Skip to main content

Month Archives: August 2008

The Valley Between Black & Blue

Thursday, August 21, 2008

Handle: C-Lizzle IRL: Celene Temkin Rank: BlueHat Project Manager Likes: Culinary warfare, BlueHat hackers and responsible disclosure Dislikes: Acts of hubris, MySpace, orange mocha Frappaccinos! I affectionately call this time between summer conferences, the black and blue phase, where I wear security like a Hypercolor t-shirt, changing colors depending on where we are in our conference shipping and planning cycles.

IE 8 XSS Filter Architecture / Implementation

Tuesday, August 19, 2008

Recently we announced the Internet Explorer 8 XSS Filter and talked a bit about its design philosophy. This post will describe the filter’s architecture and implementation in more detail. Design Goals The Internet Explorer 8 XSS Filter is intended to mitigate reflected / “Type-1” XSS vulnerabilities in a way that does not “break the web.

Monthly Security Bulletin Webcast Q&A - August, 2008

Friday, August 15, 2008

Register now for the September 2008 Security Bulletin Webcast. Security Bulletin Webcast Q&A Index Hosts: Christopher Budd, Security Response Communications Lead Adrian Stone, Lead Security Program Manager (MSRC) Website: TechNet/security Chat Topic: August 2008 Security Bulletin Date: Wednesday, August 13, 2008 Q: Have you had any reports of exploitation of the recent DNS vulnerability, since Dan Kaminsky released details at Defcon last week?

Security Bulletin Webcast Questions & Answers - August 2008

Friday, August 15, 2008

Hi, During this month’s webcast we were able to address 15 questions in the time allotted. There were several questions regarding ActiveX for the Cumulative IE Update (MS08-045), the Access Snapshot Viewer (MS08-041), Outlook Express Messenger (MS08-050) and the ActiveX Kill bits Security Advisory. We also fielded several questions around various deployment tools used for updating and we addressed some questions about the IPSec Update (MS08-047).


Thursday, August 14, 2008

The sniper Normal fuzzing is like shooting a machine gun in the dark and having no idea where the target is. You might hit the target a number of times, but you also miss an awful lot, and it takes a lot of rounds. Using targeted fuzzing, on the other hand, is a bit like a sniper observing the targets and picking them off one by one.

MS08-049 : When kind of authentication is needed?

Wednesday, August 13, 2008

MS08-049 is an update for the Windows Event System service to correct an authenticated elevation-of-privilege vulnerability. We received a question via email yesterday about the type of authentication needed to exploit CVE-2008-1456. Our security bulletin was a little ambiguous with one reference to “logon credentials” and another to “domain credentials”. The email question was from an IT security manager who wondered whether his hardened servers could be compromised remotely.

August 2008 Monthly Bulletin Release

Tuesday, August 12, 2008

Hello again! This is Tami Gallupe (MSRC Release Manager) and I want to let you know that we just posted our August 2008 Bulletins. This month we released 11 bulletins, one new advisory and revised an existing advisory. We also revised four bulletins to update detection changes. Here is a brief overview of the bulletins and other content we released today.

MS08-041 : The Microsoft Access Snapshot Viewer ActiveX control

Tuesday, August 12, 2008

MS08-041 fixes a vulnerability in the Microsoft Access Snapshot Viewer ActiveX control. It’s an interesting vulnerability so we wanted to go into more detail about platforms at reduced risk and also more about the servicing strategy for this vulnerability. Windows Vista at reduced risk? We first heard about this vulnerability from customers sending in reports of active attacks.