2010 | Microsoft Security Response Center

MS10-032: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege

Tuesday, June 08, 2010

Today we released a security update rated Important for CVE-2010-1255 in MS10-032. This vulnerability affects the win32k.sys driver. This blog post provides more information about this vulnerability that can help with prioritizing the deployment of updates this month. What’s the risk? A local attacker could write a custom user-mode attack application that passes a bad buffer to win32k.

MS10-035: Cross-Domain Information Disclosure Vulnerability

Tuesday, June 08, 2010

Today we released MS10-035, a security update with an Important severity update, addressing CVE-2010-0255. We’d like to talk briefly about that specific vulnerability and how we’ve addressed it. Background information This issue primarily impacts Internet Explorer running on Windows XP. Attacks against Internet Explorer running on Windows Vista and newer platforms are mitigated by Internet Explorer Protected Mode.

MS10-041: XML Signature HMAC Truncation Bypass Vulnerability

Tuesday, June 08, 2010

Today we released MS10-041 addressing an issue in the implementation of the XML signature functionality in the .NET Framework with an Important severity rating. We’d like to shed more light on that case here. Am I at risk? No Microsoft products are subject to this vulnerability. However, .NET applications that use the System.

2010年6月9日のセキュリティリリース予定 (月例)

Thursday, June 03, 2010

2010 年 6 月 9 日に予定している月例のセキュリティリリースについてのお知らせです。公開を予定しているセキュ

June 2010 Security Bulletin Advance Notification

Thursday, June 03, 2010

Hi everyone, Today we published our advance notification for the June security bulletin release, scheduled for release next Tuesday, June 8. This month’s release includes ten bulletins addressing 34 vulnerabilities. Six of the bulletins affect Windows; of those, two carry a Critical severity rating and four are rated Important. Two bulletins, both with a severity rating of Important, affect Microsoft Office.

Security Wars: エピソード 2 - 2-3. パトリオットハッカーの犯罪に対する処罰

Wednesday, June 02, 2010

Security Wars を更新しました。 Security Wars: エピソード 2 - 2-3. パトリオットハッカーの犯罪に対する処罰 http://technet.microsoft.com/ja-jp/security/ff720102.aspx 愛国的な行動と称して

SDL: セキュリティデベロップメントサイクル＠INTEROP

Monday, May 31, 2010

色々な機会に紹介させていただいている SDL:セキュリティデベロップメントライフサイクルですが、来週開

Microsoft Security Essentials を騙るマルウェアに注意

Wednesday, May 26, 2010

最近、マイクロソフト製の無償マルウェア対策ソフトである Microsoft Security Essentials (MSE) を装った “Security Essentials 2010”

Office Security Engineering: BlueHat v9 Presentation Revisited

Friday, May 21, 2010

Hi, this is Tom Gallagher from the Office Trustworthy Computing team. At Blue Hat v9, David Conger and I presented some of the security engineering work that we were doing to help ensure the security of Office 2010. We don’t want a single bug in our parsing code to allow arbitrary code to harm a customer’s machine by doing things like installing a rootkit.

Strengthening the Security Cooperation Program

Tuesday, May 18, 2010

Handle: Cap’n Steve IRL: Steve Adegbite Rank: Senior Security Program Manager Lead Likes: Reverse Engineering an obscene amount of code and ripping it up on a snowboard Dislikes: Not much but if you hear me growl…run G’day Mate! I have always wanted to say that. I am here at the AusCERT 2010 conference in the beautiful Gold coast, Australia.