Skip to main content
MSRC

2008

Title: A Buddhist Monk Goes Up to a Hot Dog Vendor…

Friday, July 18, 2008

…and says “Make me one with everything.” Aside from that fact that most hot dog vendors don’t carry Tofu Pups, we’re taking this joke seriously for the next iteration of BlueHat, and giving you some attack content as well as talking about proactive defense. Coming this October, the BlueHat team will partner with the SDL team to create two full days of content, the first day focusing on new attacks and the emerging threat horizon, and the second day focusing on steps we can take as software architects, developers, testers, and maintainers to make code more secure in the first place.

Read More

Revision for MS08-037

Thursday, July 10, 2008

Hello, This is Christopher Budd. I wanted to take a moment and let you know about a revision that we’ve made to MS08-037 today. After the release of MS08-037, we became aware of reports of ZoneAlarm customers experiencing issues after applying the security updates. We started investigating these reports as soon as we heard about them and have been working to research this issue.

Read More

Update 2: Microsoft Security Advisory (954960)

Thursday, July 10, 2008

Hi. Bill here. I want to let you know that customers running Windows Server Update Services 3.0 Service Pack 1 on Windows Server 2008 may experience an issue installing the update provided in Microsoft Knowledge Base Article 954960. The update does not correctly elevate privileges, which are required for the installation to complete.

Read More

Update: Microsoft Security Advisory 954960

Wednesday, July 09, 2008

Hi. Bill here. I want to let you know that we updated Microsoft Security Advisory 954960, which contains information regarding deployment issues with Microsoft Windows Server Update Services (WSUS) version 3.0 and 3.0 Service Pack 1. Under specific conditions, the issue does not let clients detect any updates from a WSUS server on systems with Microsoft Office 2003 installed.

Read More

MS08-037 : More entropy for the DNS resolver

Tuesday, July 08, 2008

We released security bulletin MS08-020 two months ago to improve the DNS transaction ID entropy. You can read more about the MS08-020 algorithm change in this blog entry. Increasing the entropy makes it more difficult for attackers to spoof DNS replies. Today, we released MS08-037 to further increase the difficulty of spoofing DNS transactions.

Read More

MS08-039: Which users are vulnerable to the OWA XSS vulnerability?

Tuesday, July 08, 2008

Today we released MS08-039 which addressed several XSS vulnerabilities in Microsoft Exchange’s Outlook Web Access component. While this is an update to be applied to the Exchange server, the clients who use OWA are the computers potentially at risk. We’d like to explain a little more about the vulnerability so that you can determine whether you or your organization are at risk.

Read More

MS08-040: How to spot MTF files crossing network boundary

Tuesday, July 08, 2008

Today we released MS08-040 to patch several vulnerabilities in the SQL Server Database Engine; one of them involves the SQL Server backup file format. The format is also known as MTF (Microsoft Tape Format). The vulnerability requires an attacker to be able to force the SQL Server to load a malicious MTF file from the local drive or from the network.

Read More

MSRC Blog: Microsoft Security Advisory 953635

Tuesday, July 08, 2008

Hello, Bill here, I wanted to let you know that we have just posted Microsoft Security Advisory (953635). This advisory contains information regarding a new public report of a possible vulnerability within Microsoft Office Word which could allow for remote code execution. Our investigation thus far has shown that this vulnerability affects Microsoft Office Word 2002 Service Pack 3 only.

Read More