Skip to main content

Month Archives: May 2008

Security Advisory 953818 Posted

Friday, May 30, 2008

Hi, This is Tim Rains. Very quickly, I wanted to let you know that we’ve just posted Microsoft Security Advisory 953818. This security advisory talks about new public reports of a blended threat that allows remote code execution on all supported versions of Windows XP and Windows Vista when Apple’s Safari web browser for Windows has been installed.

SQL Injection Attack

Thursday, May 29, 2008

(Special thanks to Neil Carpenter for helping out on this blog post) Recent Trends Beginning late last year, a number of websites were defaced to include malicious HTML <script> tags in text that was stored in a SQL database and used to generate dynamic web pages. These attacks began to accelerate in the first quarter of 2008 and are continuing to affect vulnerable web applications.

May 2008 Monthly Release

Tuesday, May 13, 2008

This is Tami Gallupe, MSRC Release Manager, and I want to let you know that we just posted our May 2008 Bulletins. We released four bulletins today, which include three bulletins with severity rating of critical and one with the severity rating of moderate. We also re-released MS06-069 to add XP SP3 as an affected version.

MS08-026: How to prevent Word from loading RTF files

Tuesday, May 13, 2008

This month we released an update for Microsoft Word that fixed issues relating to loading RTF files (CVE-2008-1091) and HTML files (CVE-2008-1434). Office applications like Microsoft Word can load a large variety of different file formats, and some people may want to reduce their attack surface by disabling the formats they don’t typically use.

"Mr. Miller Goes to Washington"

Friday, May 09, 2008

Hi, Charlie Miller here. I was asked to come out to BlueHat to participate in a panel discussion about the vulnerability economy and selling exploits and such. Hopefully the folks who sat through us arguing for an hour got something out of it. I enjoyed it. When I’m not out shining a light onto the dark world of exploit sales, I’m usually spending my time looking for bugs in software, particularly with fuzzers.

May 2008 Advance Notification

Thursday, May 08, 2008

Hello, Bill here. I wanted to let you know that we just posted our Advance Notification for next week’s bulletin release which will occur on Tuesday, May 13, 2008 around 10 a.m. Pacific Standard Time. It is important to remember that while the information posted below is intended to help with your planning, because it is preliminary information, it is subject to change.