swiat

Assessing the risk of the schannel.dll vulnerability (MS09-007)

Tuesday, March 10, 2009

MS09-007 resolves an issue in which an attacker may be able to log onto an SSL protected server which is configured to use certificate based client authentication with only the public key component of a certificate, not the associated private key. Only a subset of customers who log into SSL protected servers are at risk but it is a little tricky to explain who might be affected due to the unique nature of this vulnerability.

• Risk Asessment
• Signing
• Spoofing

CanSecWest Preview & New Blog URL

Thursday, March 05, 2009

It’s getting busy around here with people preparing for the CanSecWest security conference (http://cansecwest.com/). Many of the Microsoft Security Engineering Center (MSEC) and Microsoft Security Response Center (MSRC) members that regularly post to this blog will be attending CanSecWest and soaking up the 3 days of presentations & networking. If you haven’t heard us talk about the Security Science angle of MSEC before, let me explain.

• CanSecWest
• Security Development Lifecycle (SDL)
• Security Science

Behavior of ActiveX controls embedded in Office documents

Tuesday, March 03, 2009

The Microsoft Office applications (Word, Excel, PowerPoint, etc) have built-in ActiveX control support. ActiveX support allows a richer experience when interacting with an Office document. For example, a document author could use the Safe-For-Initialization Office Web Components (OWC) ActiveX control to retrieve data from an intranet data source. Office applications’ prompting behavior

• ActiveX
• Internet Explorer (IE)
• Microsoft Office
• Safe for initialization
• Workarounds

More information about the new Excel vulnerability

Tuesday, February 24, 2009

This morning, we posted Security Advisory 968272 notifying of a new Excel binary file format vulnerability being exploited in targeted attacks. We wanted to share more information about the vulnerability to help you assess risk and protect your environment. Office 2007 being targeted The current attacks we have seen target users of Office 2007 running an earlier version of Windows (Windows 2000, XP, 2003).

• Microsoft Office
• Mitigations
• Open XML
• Workarounds

Expanding Horizons

Monday, February 02, 2009

The original Security Vulnerability Research & Defense (SVRD) blog was launched in 2007, with the intent of providing more information about vulnerabilities in Microsoft software, mitigations and workarounds and active attacks. The blog is now expanding its focus a bit (and changing its name slightly), to include postings contributed by the Microsoft Security Engineering Center (MSEC) Security Science team.

Preventing the Exploitation of Structured Exception Handler (SEH) Overwrites with SEHOP

Monday, February 02, 2009

One of the responsibilities of Microsoft’s Security Engineering Center is to investigate defense in depth techniques that can be used to make it harder for attackers to successfully exploit a software vulnerability. These techniques are commonly referred to as exploit mitigations and have been delivered to users in the form of features like /GS, Data Execution Prevention (DEP), and Address Space Layout Randomization (ASLR).

• Exploitation
• Mitigations
• Security Science

XSS Filter Improvements in IE8 RC1

Friday, January 30, 2009

On MondayIE8 RC1 was released. Here are some of the most interesting improvements and bug fixes to the XSS Filter feature: Some byte sequences enabled the filter to be bypassed, depending on system locale URLs containing certain byte sequences bypassed the Beta 2 filter implementation in some locales. For example, with a Chinese locale system, URLs of the following format would bypass the filter:

• Internet Explorer (IE)
• Security Science
• XSS
• XSS Filter

Stack overflow (stack exhaustion) not the same as stack buffer overflow

Wednesday, January 28, 2009

Periodically we get reports into the MSRC of stack exhaustion in client-side applications such as Internet Explorer, Word, etc. These are valid stability bugs that, fortunately, do not lead to an exploitable condition by itself (no potential for elevation of privilege). We wanted to clarify the distinction between stack exhaustion and stack buffer overflow.

• Exploitability
• Full-disclosure
• Internet Explorer (IE)

MS09-001: Prioritizing the deployment of the SMB bulletin

Friday, January 09, 2009

This month we released an update for SMB that addresses three vulnerabilities. This blog post provides additional information that might help prioritize the deployment of this update, and help explain the risk for code execution. In the bulletin you will see that the cumulative severity rating is Critical for Windows 2000, XP and Server 2003 systems, while Vista and Server 2008 have cumulative severity ratings of Moderate.

• Exploitability
• Kernel
• Rating
• SMB

Information regarding MD5 collisions problem

Tuesday, December 30, 2008

Today Microsoft released a security advisory (961509) regarding collisions in MD5 hashes on certificates. This specific problem affects the entire industry and is not a Microsoft specific vulnerability. Serious weaknesses in MD5 have been known for many years now; it is because of these weaknesses that MD5 is banned in new code under the Microsoft Security Development Lifecycle (SDL).

• MD5 hash collisions