Month Archives: April 2009

AutoRun changes in Windows 7

Tuesday, April 28, 2009

As some of our readers are well aware, Conficker and other malware is taking advantage of the AutoRun functionality as a spreading mechanism. Furthermore, over the last couple of months, there has been a significant increase of this threat, as more malware is abusing this functionality. Further information about this specific threat has been highlighted in the recent Security Intelligence Report (look for Win32/AutoRun) and the Microsoft Malware Protection Center (MMPC) blog.

• AutoPlay
• Autorun
• Conficker
• Windows 7

Changes in Windows to Meet Changes in Threat Landscape

Tuesday, April 28, 2009

Customers have heard us say over the years that the threat environment is an ever-evolving one. That means that one of our jobs in working to keep customers safe is to continually monitor the threat environment and make changes to adapt to it. Today, we’re announcing modifications in Windows that adapts to recent changes in the threat environment.

GWの前にやれ！

Wednesday, April 22, 2009

小野寺です。 早い方は、今週末からゴールデン ウィーク (GW) に入るのではないでしょうか？ 長～いお休みに入るに

• キャンペーン
• 啓発
• 基本
• 教育
• 時事ネタ
• 検査
• 脆弱性
• 茶柱

セキュリティ ニュースレター 4月号

Wednesday, April 22, 2009

セキュリティ ニュースレターの編集長をしています早川です。 今月のセキュリティ ニュースレターを配信しまし

• ニュースレター

Monthly Security Bulletin Webcast Q&A - April 2009

Monday, April 20, 2009

Hosts: Adrian Stone, Senior Security Program Manager Lead Jerry Bryant, Senior Security Program Manager Website: TechNet/security Chat Topic: April 2009 Security Bulletin Date: Wednesday, April 15, 2009 Q: I understand that Windows Server Update Service (WSUS) v2.0 Service Pack 1 lifecycle support ends April 2009. My question is, will WSUS v2.

• Pages
• Security Update Webcast Q & A

Security Bulletin Webcast Questions and Answers - April 2009

Monday, April 20, 2009

Hi, During this month’s webcast we were able to address 15 questions in the time allotted, but have included the additional questions asked in this QA post. Most of the questions centered on the MS09-013: the Windows HTTP bulletin, MS09-014: Internet Explorer Bulletin, and MS08-015, the Blended Threat bulletin. We did address additional questions regarding the other bulletins, as well as, questions concerning Product Support Lifecycle.

• Security Update Webcast Q & A

April 2009 Security Bulletin Webcast Video

Thursday, April 16, 2009

Hello again, This is Jerry Bryant letting you know that we have published the security bulletin webcast video. As you know, on Tuesday, we published a quick overview of the 8 bulletins we released on that day. Yesterday we conducted a live, public webcast, where we went in to more detail on each bulletin.

• Video

MIDI PoC not exploitable for code execution

Thursday, April 16, 2009

On Wednesday, a PoC was posted to milw0rm describing an “integer overflow” in Windows Media Player. We investigated the .mid file and found it to be a duplicate of a non-exploitable crash previously posted publicly on Bugtraq around Christmas, four months ago. We blogged about this same issue here: http://blogs.technet.com/srd/archive/2008/12/29/windows-media-player-crash-not-exploitable-for-code-execution.aspx

• Exploitability
• Quartz.dll

2009年4月のセキュリティ情報

Tuesday, April 14, 2009

小野寺です 2009 年 4 月のセキュリティ情報は、事前通知からの変更はなく予定通り、計 8 件 (緊急 5 件、重要 2 件

• Forefront
• Malware
• SIR
• Targeted Attack
• Windows Update
• WSUS
• セキュリティ情報
• 脆弱性

2009年4月のワンポイントセキュリティ

Tuesday, April 14, 2009

小野寺です。 2009 年 4 月のワンポイントセキュリティを公開しました。 2009 年 4 月のワンポイントセキュリティ情報

• Malware
• Targeted Attack
• Vista Antivirus
• Windows Update
• セキュリティ情報
• 脆弱性