Skip to main content
MSRC

2009

Results of Investigation into Holiday IIS Claim

Tuesday, December 29, 2009

We’ve completed our investigation into the claims that came up over the holiday of a possible vulnerability in IIS and found that there is no vulnerability in IIS. What we have seen is that there is an inconsistency in IIS 6 only in how it handles semicolons in URLs. It’s this inconsistency that the claims have focused on, saying this enables an attacker to bypass content filtering software to upload and execute code on an IIS server.

New Reports of a Vulnerability in IIS

Sunday, December 27, 2009

Hi everyone, On Dec. 23 we were made aware of a new claim of a vulnerability in Internet Information Services (IIS). We are still investigating this issue and are not aware of any active attacks but wanted to let customers know that our initial assessment shows that the IIS web server must be in a non-default, unsafe configuration in order to be vulnerable.

G’day mate, howsitgoing?

Monday, December 14, 2009

Handle: Avatar IRL: Karl Hanmore Rank: Senior Security Strategist (aka Sergeant Grunt) Likes: Getting the job done, bringing the fight to the bad guys, good single malt whiskey Dislikes: Cowards, talkers not doers, red tape, humidity G’day, or should I say howdy, y’all. As the newest member of the Microsoft EcoStrat team, I figured I would do a quick self-introduction before getting down to work.

BlueHat v9 brings the looking glass to you

Friday, December 11, 2009

Celene here from the MSRC Ecosystem Strategy Team. BlueHat v9: Through The Looking Glass ended just over a month ago and the success of the con lives on due to the outstanding training and networking between Microsoft employees, external speakers, and guests. I’m happy to say that the speaker video interviews and selected recorded presentations are now live on the BlueHat TechNet Page.

BlueHat v9 Brings the Looking Glass To You...

Friday, December 11, 2009

Handle: C-Lizzle IRL: Celene Temkin Rank: Program Manager 2 & BlueHat Project Manager Likes: Culinary warfare, BlueHat hackers and responsible disclosure Dislikes: Acts of hubris, MySpace, orange mocha Frappaccinos! Celene here from the MSRC Ecosystem Strategy Team. BlueHat v9: Through The Looking Glass ended just over a month ago and the success of the con lives on due to the outstanding training and networking between Microsoft employees, external speakers, and guests.

December 2009 Security Bulletin Webcast

Friday, December 11, 2009

Hello again. This is Jerry Bryant letting you know that the questions and answers from the December 2009 security bulletin webcast have now been posted here. There is one question that I wanted to provide a little more information on and that references reports of KB973917 causing problems with Internet Information Services (IIS) 6.

Monthly Security Bulletin Webcast Q&A - December 2009

Friday, December 11, 2009

Hosts: Adrian Stone, Senior Security Program Manager Lead Jerry Bryant, Senior Security Program Manager Lead Website: TechNet/security Chat Topic: December 2009 Security Bulletins Date: Wednesday, December 9, 2009 Q: In reference to Windows Vista ** KB973565, we have machines that install this update, then reboot and uninstall the update. Is this a known problem?