Tuesday, August 19, 2008
Recently we announced the Internet Explorer 8 XSS Filter and talked a bit about its design philosophy. This post will describe the filter’s architecture and implementation in more detail. Design Goals The Internet Explorer 8 XSS Filter is intended to mitigate reflected / “Type-1” XSS vulnerabilities in a way that does not “break the web.
Wednesday, August 13, 2008
MS08-049 is an update for the Windows Event System service to correct an authenticated elevation-of-privilege vulnerability. We received a question via email yesterday about the type of authentication needed to exploit CVE-2008-1456. Our security bulletin was a little ambiguous with one reference to “logon credentials” and another to “domain credentials”. The email question was from an IT security manager who wondered whether his hardened servers could be compromised remotely.
Tuesday, August 12, 2008
MS08-041 fixes a vulnerability in the Microsoft Access Snapshot Viewer ActiveX control. It’s an interesting vulnerability so we wanted to go into more detail about platforms at reduced risk and also more about the servicing strategy for this vulnerability. Windows Vista at reduced risk? We first heard about this vulnerability from customers sending in reports of active attacks.
Tuesday, August 12, 2008
A few weeks ago we posted a blog entry titled “How to parse the .doc file format”. Today’s blog post will show you how to use that information to check whether a .doc file is specially crafted to exploit MS08-042, one of the vulnerabilities addressed by today’s security updates. This particular vulnerability is being exploited out in the real world so we believe the benefits of releasing more information about it to help the defenders outweighs the risk of attackers learning more about the already-public vulnerability.
Tuesday, August 12, 2008
In this month’s update for Excel we addressed an interesting CVE (CVE-2008-3003) – the first vulnerability to affect the new Open XML file format (but it doesn’t result in code execution). This is an information disclosure vulnerability that can arise when a user makes a data connection from Excel to a remote data source and checks a checkbox to have Excel NOT save the password used in that connection to the file.
Tuesday, August 12, 2008
MS08-050 concerns an ActiveX control that can be maliciously scripted to leak out personal information such as email addresses. There appeared to be no need for the control to have this behaviour so giving it a Kill-Bit seemed the correct approach to take. During the extensive testing that each security update undergoes, however, it became apparent that the Kill-Bit wasn’t ideal as it partially broke the Remote Assistance application.
Friday, July 18, 2008
This past February, Microsoft publicly released the Office binary file formats specification. These describe how to parse Word, Excel, and PowerPoint files to review or extract the content. Because they describe the structure of these file formats in detail, we think the file format specification will be particularly interesting to ISVs who write detection logic for malware scanners (such as Anti-Virus software).
Tuesday, July 08, 2008
We released security bulletin MS08-020 two months ago to improve the DNS transaction ID entropy. You can read more about the MS08-020 algorithm change in this blog entry. Increasing the entropy makes it more difficult for attackers to spoof DNS replies. Today, we released MS08-037 to further increase the difficulty of spoofing DNS transactions.
Tuesday, July 08, 2008
Today we released MS08-039 which addressed several XSS vulnerabilities in Microsoft Exchange’s Outlook Web Access component. While this is an update to be applied to the Exchange server, the clients who use OWA are the computers potentially at risk. We’d like to explain a little more about the vulnerability so that you can determine whether you or your organization are at risk.
Tuesday, July 08, 2008
Today we released MS08-040 to patch several vulnerabilities in the SQL Server Database Engine; one of them involves the SQL Server backup file format. The format is also known as MTF (Microsoft Tape Format). The vulnerability requires an attacker to be able to force the SQL Server to load a malicious MTF file from the local drive or from the network.
