Thursday, May 08, 2008
Hello, Bill here. I wanted to let you know that we just posted our Advance Notification for next week’s bulletin release which will occur on Tuesday, May 13, 2008 around 10 a.m. Pacific Standard Time. It is important to remember that while the information posted below is intended to help with your planning, because it is preliminary information, it is subject to change.
Tuesday, May 06, 2008
Hello all, Nate McFeters here to give you a recap of all the fun at Microsoft BlueHat v7. If you don’t know me, I work for Ernst & Young’s Advanced Security Center and I also blog over at ZDNet’s Zero-Day Security Blog. You may have also seen me on the conference circuit, as I’ve spoken recently at such prestigious events as Black Hat and ToorCon.
Monday, May 05, 2008
BlueHat is not just an event, it’s a community, a network based on relationships developed over time, an integral part of our engineering science and outreach security efforts at Microsoft. As part of the team ‘shipping’ BlueHat, I spent some time in the speaker lounge – the room where speakers, community and Microsoft folks gather and meet during the conference.
Thursday, May 01, 2008
小野寺です。 現在、「スキルチャージ プログラム」なるエンジニア向けにスキルアップの為の無償支援をしよう
Wednesday, April 30, 2008
Cesar Cerrudo of Argeniss here. I was thinking what to write about in this blog post and I decided that this would be a good opportunity to acknowledge Microsoft security efforts by highlighting Microsoft improvements, and also to compare how security is currently handled by the other big software vendors.
Tuesday, April 29, 2008
小野寺です。 3 月頃から SQL インジェクションが原因となる Web サイトの改ざんが報告されているのは皆さまご存じ
Monday, April 28, 2008
Hello, this is Rob Hensing. I work with the SWI team at Microsoft. One focus of my job is looking for mitigations and workarounds that we can use to protect our customers against vulnerabilities and exploits. Part of this involves testing out the mitigation technologies that we’ve baked into a lot of our products as part of the SDL process, such as buffer overflow protection like /GS, execution prevention via DEP, and address space randomization via ASLR.
Friday, April 25, 2008
Hi there this is Bill Sisk. There have been conflicting public reports describing a recent rash of web server attacks. I want to bring some clarification about the reports and point you to the IIS blog for additional information. To begin with, our investigation has shown that there are no new or unknown vulnerabilities being exploited.
Thursday, April 24, 2008
Hey, Andrew Cushman here. BlueHat v7 May 1st and 2nd has another great lineup of leading external security researchers and internal Microsoft engineers. This spring’s event is titled Up High, Down Low, Too Pwned and has two themes – web application insecurity and architectural security challenges. We kick it off Thursday with the exec day, then follow that on Friday with the general sessions for engineering, support and sales teams.
Thursday, April 17, 2008
Hello, Bill here, I wanted to let you know that we have just posted Microsoft Security Advisory (951306). This advisory contains information regarding a new public report of a vulnerability within Microsoft Windows which allows for privilege escalation from authenticated user to LocalSystem. Our investigation has shown that this vulnerability affects Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.
