Skip to main content
MSRC

Month Archives: June 2009

Securing our Legacy

Friday, June 19, 2009

Hi, this is Scott Stender from iSEC Partners. I recently had the privilege of speaking at Microsoft’s BlueHat event in Brussels on the topic of securing legacy systems. With all of the recent coverage on the need to secure our networked systems – national, corporate, and individual alike – I felt that the BlueHat event was a good time to shine the spotlight on those little-loved, perhaps little-known systems that keep our plugged-in society working.

Stainless steel bridge

Monday, June 15, 2009

Hi! Manuel Caballero here. I had the pleasure of penetration testing (pen-testing) the previous versions of Microsoft Silverlight, and now, for the last three weeks, I’ve been playing around with the beta version of Silverlight 3. When I say, “the pleasure”, I really mean it. Playing with Silverlight means to play with a plug-in that, from a security point of view, was born being already mature.

Monthly Security Bulletin Webcast Q&A - June 2009

Friday, June 12, 2009

Hosts: Adrian Stone, Senior Security Program Manager Lead Jerry Bryant, Senior Security Program Manager Lead Website: TechNet/security Chat Topic: June 2009 Security Bulletin Date: Wednesday, June 10, 2009 Q: For security update for Microsoft Excel 2000 ( KB969683), is Microsoft Office Excel 2000 Service Pack 3 the only version that is vulnerable, or is that the only version of Office that is supported and therefore the only one that the security update will work for?

Security Bulletin Webcast Video, Questions and Answers – June 2009

Friday, June 12, 2009

During the security bulletin webcast for June 2009, we answered a wide array of questions around the 10 bulletins we released. Of primary interest to customers, based on the number of questions we received on the topic, is the RPC issue addressed by MS09-026. As this issue affects third party products that utilize RPC in Windows, customers wanted to know if there is a way to tell if their third party product was vulnerable.

Understanding DEP as a mitigation technology part 2

Friday, June 12, 2009

In our previous blog post, we explained how DEP works and how to determine if / how a process opted-in to DEP. Now we will demonstrate how DEP can be used to mitigate the risk of a real-world attack. We published a security advisory in February describing an Excel vulnerability in fully-patched Excel being used in limited targeted attacks.

A Brussels retrospective from Oahu

Thursday, June 11, 2009

** Handle:** Security Blanki IRL: Sarah Blankinship Rank: Senior Security Strategist Lead Likes: Vuln wrangling, teams of rivals, global climate change - the hotter the better Dislikes: Slack jawed gawkers (girls are geeks too!), customers @ risk, egos Aloha from the Shakacon III, a security conference held each year in lovely Honolulu, Hawaii!