Skip to main content

Month Archives: April 2008

Security at the big software vendors

Wednesday, April 30, 2008

Cesar Cerrudo of Argeniss here. I was thinking what to write about in this blog post and I decided that this would be a good opportunity to acknowledge Microsoft security efforts by highlighting Microsoft improvements, and also to compare how security is currently handled by the other big software vendors.

The Battle for the [Browser] Your PC

Monday, April 28, 2008

Hello, this is Rob Hensing. I work with the SWI team at Microsoft. One focus of my job is looking for mitigations and workarounds that we can use to protect our customers against vulnerabilities and exploits. Part of this involves testing out the mitigation technologies that we’ve baked into a lot of our products as part of the SDL process, such as buffer overflow protection like /GS, execution prevention via DEP, and address space randomization via ASLR.

Questions about Web Server Attacks

Friday, April 25, 2008

Hi there this is Bill Sisk. There have been conflicting public reports describing a recent rash of web server attacks. I want to bring some clarification about the reports and point you to the IIS blog for additional information. To begin with, our investigation has shown that there are no new or unknown vulnerabilities being exploited.

Announcing: BlueHat v7!

Thursday, April 24, 2008

Hey, Andrew Cushman here. BlueHat v7 May 1st and 2nd has another great lineup of leading external security researchers and internal Microsoft engineers. This spring’s event is titled Up High, Down Low, Too Pwned and has two themes – web application insecurity and architectural security challenges. We kick it off Thursday with the exec day, then follow that on Friday with the general sessions for engineering, support and sales teams.

MSRC Blog: Microsoft Security Advisory 951306

Thursday, April 17, 2008

Hello, Bill here, I wanted to let you know that we have just posted Microsoft Security Advisory (951306). This advisory contains information regarding a new public report of a vulnerability within Microsoft Windows which allows for privilege escalation from authenticated user to LocalSystem. Our investigation has shown that this vulnerability affects Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.

MS08-020 : How predictable is the DNS transaction ID?

Wednesday, April 09, 2008

Today we released MS08-020 to address a weakness in the Transaction ID (TXID) generation algorithm in the DNS client resolver. The TXID is a 16-bit entity that is primarily used as a synchronization mechanism between DNS servers/clients; in fact, you can think of it as an Initial Sequence Number (ISN) for DNS query/response exchanges.

MS08-023: Same bug, four different security bulletin ratings

Wednesday, April 09, 2008

Security bulletin MS08-023 addressed two ActiveX control vulnerabilities, one in a Visual Studio ActiveX control and another in a Yahoo!’s Music Jukebox ActiveX control. The security update sets the killbit for both controls. For more about how the killbit works, see the excellent three-part series (1, 2, 3) from early February in this blog.

MS08-025: Win32k vulnerabilities

Wednesday, April 09, 2008

MS08-025 addresses several vulnerabilities in win32k.sys where you can execute arbitrary code in kernel mode. These bugs can only be exploited locally and there is no remote vector we are aware of. One of these vulnerabilities deals on how we can bypass some of the ProbeForWrite and ProbeForRead checks when using user supplied memory pointers.