Skip to main content
MSRC

2008

February 2008 Monthly Release

Tuesday, February 12, 2008

February 2008 Monthly Bulletin Release I’m Simon, Release Manager in the MSRC. The February 2008 release contains 11 new bulletins, 6 of which have maximum severities of “Critical”. MS08-003 Vulnerability in Active Directory Could Allow Denial of Service (946538) MS08-004 Vulnerability in Windows TCP/IP Could Allow Denial of Service (946456)

Read More

February 2008 Advance Notification

Thursday, February 07, 2008

Hello, Bill here. I wanted to let you know that we just posted our Advance Notification for next week’s bulletin release which will occur on Tuesday, February 12, 2008 around 10 a.m. Pacific Standard Time. It is important to remember that while the information posted below is intended to help with your planning, because it is preliminary information, it is subject to change.

Read More

The Kill-Bit FAQ: Part 2 of 3

Thursday, February 07, 2008

It is very common for Microsoft security bulletins to include “Kill-Bits” to disable individual ActiveX controls / COM objects. Here is the second part of our three-part Kill-Bit FAQ. The Kill-Bit FAQ – Part 2 of 3 How do ActiveX Controls, OLE Controls, and COM Objects relate? An ActiveX control is an OLE control that is intended to be used inside a web browser.

Read More

Not safe = not dangerous? How to tell if ActiveX vulnerabilities are exploitable in Internet Explorer

Sunday, February 03, 2008

In early January you may have read posts on security distribution lists regarding two ActiveX Controls released by Microsoft. We have investigated those controls and fortunately, they are not exploitable since IE does not treat them as being safe. We wanted to give you some background on how to evaluate whether a potential vulnerability found in an ActiveX control is an exploitable condition in Internet Explorer.

Read More