Tuesday, October 14, 2008
Bulletin severity is an interesting topic to many blog readers. We often hear that you think a bulletin should be rated higher or lower. Sometimes we even hear one person suggesting a higher rating and another suggesting a lower rating for the same issue. J This post is not to advocate for or against the MSRC rating system but we’d just like you to understand what we were thinking for each bulletin.
Tuesday, October 14, 2008
Microsoft Host Integration Server 2006 is an interesting product. It allows developers to manage business processes on IBM mainframe and AS/400 (big iron) servers as XML web services. You can find a free trial version available for download at http://www.microsoft.com/hiserver/downloads/default.mspx. Unfortunately, access to the management interface was not properly locked-down. MS08-059 is an update for Microsoft Host Integration Server 2006 which secures the SNA RPC service interface.
Tuesday, October 14, 2008
MS08-061 addresses several vulnerabilities in win32k.sys where you can execute arbitrary code in kernel mode. These bugs can only be exploited locally and there is no remote vector based on our investigation of the vulnerability. One of these vulnerabilities involves multiple kernel mode accesses of user mode data leading to an interesting race condition.
Tuesday, October 14, 2008
Today, we released MS08-065 to fix an issue in MSMQ. You’ll notice that the bulletin was rated “Important” and indicates that remote code execution is possible. However, we would like to show you that in practice the severity of the fixed issue is limited only to information disclosure. If the MSMQ service were installed by default on any affected Windows configuration, we would have rated this one Critical.
Tuesday, October 14, 2008
The driver afd.sys is responsible for handling socket connections. MS08-066 addresses several vulnerabilities in afd.sys that could allow an attacker to execute arbitrary code in kernel mode. These vulnerabilities can only be exploited locally and there is no remote vector from our investigations. One of these vulnerabilities involves a ProbeForRead / ProbeForWrite bypass when using user supplied memory pointers and lengths.
Tuesday, October 14, 2008
Hello Everyone! This is Steve Adegbite. I am new to the MSRC Crew. I work with Simon and Tami to help manage Microsoft’s security update releases. I also help with Microsoft’s Partner outreach effort and the Microsoft Active Protections Program (MAPP). So from time to time you will be hearing from me.
Monday, October 13, 2008
Hello, This is Scott Stender and Alex Vidergar from iSEC Partners, and our topic for BlueHat is Concurrency Attacks in Web Applications. Database administrators, computer architects, and operating system designers have spent decades solving the problems that arise from concurrency as they apply to their respective technologies, so this should be old, boring stuff, right?
Monday, October 13, 2008
Hi this is Christopher Budd, We received some questions from customers about an e-mail that’s circulating that claims to be a security e-mail from Microsoft. The e-mail comes with an attached executable, which it claims is the latest security update, and encourages the recipient to run the attached executable so they can be safe.
Monday, October 13, 2008
I’m Dustin, a Security Program Manager in the Microsoft Security Response Center (MSRC). We have received a few questions regarding a public issue and we wanted to update you on the status of how we plan to address it. The issue revolves around Security Advisory 951306. We originally posted this advisory in March as a result of an issues discussed publicly that described a method of using system tokens to elevate privileges on Windows XP and 2003 systems.
Monday, October 13, 2008
The past few days, we have had service isolation on our minds here in Redmond after the POC code posting last week from Cesar Cerrudo. Nazim Lala from the IIS team posted a great blog entry about the fix and why it is taking so long to release it. I expect it to be close to the amount of code churn as XP SP2.
