Tuesday, September 09, 2008
One of our blogging goals is to give you a peek “behind the scenes” into our security response process. We thought you might be interested in the story behind MS08-055, this month’s OneNote bulletin. In March, a security researcher sent in a report of an information disclosure vulnerability that affected OneNote 2007, a part of Office 2007.
Tuesday, September 09, 2008
I’m Simon, Release Manager in the MSRC. The September 2008 release contains 4 new bulletins, all with maximum severities of “Critical”. MS08-052 Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593) MS08-053 Vulnerability in Windows Media Encoder 9 Could Allow Remote Code Execution (954156) MS08-054 Vulnerability in Windows Media Player Could Allow Remote Code Execution (954154)
Thursday, September 04, 2008
Windows Media Player は、先月公開を断念したものになります。また、Windows に関するものは、影響を受ける製品範囲
Thursday, September 04, 2008
Hi, Amit Klein from Trusteer here. Awhile ago, David Ross from Microsoft SWI contacted me and asked me if I would like to review the new Internet Explorer 8 XSS Filter. Does a chicken like to peck? ;-) Of course I volunteered. My review was conducted in a rather interesting manner.
Thursday, September 04, 2008
Hello, Bill here. I wanted to let you know that we just posted our Advance Notification for next week’s bulletin release which will occur on Tuesday, September 9, 2008 around 10 a.m. Pacific Standard Time. It is important to remember that while the information posted below is intended to help with your planning, because it is preliminary information, it is subject to change.
Thursday, August 21, 2008
Handle: C-Lizzle IRL: Celene Temkin Rank: BlueHat Project Manager Likes: Culinary warfare, BlueHat hackers and responsible disclosure Dislikes: Acts of hubris, MySpace, orange mocha Frappaccinos! I affectionately call this time between summer conferences, the black and blue phase, where I wear security like a Hypercolor t-shirt, changing colors depending on where we are in our conference shipping and planning cycles.
Tuesday, August 19, 2008
Recently we announced the Internet Explorer 8 XSS Filter and talked a bit about its design philosophy. This post will describe the filter’s architecture and implementation in more detail. Design Goals The Internet Explorer 8 XSS Filter is intended to mitigate reflected / “Type-1” XSS vulnerabilities in a way that does not “break the web.
Friday, August 15, 2008
Register now for the September 2008 Security Bulletin Webcast. Security Bulletin Webcast Q&A Index Hosts: Christopher Budd, Security Response Communications Lead Adrian Stone, Lead Security Program Manager (MSRC) Website: TechNet/security Chat Topic: August 2008 Security Bulletin Date: Wednesday, August 13, 2008 Q: Have you had any reports of exploitation of the recent DNS vulnerability, since Dan Kaminsky released details at Defcon last week?
Friday, August 15, 2008
Hi, During this month’s webcast we were able to address 15 questions in the time allotted. There were several questions regarding ActiveX for the Cumulative IE Update (MS08-045), the Access Snapshot Viewer (MS08-041), Outlook Express Messenger (MS08-050) and the ActiveX Kill bits Security Advisory. We also fielded several questions around various deployment tools used for updating and we addressed some questions about the IPSec Update (MS08-047).
Thursday, August 14, 2008
The sniper Normal fuzzing is like shooting a machine gun in the dark and having no idea where the target is. You might hit the target a number of times, but you also miss an awful lot, and it takes a lot of rounds. Using targeted fuzzing, on the other hand, is a bit like a sniper observing the targets and picking them off one by one.
