Skip to main content
MSRC

Month Archives: March 2008

March 2008 Monthly Release

Tuesday, March 11, 2008

Wow! It is already the 2nd Tuesday of the month, and with it comes the announcement of some new bulletins! This is Tami Gallupe, MSRC Release Manager, and I just wanted to let you know that we just posted our March 2008 Bulletins. We released four bulletins today, all are for Office and all have a maximum severity rating of Critical.

Read More

MS08-014 : The Case of the Uninitialized Stack Variable Vulnerability

Tuesday, March 11, 2008

MS08-014, CVE 2008-0081, addresses a vulnerability in Excel whose root cause is an uninitialized stack variable. You probably have seen these types of compiler warnings before: C:\temp>cl stack.cpp Microsoft (R) 32-bit C/C++ Optimizing Compiler Version 15.00.21022.08 for 80x86 Copyright (C) Microsoft Corporation. All rights reserved. stack.cpp c:\temp\stack.cpp(49) : warning C4700: uninitialized local variable 'pNoInit' used .

Read More

MS08-015: Protocol Handler and its Default Security Zone

Tuesday, March 11, 2008

MS08-015, CVE-2008-0110, addresses a vulnerability in Microsoft Outlook’s implementation of “mailto” URI handling. The attack can be launched via IE or other applications which invoke the “mailto” protocol. Applications can register pluggable protocol handlers to handle a custom Uniform Resource Locator (URL) protocol scheme. Here “mailto” is one example of the various protocol handles that can be registered.

Read More

March 2008 Advance Notification

Thursday, March 06, 2008

Hello, Bill here. I wanted to let you know that we just posted our Advance Notification for next week’s bulletin release which will occur on Tuesday, March 11, 2008 around 10 a.m. Pacific Standard Time. It is important to remember that while the information posted below is intended to help with your planning, because it is preliminary information, it is subject to change.

Read More