Skip to main content
MSRC

Month Archives: November 2009

Security Researcher Acknowledgements for Microsoft Online Services

Tuesday, November 24, 2009

This Thursday, many people in the United States will celebrate Thanksgiving. As you probably all know, this is traditionally seen as a time to express gratitude. Well, yesterday, we updated our “Security Researcher Acknowledgments for Microsoft Online Services” page to publicly say “thank-you” to researchers that reported issues in our online services to us for the month of October.

Ahn-young-ha-seh-yo & Kon-ni-chi-wa

Monday, November 23, 2009

Handle: Cap’n Steve IRL: Steve Adegbite Rank: Senior Security Program Manager Lead Likes: Reverse Engineering an obscene amount of code and ripping it up on a snowboard Dislikes: Not much but if you hear me growl…run Hi! It’s been a while since I’ve had a chance to blog about all the things we have been doing here.

Microsoft Security Advisory 977981 Released

Monday, November 23, 2009

We just released Security Advisory 977981 concerning an issue affecting Internet Explorer 6 and Internet Explorer 7 that could lead to remote code execution. At this time, we are not aware of any active attacks seeking to use this vulnerability. Our teams are currently working to develop an update and we will take appropriate action to protect customers when the update has met the quality bar for broad distribution.

SEHOP per-process opt-in support in Windows 7

Friday, November 20, 2009

In a previous blog post we discussed the technical details of Structured Exception Handler Overwrite Protection (SEHOP) which is an exploit mitigation feature that was first introduced in Windows Vista SP1 and Windows Server 2008 RTM. SEHOP prevents attackers from being able to use the Structured Exception Handler (SEH) overwrite exploitation technique when attempting to exploit certain types of software vulnerabilities.

Microsoft Security Advisory 977544 Released

Friday, November 13, 2009

Today we released Security Advisory 977544 to provide information, including customer guidance, on a publicly reported Denial-of-Service (DoS) vulnerability affecting Server Messaging Block (SMB) Protocol. This vulnerability, in SMBv1 and SMBv2, affects Windows 7 and Windows Server 2008 R2. Windows Vista, Windows Server 2008, Windows XP, Windows Server 2003 and Windows 2000 are not affected.

November 2009 Security Bulletin Webcast

Friday, November 13, 2009

Hello. This is Jerry Bryant letting you know that the questions and answers from our November Security Bulletin webcast have been posted and the video from the webcast is below. We did not get very many questions this month and the ones we did get covered various topics and were not focused in one particular area.

Monthly Security Bulletin Webcast Q&A - November 2009

Thursday, November 12, 2009

Hosts: Adrian Stone, Senior Security Program Manager Lead Jerry Bryant, Senior Security Program Manager Lead Website: TechNet/security Chat Topic: November 2009 Security Bulletin Date: Wednesday, November 11, 2009** Q: It looks like MS09-063 is only vulnerable to attacks via the local subnet, so is a Vista computer connected via Wi-Fi with the network configured as public, vulnerable?