Monday, March 16, 2009
The Microsoft C/C++ compiler supports the GS switch which aims to detect stack buffer overruns at runtime and terminate the process, thus in most cases preventing an attacker from gaining control of the vulnerable machine. This post will not go into detail about how GS works, so it may be helpful to refer to these MSDN articles for an overview and loads of detail on how GS works and what a GS cookie is.
Monday, March 16, 2009
Hosts: Adrian Stone, Senior Security Program Manager Lead Steve Adegbite, Senior Security Program Manager Lead Website: TechNet/security Chat Topic: March 2009 Security Bulletin Date: Wednesday, March 11, 2009 Q: The Bulletin Summary received yesterday indicated all MS09-008 vulnerabilities were set to Exploitability Level 2. When did this change and why?
Monday, March 16, 2009
Hi, During this month’s webcast we were able to address 18 questions in the time allotted. Most of the questions centered on the MS09-008, the DNS and WINS Server bulletin. We did address some additional questions regarding MS09-006, the Windows kernel bulletin, and the Malicious Software Removal Tool (MSRT). Here is the link to the full Q&A so you can see all of the answers that were provided for these great questions:
Friday, March 13, 2009
Hi Bill here, You may have seen reports regarding the effectiveness of Microsoft Security Bulletin MS09-008. I wanted to let everyone know that we have thoroughly reviewed these reports, and customers who’ve deployed this update are protected from the four vulnerabilities outlined in the bulletin. We’ve also been collaborating with several researchers regarding the effectiveness of this update, as it is a complex issue, and have released more details about these vulnerabilities and how the Security Update addresses them.
Friday, March 13, 2009
After releasing security update MS09-008, we received a number of questions on the WPAD issue (CVE-2009-0093) addressed in the update. There are claims that this update is ineffective. Let me be clear that this update will protect you and it should be deployed as soon as possible. Below is an overview on how the complete security update helps protect a system.
Thursday, March 12, 2009
Hey everyone, Jerry Bryant here. I am back with the videos from yesterday’s security bulletin webcast. We got great responses to the overview video we posted on Tuesday. To compliment that, the videos below go in to more detail on each bulletin and the exploitability index. As always, please plan to attend our monthly security bulletin webcast live if you can as we staff those with subject matter experts to answer the questions you have about the bulletins we released.
Wednesday, March 11, 2009
As the newest member to the EcoStrat Team, I guess I will start with the basics. I am Adrian Stone. I have now been in the Microsoft Security Response Center (MSRC) almost four years. My current job you ask? I work to make sense of the random and controlled chaos that is the MSRC.
Tuesday, March 10, 2009
小野寺です。 少し前になりますが、Jeff Jones が、主な 4 つのデスクトップ OS を調査して、脆弱性の対応状況等
Tuesday, March 10, 2009
小野寺です 2009 年 3 月のセキュリティ情報は、事前通知からの変更はなく予定通り、計 3 件 (緊急 1 件、重要 2 件
Tuesday, March 10, 2009
小野寺です。 2009 年 3 月のワンポイントセキュリティを公開しました。 2009 年 3 月のワンポイントセキュリティ情報
