Microsoft Security Response Center Blog

Announcing the BlueHat Security Forum: EU Edition

Tuesday, June 02, 2009

Handle: C-Lizzle IRL: Celene Temkin Rank: Program Manager 2 & BlueHat Project Manager Likes: Culinary warfare, BlueHat hackers and responsible disclosure Dislikes: Acts of hubris, MySpace, orange mocha Frappaccinos! Hey folks! I know this is typically the time of year when birds are chirping, the rain is _supposed _to be letting up, and those of you in the BlueHat network who are normally invited to attend the Spring BlueHat conference are asking yourselves, “Why did MSRC start doing the con only once a year?

• Attack
• BlueHat Security Briefings
• Community-based Defense
• EcoStrat
• Malicious Software (Malware)
• MSRC
• MSRC Ecosystem Strategy
• Security Conference Engagement
• Security Development Lifecycle (SDL)
• Security Ecosystem
• Security Research
• Watering Hole

Getting a business degree as part of Security Research?

Tuesday, June 02, 2009

What a great time to start thinking of travel – the weather is fairing up, June is here, and fortunately for me, I have a chance to take the driver seat again at another BlueHat conference! This time it’s in Brussels and I’m really looking forward to talking again about one of my favorite topics (eCrime – technology and business), as well as networking with the Microsoft gang and their European counterparts.

• Attack
• BlueHat Security Briefings
• Cyberbullying
• Emerging Threat
• Identity/Identity Theft
• Malicious Software (Malware)
• Password Stealers

Microsoft Security Advisory 971778 Vulnerability in Microsoft DirectShow Released

Thursday, May 28, 2009

We’ve just released Microsoft Security Advisory 971778 today. This discusses a new vulnerability in Microsoft DirectShow affecting Windows 2000, Windows XP and Windows Server 2003 that is under limited attack. The advisory outlines information about the vulnerability and steps customers can take to protect themselves while we’re working on a security update to address the issue.

New vulnerability in quartz.dll Quicktime parsing

Thursday, May 28, 2009

Recently, we found a remote code execution vulnerability in Microsoft’s DirectShow platform (quartz.dll) when processing the QuickTime format. We have released advisory 971778 providing guidance to help protect customers. We’d like to go into more detail in this blog to help you understand: Which configurations are at risk? Why is this a high risk vulnerability?

• Attack Surface Reduction
• Internet Explorer (IE)
• Killbit
• Quartz.dll
• Risk Asessment
• Workarounds

Safe Unlinking in the Kernel Pool

Tuesday, May 26, 2009

The heap in user mode has a number of different measures built in to make exploiting heap overrun vulnerabilities more challenging. Similar checks have been in debug versions of the kernel pool for some time to aid driver debugging. Windows 7 RC is the first version of Windows with some of these integrity checks turned on in release builds.

• Defense-in-depth
• Exploitation
• Mitigations
• Security Science

Answers to the IIS WebDAV authentication bypass questions

Wednesday, May 20, 2009

We have heard several questions from customers about the WebDAV authentication bypass issue on IIS. We wanted to post common questions and answers here to help anyone else who might have the same question. Question: Is Sharepoint vulnerable to the authentication bypass? Answer: No, Sharepoint is not vulnerable to this vulnerability.

• Authentication bypass
• IIS
• Risk Asessment

Microsoft Security Advisory 971492

Monday, May 18, 2009

I wanted to let you know that we have just posted Microsoft Security Advisory (971492). This advisory contains information regarding public reports of a vulnerability in Microsoft Internet Information Services (IIS) that could allow Elevation of Privilege. Products affected are IIS 5.0, IIS 5.1, and IIS 6.0. The advisory contains guidance and workarounds that customers can use to help protect themselves.

More information about the IIS authentication bypass

Monday, May 18, 2009

Security Advisory 971492 provides official guidance about the new IIS authentication bypass vulnerability. We’d like to go into more detail in this blog to help you understand: Am I at risk? If so, what could happen? How can I protect myself? Which IIS configurations are at risk? Only a specific IIS configuration is at risk from this vulnerability.

• Authentication bypass
• IIS
• Mitigations
• Risk Asessment
• Workarounds

Monthly Security Bulletin Webcast Q&A - May 2009

Friday, May 15, 2009

Hosts: Adrian Stone, Senior Security Program Manager Lead Jerry Bryant, Senior Security Program Manager Website: TechNet/security Chat Topic: May 2009 Security Bulletin Date: Wednesday, May 13, 2009 Q: Has there been any reports of KB958690causing blue screens? We have heard some info on the web and were curious if you have heard anything.

• Pages
• Security Update Webcast Q & A

Security Bulletin Webcast Video, Questions and Answers – May 2009

Friday, May 15, 2009

In the May 2009 security bulletin webcast, we addressed several questions relating to MS09-017 in addition to questions about WSUS and MBSA. For those questions that came in after we concluded the webcast, we have provided answers in the published Q&A which you can find here: http://blogs.technet.com/msrc/pages/monthly-security-bulletin-webcast-q-a-May-2009.aspx Also, here is the link to the Q&A index page in case you want to view previous months:

• Security Bulletin
• Security Update
• Security Update Webcast
• Security Update Webcast Q & A
• Video