Skip to main content
MSRC

Security Research & Defense

MS08-050 : Locking an ActiveX control to specific applications.

Tuesday, August 12, 2008

MS08-050 concerns an ActiveX control that can be maliciously scripted to leak out personal information such as email addresses. There appeared to be no need for the control to have this behaviour so giving it a Kill-Bit seemed the correct approach to take. During the extensive testing that each security update undergoes, however, it became apparent that the Kill-Bit wasn’t ideal as it partially broke the Remote Assistance application.

Read More

How to parse the .doc file format

Friday, July 18, 2008

This past February, Microsoft publicly released the Office binary file formats specification. These describe how to parse Word, Excel, and PowerPoint files to review or extract the content. Because they describe the structure of these file formats in detail, we think the file format specification will be particularly interesting to ISVs who write detection logic for malware scanners (such as Anti-Virus software).

Read More

MS08-037 : More entropy for the DNS resolver

Tuesday, July 08, 2008

We released security bulletin MS08-020 two months ago to improve the DNS transaction ID entropy. You can read more about the MS08-020 algorithm change in this blog entry. Increasing the entropy makes it more difficult for attackers to spoof DNS replies. Today, we released MS08-037 to further increase the difficulty of spoofing DNS transactions.

Read More

MS08-039: Which users are vulnerable to the OWA XSS vulnerability?

Tuesday, July 08, 2008

Today we released MS08-039 which addressed several XSS vulnerabilities in Microsoft Exchange’s Outlook Web Access component. While this is an update to be applied to the Exchange server, the clients who use OWA are the computers potentially at risk. We’d like to explain a little more about the vulnerability so that you can determine whether you or your organization are at risk.

Read More

MS08-040: How to spot MTF files crossing network boundary

Tuesday, July 08, 2008

Today we released MS08-040 to patch several vulnerabilities in the SQL Server Database Engine; one of them involves the SQL Server backup file format. The format is also known as MTF (Microsoft Tape Format). The vulnerability requires an attacker to be able to force the SQL Server to load a malicious MTF file from the local drive or from the network.

Read More

The IE8 XSS Filter

Wednesday, July 02, 2008

Hello, our team and IE have recently collaborated on a new IE8 feature that was announced today – the XSS Filter. Check it out here: http://blogs.msdn.com/ie/archive/2008/07/02/ie8-security-part-iv-the-xss-filter.aspx This effort demonstrates our commitment to helping our product teams benefit from the knowledge we have gained while defending our products from attack. Stay tuned to our blog for more stories like this in weeks to come…

Read More

New tools to block and eradicate SQL injection

Tuesday, June 24, 2008

The MSRC released an advisory today that discusses the recent SQL injection attacks and announces three new tools to help identify and block these types of vulnerabilities. The advisory discusses the new tools, the purpose of each, and the way each complements the others. The goal of this blog post is to help you identify the best tool to use depending on your role (i.

Read More

MS08-033: So what breaks when you ACL quartz.dll?

Tuesday, June 10, 2008

In some of the multimedia MSRC bulletins that have been released there is a workaround listed about changing ACL’s on Quartz.dll. So, what exactly breaks when we ACL Quartz.dll? Quartz.dll is a core component of the DirectShow framework. Originally a component of DirectX, DirectShow eventually took on a life of its own as multimedia recording and playback evolved.

Read More

MS08-036: PGM? What is PGM?

Tuesday, June 10, 2008

This morning we released MS08-036 to fix two denial-of-service vulnerabilities in the Windows implementation of the Pragmatic General Multicast (PGM) protocol (RFC 3208). You probably have never heard of PGM. Only one engineer on our team had ever heard of it and he previously worked as a tester on the core network components team.

Read More