Tuesday, August 11, 2009
We have released MS09-036 to address an anonymous denial of service (DoS) vulnerability in ASP.NET. We’d like to go into more detail in this blog to help you understand: Which configurations are at risk? What could happen if my configuration is impacted? How can I protect myself? Which configurations are at risk?
Tuesday, August 11, 2009
MS09-035 was released July 28 to address vulnerabilities in the Visual Studio Active Template Library (ATL). A related security update, MS09-034, included a defense-in-depth Internet Explorer mitigation to help protect against attacks in vulnerable components. This morning, we released security bulletin MS09-037 to addresses the ATL vulnerabilities in several Windows components.
Tuesday, August 11, 2009
This morning, we released security update MS09-039 addressing vulnerabilities in the Microsoft Windows Internet Name Service (WINS). In this blog post, we’d like to help you understand the following: What is the risk of this vulnerability? Why is it rated Critical? What is Microsoft doing to prevent a “WINS worm?” What you can do to protect your environment?
Thursday, August 06, 2009
Advance Notification for the August 2009 Security Bulletin Release In this month’s Advance Notification we are making customers aware that next Tuesday August 11th we plan to release 9 security bulletins at approximately 10:00 a.m. PDT (UTC -8). Those bulletins consist of: · 8 bulletins affecting Windows four of which are rated critical and four are rated as important.
Tuesday, August 04, 2009
Over the past few months we have discussed a few different defense in depth mitigations (like GS [pt 1, pt2], SEHOP, and DEP [pt 1, pt 2]) which are designed to make it harder for attackers to successfully exploit memory safety vulnerabilities in software. In addition to the mitigations that we’ve discussed so far, a significant amount of effort has gone into hardening the Windows heap manager in order to complicate the exploitation of heap-based memory corruption vulnerabilities.
Friday, July 31, 2009
We’ve gotten questions from security researchers and malware protection vendors about the binary file format used by Microsoft Word, PowerPoint, and Excel. The format specification is open and we have spoken at several conferences (1, 2, 3) about detecting malicious docs but we wanted to do more to help defenders. So earlier this year we started working on an Office Visualization Tool called “OffVis”.
Wednesday, July 29, 2009
Hosts: Christopher Budd, Security Program Manager Jonathan Ness, Security Development Lead Website: TechNet/security Chat Topic: July 2009 OOB Security Bulletin Date: Tuesday, July 28, 2009** Q: After applying MS09-035 will end users see any changes to their user interface that would be unusual or different to normal when working with ActiveX controls in Internet Explorer?
Wednesday, July 29, 2009
Hi, In conjunction with the Microsoft July 2009 Out-of-Band Bulletin release, we conducted two public webcasts to assist customers. During these webcasts, we were able to address 60 questions in the time allotted. The questions centered primarily on MS09-034: the Internet Explorer Cumulative Update Bulletin and MS09-035: the Visual Studio Bulletin.
Tuesday, July 28, 2009
This morning we released MS09-035 to address ATL vulnerabilities in Visual Studio. This blog post will help you answer the following questions: What are the ATL vulnerabilities? Which versions of ATL are vulnerable? How can I tell if my ActiveX control is affected? How can I fix a vulnerable control? What are the ATL vulnerabilities?
Tuesday, July 28, 2009
IE security update MS09-034 implements two defense-in-depth measures intended to mitigate the threat of attacks which attempt to exploit the Microsoft Active Template Library (ATL) vulnerabilities described in Security Advisory 973882 and MS09-034. We would like to explain these mitigations in more detail. ATL persisted data checks The first mitigation is a change to modify how ATL-based controls read persisted data by detecting specific call patterns that are problematic.
