Skip to main content
MSRC

Month Archives: December 2007

Announcing the Microsoft Security Vulnerability Research and Defense Blog

Thursday, December 27, 2007

Hi everyone. This is Jonathan from the SWI team. My co-workers and I have posted technical vulnerability information a few times here on the MSRC blog. We’ll continue to contribute to the MSRC blog with technical clarifications but the bulk of our vulnerability research and defense information will be posted on a new SWI blog.

MS07-063 - The case of the insecure signature

Thursday, December 27, 2007

MS07-063 addresses a weakness in the SMBv2 message signing algorithm. SMB signing is a feature enabled by default on domain controllers to prevent man-in-the-middle attacks. As you can imagine, if an attacker on your local subnet can tamper with the SMB network traffic between your domain controller and domain-joined clients, they can cause all kind of mayhem.

MS07-065 - The case of the significant suffix

Thursday, December 27, 2007

MS07-065 fixed a vulnerability in the Message Queueing service. On Windows 2000, a remote anonymous attacker could use this vulnerability to run code as local system on unpatched machines. Windows XP added defense-in-depth hardening to disallow remote access for this service that does not need to be exposed remotely. So on Windows XP, the attacker must be logged on locally on the box.

Welcome to the new Microsoft Security Vulnerability Research and Defense blog!

Thursday, December 27, 2007

We are excited to have this outlet to share more in-depth technical information about vulnerabilities serviced by MSRC security updates and ways you can protect your organization from security vulnerabilities. You can read much more about the goals of the blog and about the SWI teams contributing to the blog in our “About” link: http://blogs.

MS07-069 Cumulative Security Update for Internet Explorer - Post Install Issue - Automated Work-Around

Thursday, December 20, 2007

Hi, this is Kieron, the MSRC Program Manager responsible for Internet Explorer. On Tuesday we released Knowledge Base article KB946627, which highlighted a known issue with Internet Explorer 6 on Windows XP Service Pack 2 after applying MS07-069 Cumulative Security Update for Internet Explorer (942615). The article documented a workaround, which required a registry setting change.

MS07-069 Cumulative Security Update for Internet Explorer - Post Install Issue

Tuesday, December 18, 2007

Hi, this is Kieron, the MSRC Program Manager responsible for Internet Explorer. We have been investigating public reports of possible problems on systems that have installed the Cumulative Security Update for Internet Explorer (942615), released earlier this month. We have some information to share with you regarding the results of our investigation into these reports.