Thursday, April 10, 2008
小野寺です。 本日、Security Development Lifecycle (SDL) Guidance が公開されました。 http://www.microsoft.com/downloads/details.aspx?FamilyID=2412C443-27F6-4AAC-9883-F55BA5B01814&displaylang=en 思い起こせば、2001 年の頃に始まった
Wednesday, April 09, 2008
Today we released MS08-020 to address a weakness in the Transaction ID (TXID) generation algorithm in the DNS client resolver. The TXID is a 16-bit entity that is primarily used as a synchronization mechanism between DNS servers/clients; in fact, you can think of it as an Initial Sequence Number (ISN) for DNS query/response exchanges.
Wednesday, April 09, 2008
Security bulletin MS08-023 addressed two ActiveX control vulnerabilities, one in a Visual Studio ActiveX control and another in a Yahoo!’s Music Jukebox ActiveX control. The security update sets the killbit for both controls. For more about how the killbit works, see the excellent three-part series (1, 2, 3) from early February in this blog.
Wednesday, April 09, 2008
MS08-025 addresses several vulnerabilities in win32k.sys where you can execute arbitrary code in kernel mode. These bugs can only be exploited locally and there is no remote vector we are aware of. One of these vulnerabilities deals on how we can bypass some of the ProbeForWrite and ProbeForRead checks when using user supplied memory pointers.
Tuesday, April 08, 2008
小野寺です 今月は、事前通知でお伝えしていたとおり 計 8 件 (緊急 5 件, 重要 3 件)を公開しました。 今月は、
Tuesday, April 08, 2008
小野寺です。 4 月のワンポイントセキュリティを公開しました。 Video: Security Updates This Month - April 2008 soapbox 版ではない、フルサイズ版
Tuesday, April 08, 2008
April 2008 Monthly Bulletin Release I’m Simon, Release Manager in the MSRC. The April 2008 release contains 8 new bulletins, 5 of which have maximum severities of “Critical”. MS08-018 Vulnerability in Microsoft Project Could Allow Remote Code Execution (950183) MS08-019 Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (949032)
Tuesday, April 08, 2008
Hello! My name is Vinnie Liu. I am a BlueHat speaker, and the Managing Director at Stach & Liu, a security consulting firm whose primary practice area includes helping organizations establish effective application security programs. A key component of every application security program is the use of tools and experts. In this post, we discuss the relative strengths and weaknesses between tools and experts, and by doing so, we also learn how these software security resources are best applied in an organization looking to become more proactive with their secure software development lifecycle.
Monday, April 07, 2008
小野寺です。 イギリスの Virus Bulletin Ltd で定期的に VB100 と呼ばれるマルウェア対策ソフトの検出能力テストが行われていま
Thursday, April 03, 2008
小野寺です 今月は、計 8 件 (緊急 5 件, 重要 3 件) の公開を予定しています。 リリース日は、週明け水曜日 (04/09) で
