Skip to main content

Month Archives: February 2011

Notes on exploitability of the recent Windows BROWSER protocol issue

Wednesday, February 16, 2011

Earlier this week a PoC exploit for a vulnerability in the BROWSER protocol was released on Full Disclosure. There has been some discussion regarding whether this issue can result in Remote Code Execution (RCE) or is only a Denial of Service (DoS). This blog post provides details on the exploitability based on our internal analysis.

Additional Fixes in Microsoft Security Bulletins

Monday, February 14, 2011

From time to time we receive questions regarding fixes not documented in security bulletins. Some call these “silent fixes.” We hope this blog post answers those questions and helps clarify Microsoft’s process in fixing and documenting all vulnerabilities and addressing internally discovered variants. It’s important to remember the following: As part of Microsoft’s comprehensive security update process, Microsoft will address variants of reported issues.

Q&A from the February 2011 Security Bulletin Webcast

Thursday, February 10, 2011

Hello, Today we published the February Security Bulletin Webcast Questions & Answers page. We fielded 12 questions on various topics during the webcast, including bulletins released, deployment tools, and update detection tools. We invite our customers to join us for the next public webcast on Wednesday, March 9th at 11am PST (-8 UTC), when we will go into detail about the March bulletin release and answer questions live on the air.

Assessing the risk of the February security updates

Tuesday, February 08, 2011

Today we released twelve security bulletins. Three have a maximum severity rating of Critical and nine have a maximum severity rating of Important. This release addresses three publicly disclosed vulnerabilities. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack vector Max Bulletin Severity Max Exploit-ability Likely first 30 days impact Platform mitigations and key notes MS11-003(IE) Victim browses to a malicious webpage.

Deeper insight into the Security Advisory 967940 update

Tuesday, February 08, 2011

Hi! I’m Adam Shostack, a program manager working in TWC Security, and I’d like to talk a bit about today’s AutoRun update. Normally, I post over on the SDL blog, but of late I’ve been doing a lot of work in classifying and quantifying how Windows computers get compromised. One thing that popped from that analysis was the proportion of infected machines with malware that uses Autorun to propagate.