable protocol handlers to handle a custom Uniform Resource Locator (URL) protocol scheme. Here “mailto” is one example of the various protocol handles that …

MS08-015: Protocol Handler and its Default Security Zone Read More »

MS08-001 (part 2) – The case of the Moderate ICMP mitigations

This is the second post in the three-part series covering MS08-001. In this post we’ll look at the ICMP vulnerability (CVE-2007-0066) in more detail. This vulnerability is caused by Windows TCP/IP’s handling of the ICMP protocol, specifically regarding router advertisement messages. This post covers the mitigating factors for this vulnerability in more detail. Technical description …

MS08-001 (part 2) – The case of the Moderate ICMP mitigations Read More »

MS07-065 – The case of the significant suffix

MS07-065 fixed a vulnerability in the Message Queueing service. On Windows 2000, a remote anonymous attacker could use this vulnerability to run code as local system on unpatched machines. Windows XP added defense-in-depth hardening to disallow remote access for this service that does not need to be exposed remotely. So on Windows XP, the attacker …

MS07-065 – The case of the significant suffix Read More »