Thursday, May 28, 2009
Recently, we found a remote code execution vulnerability in Microsoft’s DirectShow platform (quartz.dll) when processing the QuickTime format. We have released advisory 971778 providing guidance to help protect customers. We’d like to go into more detail in this blog to help you understand: Which configurations are at risk? Why is this a high risk vulnerability?
Wednesday, May 27, 2009
小野寺です。 実は、Microsoft も、OneCare 以外のセキュリティ対策製品を提供していたりしま
Tuesday, May 26, 2009
The heap in user mode has a number of different measures built in to make exploiting heap overrun vulnerabilities more challenging. Similar checks have been in debug versions of the kernel pool for some time to aid driver debugging. Windows 7 RC is the first version of Windows with some of these integrity checks turned on in release builds.
Wednesday, May 20, 2009
We have heard several questions from customers about the WebDAV authentication bypass issue on IIS. We wanted to post common questions and answers here to help anyone else who might have the same question. Question: Is Sharepoint vulnerable to the authentication bypass? Answer: No, Sharepoint is not vulnerable to this vulnerability.
Monday, May 18, 2009
I wanted to let you know that we have just posted Microsoft Security Advisory (971492). This advisory contains information regarding public reports of a vulnerability in Microsoft Internet Information Services (IIS) that could allow Elevation of Privilege. Products affected are IIS 5.0, IIS 5.1, and IIS 6.0. The advisory contains guidance and workarounds that customers can use to help protect themselves.
Monday, May 18, 2009
Security Advisory 971492 provides official guidance about the new IIS authentication bypass vulnerability. We’d like to go into more detail in this blog to help you understand: Am I at risk? If so, what could happen? How can I protect myself? Which IIS configurations are at risk? Only a specific IIS configuration is at risk from this vulnerability.
Friday, May 15, 2009
Hosts: Adrian Stone, Senior Security Program Manager Lead Jerry Bryant, Senior Security Program Manager Website: TechNet/security Chat Topic: May 2009 Security Bulletin Date: Wednesday, May 13, 2009 Q: Has there been any reports of KB958690causing blue screens? We have heard some info on the web and were curious if you have heard anything.
Friday, May 15, 2009
In the May 2009 security bulletin webcast, we addressed several questions relating to MS09-017 in addition to questions about WSUS and MBSA. For those questions that came in after we concluded the webcast, we have provided answers in the published Q&A which you can find here: http://blogs.technet.com/msrc/pages/monthly-security-bulletin-webcast-q-a-May-2009.aspx Also, here is the link to the Q&A index page in case you want to view previous months:
