Tuesday, February 24, 2009
This morning, we posted Security Advisory 968272 notifying of a new Excel binary file format vulnerability being exploited in targeted attacks. We wanted to share more information about the vulnerability to help you assess risk and protect your environment. Office 2007 being targeted The current attacks we have seen target users of Office 2007 running an earlier version of Windows (Windows 2000, XP, 2003).
Monday, December 22, 2008
Security Advisory 961040 provides mitigations and workarounds for a newly-public post-authentication heap buffer overrun in SQL Server, MSDE, and SQL Express. This blog post goes into more detail about the attack surface for each affected version and the overall risk from this vulnerability. As listed in the advisory, the following products have the vulnerable code:
Friday, December 12, 2008
Today Microsoft revised the Workarounds section of Security Advisory 961051. We wanted to share more detail about the vulnerability and explain the additional workarounds here to help you protect your computers. Information about the vulnerability The vulnerability is caused by memory corruption resulting from the way Internet Explorer handles DHTML Data Bindings.
Tuesday, December 09, 2008
In this part, we would like to talk more about CVE-2008-3010: ISATAP vulnerability in Windows Media components. As described in the bulletin MS08-076, Windows Media components (Windows Media Player, Windows Media Format Runtime, and Windows Media Services) treat an ISATAP server address as an intranet zone address, and thus may leak NTLM credentials.
Tuesday, November 11, 2008
Today Microsoft released a security update, MS08-068, which addresses an NTLM reflection vulnerability in the SMB protocol. The vulnerability is rated Important on most operating systems, except Vista and Windows Server 2008 where it has a rating of Moderate. This blog post is intended to explain why the issue is less severe on Vista and Windows Server 2008, and provide some additional details to help people determine the risk they face in their environment.
Saturday, October 25, 2008
Since the release we have received several great questions regarding MS08-067 (http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx), thus we decided to compile answers for them. We still want to encourage everyone to apply the update. Can the vulnerability be reached through RPC over HTTP? No, the vulnerability cannot be reached through RPC over HTTP. RPC over HTTP is an end-to-end protocol that has three roles: client, proxy and server.
Thursday, October 23, 2008
Today Microsoft released a security update that fixes a remote code execution vulnerability in the Windows Server Service. This is a serious vulnerability and we have seen targeted attacks using this vulnerability to compromise fully-patched Windows XP and Windows Server 2003 computers so we have released the fix “out of band” (not on the regular Patch Tuesday).
Tuesday, October 14, 2008
Microsoft Host Integration Server 2006 is an interesting product. It allows developers to manage business processes on IBM mainframe and AS/400 (big iron) servers as XML web services. You can find a free trial version available for download at http://www.microsoft.com/hiserver/downloads/default.mspx. Unfortunately, access to the management interface was not properly locked-down. MS08-059 is an update for Microsoft Host Integration Server 2006 which secures the SNA RPC service interface.
Tuesday, September 09, 2008
You may have noticed that the MS08-052 bulletin has a workaround that’s a little different than you’re probably used to seeing in our bulletins. That’s because gdiplus.dll, on all OSes after Windows 2000, is stored in something called the Windows Side By Side Cache (WinSxS). The purpose of the WinSxS cache is to keep old versions of assemblies around in case an application requires a specific version, and doesn’t want newer versions.
Tuesday, September 09, 2008
One of our blogging goals is to give you a peek “behind the scenes” into our security response process. We thought you might be interested in the story behind MS08-055, this month’s OneNote bulletin. In March, a security researcher sent in a report of an information disclosure vulnerability that affected OneNote 2007, a part of Office 2007.
