Skip to main content
MSRC

Month Archives: October 2009

Announcing the release of the Enhanced Mitigation Evaluation Toolkit

Tuesday, October 27, 2009

UPDATE: Version 2.0 of EMET is now available. Even as you read this, people around the world are hunting for vulnerabilities in software applications. Odds are some of them will be successful. Depending on their motives and what they find, your software and systems may be put at risk. So how do you protect your software from unknown vulnerabilities that may or may not exist?

Read More

The lighter side of the cloud

Wednesday, October 21, 2009

Billy Rios here. I’m giving a talk this week along with Nate McFeters entitled, “Sharing the Cloud with Your Enemy.” It’s a fun, realistic talk on security in the cloud. Why cloud computing? Cloud computing, software as a service, infrastructure as a service, platform as a service… with so many different terms and so much hype, this cloud computing stuff can be confusing and understanding security in the cloud can be even more confusing!

Read More

October 2009 Security Bulletin Webcast Questions and Answers

Tuesday, October 20, 2009

Hi everyone. We have posted the questions and answers from the security bulletin webcast we conducted on October 14 at this link. It was clear from all of the questions concerning MS09-062 (the GDI+ update) that there is some confusion on how to apply the update when you have a combination of SQL Server and Windows 2000 clients.

Read More

Attacking SMS

Monday, October 19, 2009

This year at BlackHat USA in Las Vegas, we presented on the topic of attacking Short Message Service (SMS). Our presentation focused on the different ways in which SMS can be used to compromise mobile security. We’re excited to give an updated version of our talk at the upcoming BlueHat v9 conference later this month, and thought the BlueHat blog readers who will not be able to attend might enjoy an overview of some key material from the presentation.

Read More

Monthly Security Bulletin Webcast Q&A - October 2009

Monday, October 19, 2009

Hosts: Adrian Stone, Senior Security Program Manager Lead Jerry Bryant, Senior Security Program Manager Lead** Website: TechNet/security Chat Topic: October 2009 Security Bulletin Date: Wednesday, October 14, 2009 Q: In reference to MS09-053, are all Internet Information Services (IIS) servers affected or only IIS servers running File Transfer Protocol (FTP)?

Read More