あなたのPCは大丈夫? (CHECK PC!)
Wednesday, January 16, 2008
小野寺です。 今日から CHECK PC! の本年度版が始まったみたいです。今年は、「上戸彩」さんがイメージキャラクター
Month Archives: January 2008
MSRC Blog: Security Advisory 947563
Tuesday, January 15, 2008
Hello, Bill here, I wanted to let you know that we have just posted Microsoft Security Advisory (947563). This advisory contains information about a targeted attack exploiting a vulnerability in Microsoft Office Excel. Our investigation has shown that this vulnerability affects Microsoft Office Excel 2003 Service Pack 2, Microsoft Office Excel Viewer 2003, Microsoft Office Excel 2002, Microsoft Office Excel 2000 and Microsoft Excel 2004 for Mac.
MS08-001 - The case of the missing Windows Server 2003 attack vector
Thursday, January 10, 2008
Part 3 of our MS08-001 blog post series mentioned that Windows Server 2003 does not expose an attack vector to the vulnerable IGMP code execution vulnerability by default. Windows XP and Vista enable UPnP (Universal Plug-and-Play) which exposes an attack vector to the vulnerable code but Windows Server 2003 does not enable UPnP.
1 月のワンポイントセキュリティ (正月バージョン)
Wednesday, January 09, 2008
小野寺です。 12 月のワンポイントセキュリティを公開しました。 Video: Security Updates This Month - January 2008 soapbox 版ではない、フルサイズ版
2008年1月のセキュリティリリース & Podcasting
Tuesday, January 08, 2008
小野寺です 今年最初のセキュリティ情報の公開は、事前通知でお伝えした通り緊急 1 件、重要 1 件の計 2 件です
January 2008 Monthly Release
Tuesday, January 08, 2008
Happy New Year! I hope 2008 is off to a wonderful start for you! This is Tami Gallupe, MSRC Release Manager, and we’re starting off the year here in MSRC-land with the release of two bulletins and a security advisory. The first bulletin, MS08-001, addresses a vulnerability in TCP(IP)/IGMP that could allow remote code execution.
MS08-001 - The case of the Moderate, Important, and Critical network vulnerabilities
Tuesday, January 08, 2008
Security bulletin MS08-001 addresses vulnerabilities described by two separate CVE numbers, as you can see in the bulletin. This post provides an overview of the two issues, the affected platforms and notes on the severity. We’ll be following this post up with two further entries that look at each issue in more detail.
MS08-001 (part 2) – The case of the Moderate ICMP mitigations
Tuesday, January 08, 2008
This is the second post in the three-part series covering MS08-001. In this post we’ll look at the ICMP vulnerability (CVE-2007-0066) in more detail. This vulnerability is caused by Windows TCP/IP’s handling of the ICMP protocol, specifically regarding router advertisement messages. This post covers the mitigating factors for this vulnerability in more detail.
MS08-001 (part 3) – The case of the IGMP network critical
Tuesday, January 08, 2008
This is the final post in the three-part series covering MS08-001. In this post we’ll look at the IGMP vulnerability (CVE-2007-0069) and why we think successful exploitation for remote code execution is not likely. This vulnerability is around Windows’ handling of the IGMP and MLD protocols. These two protocols are used to control multicast traffic over IPv4 and IPv6 networks, enabling hosts to advertise their intention to send & receive multicast traffic.