Skip to main content
MSRC

2008

Security Advisory 953818 Posted

Friday, May 30, 2008

Hi, This is Tim Rains. Very quickly, I wanted to let you know that we’ve just posted Microsoft Security Advisory 953818. This security advisory talks about new public reports of a blended threat that allows remote code execution on all supported versions of Windows XP and Windows Vista when Apple’s Safari web browser for Windows has been installed.

Read More

SQL Injection Attack

Thursday, May 29, 2008

(Special thanks to Neil Carpenter for helping out on this blog post) Recent Trends Beginning late last year, a number of websites were defaced to include malicious HTML <script> tags in text that was stored in a SQL database and used to generate dynamic web pages. These attacks began to accelerate in the first quarter of 2008 and are continuing to affect vulnerable web applications.

Read More

May 2008 Monthly Release

Tuesday, May 13, 2008

This is Tami Gallupe, MSRC Release Manager, and I want to let you know that we just posted our May 2008 Bulletins. We released four bulletins today, which include three bulletins with severity rating of critical and one with the severity rating of moderate. We also re-released MS06-069 to add XP SP3 as an affected version.

Read More

MS08-026: How to prevent Word from loading RTF files

Tuesday, May 13, 2008

This month we released an update for Microsoft Word that fixed issues relating to loading RTF files (CVE-2008-1091) and HTML files (CVE-2008-1434). Office applications like Microsoft Word can load a large variety of different file formats, and some people may want to reduce their attack surface by disabling the formats they don’t typically use.

Read More

"Mr. Miller Goes to Washington"

Friday, May 09, 2008

Hi, Charlie Miller here. I was asked to come out to BlueHat to participate in a panel discussion about the vulnerability economy and selling exploits and such. Hopefully the folks who sat through us arguing for an hour got something out of it. I enjoyed it. When I’m not out shining a light onto the dark world of exploit sales, I’m usually spending my time looking for bugs in software, particularly with fuzzers.

Read More