Skip to main content
MSRC

Month Archives: January 2008

XP SP3 range check hiding an overflow condition?

Tuesday, January 08, 2008

We have received a few inquiries about the full disclosure posting http://seclists.org/fulldisclosure/2007/Dec/0470.html , where a range check was added in Windows XP SP3 for the Terminal Server RPC function RpcWinStationEnumerateProcesses. The speculation stated that this change was to hide an overflow condition, potentially leading to an exploitable vulnerability in previous Windows versions.

January 2008 Advance Notification

Thursday, January 03, 2008

Hello, Bill here. I wanted to let you know that we just posted our Advance Notification for next week’s bulletin release which will occur on Tuesday, January 8, 2008 around 10 a.m. Pacific Standard Time. It is important to remember that while the information posted below is intended to help with your planning, because it is preliminary information, it is subject to change.