Skip to main content
MSRC

Month Archives: November 2009

Details on the License Logging Service vulnerability

Tuesday, November 10, 2009

Today, we released MS09-064 which addresses a vulnerability in the License Logging Service. In this post, we provide some background on the service and the severity of the underlying vulnerability. Background License Logging Service (LLS) is a feature that was originally designed to help customers manage licenses for Microsoft server products licensed in the Server Client Access License (CAL) model.

Read More

Font Directory Entry Parsing Vulnerability In win32k.sys

Tuesday, November 10, 2009

MS09-065 addresses a vulnerability (CVE-2009-2514) in the font parsing subsystem of win32k.sys. If not addressed, this vulnerability could allow an attacker to bluescreen (DoS) the machine (best case scenario) or run code of his/her choice, possibly in the context of the kernel (worst case scenario). In this blog entry, I’ll attempt to answer a few questions regarding the vulnerability addressed in this month’s win32k.

Read More

November 2009 Security Bulletin Release

Tuesday, November 10, 2009

Summary of Microsoft’s Security Bulletin Release for November 2009 Today, we released six security bulletins addressing a total of 15 vulnerabilities. Four affect Windows and Windows Server and two affect Microsoft Office products (Excel and Word). As we do every month, we have prepared our Risk & Impact and our Deployment Priority guidance to help customers assess risk to their environments and prioritize the deployment of this month’s updates.

Read More

Vulnerability in Web Services on Devices (WSD) API

Tuesday, November 10, 2009

MS09-063 addresses a critical vulnerability (CVE-2009-2512) in the Web Services on Devices (WSD) API. Web Services on Devices allows a computer to discover and access a remote device and its associated services across a network. It supports device discovery, description, control, and eventing. The WSD API functionality is implemented in the WSDApi.

Read More

Know thy Enemy

Friday, November 06, 2009

I recently attended BlueHat for the second time and spoke about the SMS vulnerabilities Collin Mulliner and I discovered and exploited this summer. BlueHat is an interesting speaking venue because the audience consists entirely of Microsoft employees. Some people might think security researchers speaking at Microsoft is like speaking before the enemy, but that is not the case (an actual example of that would have been when I talked about exploit sales at CERT a few years ago).

Read More

November 2009 Bulletin Release Advance Notification

Thursday, November 05, 2009

Advance Notification for the November 2009 Security Bulletin Release To help customers plan and prioritize for this month’s security updates, we wanted to let you know that we will be releasing 6 bulletins (three critical and three important) addressing 15 vulnerabilities, affecting Windows and Microsoft Office products. Customers should plan a restart for the Windows bulletins.

Read More

Update released for MS09-054

Monday, November 02, 2009

Today we released an update 976749 that addresses two issues with MS09-054 that a limited number customers reported to us through our Customer Service and Support (CSS) group. These two issues can affect the proper display of web pages. For additional details, please refer to Microsoft Knowledge Base article 976749.

Read More