Skip to main content
MSRC

Microsoft Security Response Center Blog

February 2009 Advanced Notification

Thursday, February 05, 2009

Hello, Bill here. I wanted to let you know that we just posted our Advance Notification for next week’s bulletin release which will occur on Tuesday, Feb. 10, 2009 around 10 a.m. Pacific Standard Time. It is important to remember that while the information posted below is intended to help with your planning, because it is preliminary information, it is subject to change.

Gone is the era of yes/no questions

Wednesday, February 04, 2009

It used to be easy to be in the security industry. All you had to do is develop products that needed to say “nay” or “yay” on a given content and “bless” it to be secure or not. That is so 2007… As we have been witnessing during a turbulent 2008 (and yes – it actually started in 2007…) nowadays the ability to decide whether a given content (note the distinction between content and file…) is malicious or not is much more complicated.

Constants and Change

Monday, February 02, 2009

Microsoft has been talking about community-based defense for some time now. This week, I want to provide a personal dimension to the campaign, and give an update on recent activities. Curiously, as I started to write this post, a couple of phrases popped up, which despite being somewhat trite, seemed appropriate – “change is constant” and “the more things change the more they stay the same.

Expanding Horizons

Monday, February 02, 2009

The original Security Vulnerability Research & Defense (SVRD) blog was launched in 2007, with the intent of providing more information about vulnerabilities in Microsoft software, mitigations and workarounds and active attacks. The blog is now expanding its focus a bit (and changing its name slightly), to include postings contributed by the Microsoft Security Engineering Center (MSEC) Security Science team.

Preventing the Exploitation of Structured Exception Handler (SEH) Overwrites with SEHOP

Monday, February 02, 2009

One of the responsibilities of Microsoft’s Security Engineering Center is to investigate defense in depth techniques that can be used to make it harder for attackers to successfully exploit a software vulnerability. These techniques are commonly referred to as exploit mitigations and have been delivered to users in the form of features like /GS, Data Execution Prevention (DEP), and Address Space Layout Randomization (ASLR).

XSS Filter Improvements in IE8 RC1

Friday, January 30, 2009

On MondayIE8 RC1 was released. Here are some of the most interesting improvements and bug fixes to the XSS Filter feature: Some byte sequences enabled the filter to be bypassed, depending on system locale URLs containing certain byte sequences bypassed the Beta 2 filter implementation in some locales. For example, with a Chinese locale system, URLs of the following format would bypass the filter:

Berlin: Far more than stellar pizza

Thursday, January 29, 2009

Handle: C-Lizzle IRL: Celene Temkin Rank: Program Manager 2 & BlueHat Project Manager Likes: Culinary warfare, BlueHat hackers and responsible disclosure Dislikes: Acts of hubris, MySpace, orange mocha Frappaccinos! Goodbye 2008- Hello 2009! Over the past year we, the MSRC EcoStrat team and all-up TwC Security have been a lot of places, seen a lot of people, and picked up a lot of t-shirts J.

Stack overflow (stack exhaustion) not the same as stack buffer overflow

Wednesday, January 28, 2009

Periodically we get reports into the MSRC of stack exhaustion in client-side applications such as Internet Explorer, Word, etc. These are valid stability bugs that, fortunately, do not lead to an exploitable condition by itself (no potential for elevation of privilege). We wanted to clarify the distinction between stack exhaustion and stack buffer overflow.

January 22, 2009: MS08-067 Conficker Worm Update

Thursday, January 22, 2009

Hi, Bill here, In response to continued customer questions on how to protect and defend themselves against the Conficker Worm, I wanted to let you know the Microsoft Malware Protection Center has published a Threat Research and Response Blog that centralizes Microsoft’s guidance. This will help you understand the nature of the threat and enable you to formulate a defense in depth strategy based on the aspects of your unique environments.