Skip to main content
MSRC

Month Archives: March 2008

Processing Power to the People

Monday, March 31, 2008

Hey everyone, h1kari here. Katie invited me to do a guest post on the BlueHat blog and so I thought I’d rant a little bit on some ideas I’ve had with how crypto best-practices relate to other areas of security that may hit closer to home for you guys. My current interests are in finding areas of computing that would be a lot more useful if they could only be run faster, so I’d like to hear from you about your experiences and what takes up all the idle time on your processors.

Read More

Saddle up for Web App Security, or XSSive Force

Monday, March 24, 2008

Bryan Sullivan here, making a guest appearance here away from my usual home on the SDL blog. It’s great to see BlueHat showing some love to the Web app sec community. I’m thrilled that BH is expanding on its tradition of inviting some of the best and brightest Web app sec minds by dedicating the entire morning to layer 7 issues.

Read More

UPDATE: MSRC Blog: Microsoft Security Advisory (950627)

Monday, March 24, 2008

Hi there, This is Mike of the MSRC, The case of the MDB attack vector The MSRC on Friday afternoon posted an advisory about limited, targeted attacks using JET database files, commonly referenced as file type MDB. Many of you probably remember that MDB files are on the unsafe file type list (http://support.

Read More

MSRC Blog: Microsoft Security Advisory (950627)

Friday, March 21, 2008

Hello, Bill here, I wanted to let you know that we have just posted Microsoft Security Advisory (950627). This advisory contains information about a very limited, targeted attack exploiting a vulnerability in Microsoft Jet Database Engine. Our initial investigation has shown that this vulnerability affects customers using Microsoft Word 2000 Service Pack 3, Microsoft Word 2002 Service Pack 3, Microsoft Word 2003 Service Pack 2, Microsoft Word 2003 Service Pack 3, Microsoft Word 2007 and Microsoft Word 2007 Service Pack 1 on Microsoft Windows 2000, Windows XP, or Windows Server 2003 Service Pack 1.

Read More

March 2008 MS08-014 Re-release

Wednesday, March 19, 2008

Hello, this is Tim Rains. Very quickly, I wanted to let you know that we’ve just re-released MS08-014 for Microsoft Office Excel 2003 Service Pack 2 and Service Pack 3 only. The original version released on March 11, 2008 did fully protect against the security issues discussed in the bulletin. However, after release we discovered that the security update caused a calculation error in Microsoft Excel 2003 when a Real Time Data source was used in a user-created Visual Basic for Applications solution (in other words a custom-built VBA function).

Read More

Going big and going home, or Your r00ts are showing.

Thursday, March 13, 2008

Welcome back to the BlueHat blog! Tuesday afternoon, as the taxi carrying Bruce Dang, Dave Dittrich, and I hurtled hurly-burly from Logan airport, I could almost hear my own “welcome back” to my home town of Boston. This was a homecoming heralded by screeching taxi brakes as we popped the most awesome (though surely less than legal) U-turn on Mem Drive into the driveway of the conference hotel hosting SOURCE Boston.

Read More

Update: March 2008 Monthly Release

Thursday, March 13, 2008

Bill here. I wanted to let you know that we have updated bulletin MS08-014 to provide additional information on a newly identified issue that causes Microsoft Excel 2003 calculations to return an incorrect result when a Real Time Data source is used. The issue affects a specific scenario and may not affect you.

Read More