Skip to main content
MSRC

2009

GS cookie protection – effectiveness and limitations

Monday, March 16, 2009

The Microsoft C/C++ compiler supports the GS switch which aims to detect stack buffer overruns at runtime and terminate the process, thus in most cases preventing an attacker from gaining control of the vulnerable machine. This post will not go into detail about how GS works, so it may be helpful to refer to these MSDN articles for an overview and loads of detail on how GS works and what a GS cookie is.

Monthly Security Bulletin Webcast Q&A - March 2009

Monday, March 16, 2009

Hosts: Adrian Stone, Senior Security Program Manager Lead Steve Adegbite, Senior Security Program Manager Lead Website: TechNet/security Chat Topic: March 2009 Security Bulletin Date: Wednesday, March 11, 2009 Q: The Bulletin Summary received yesterday indicated all MS09-008 vulnerabilities were set to Exploitability Level 2. When did this change and why?

Security Bulletin Webcast Questions and Answers - March 2009

Monday, March 16, 2009

Hi, During this month’s webcast we were able to address 18 questions in the time allotted. Most of the questions centered on the MS09-008, the DNS and WINS Server bulletin. We did address some additional questions regarding MS09-006, the Windows kernel bulletin, and the Malicious Software Removal Tool (MSRT). Here is the link to the full Q&A so you can see all of the answers that were provided for these great questions:

MS09-008 Protection

Friday, March 13, 2009

Hi Bill here, You may have seen reports regarding the effectiveness of Microsoft Security Bulletin MS09-008. I wanted to let everyone know that we have thoroughly reviewed these reports, and customers who’ve deployed this update are protected from the four vulnerabilities outlined in the bulletin. We’ve also been collaborating with several researchers regarding the effectiveness of this update, as it is a complex issue, and have released more details about these vulnerabilities and how the Security Update addresses them.

March 2009 Security Bulletin Webcast Videos

Thursday, March 12, 2009

Hey everyone, Jerry Bryant here. I am back with the videos from yesterday’s security bulletin webcast. We got great responses to the overview video we posted on Tuesday. To compliment that, the videos below go in to more detail on each bulletin and the exploitability index. As always, please plan to attend our monthly security bulletin webcast live if you can as we staff those with subject matter experts to answer the questions you have about the bulletins we released.