Tuesday, June 24, 2008
The MSRC released an advisory today that discusses the recent SQL injection attacks and announces three new tools to help identify and block these types of vulnerabilities. The advisory discusses the new tools, the purpose of each, and the way each complements the others. The goal of this blog post is to help you identify the best tool to use depending on your role (i.
Tuesday, June 24, 2008
Hey Andrew Cushman here. Today I’m pleased to announce the coordinated release of three security tools in Security Advisory 954462 to help customers deal with SQL injection attacks: · UrlScan version 3.0 Beta, a security tool that restricts the types of HTTP requests that Internet Information Services (IIS) will process. By blocking specific HTTP requests, the UrlScan helps prevent potentially harmful requests.
Thursday, June 19, 2008
After a whirlwind trip to beautiful Honolulu, Hawaii to give the Day 2 keynote at ShakaCon, I am finally back to reality here at Microsoft. More on that shortly, from another blog… Right here, right now, BlueHat video interviews with the speakers are available. From “Bad Sushi: Beating Phishers at Their Own Game” with our own Billy Rios to “Token Kidnapping” with Cesar Cerrudo of Argeniss – get an exclusive sneak peek into what really happened at BlueHat v7.
Thursday, June 19, 2008
Hello, this is Christopher Budd. I wanted to let folks know that we’ve just re-released MS08-030. This is to let you know there’s a new version of this security update available for Windows XP SP2 and SP3 customers and to encourage them to deploy these new updates. There are no new updates for the other versions of Windows discussed in the bulletin.
Tuesday, June 17, 2008
Hello, This is Christopher Budd again. I wanted to let you know we’ve just updated Microsoft Security Advisory 954474 to let you know we’ve released an update that affected customers can apply to their System Center Configuration Manager (ConfigMgr) 2007 servers to resolve the issue we discussed in our posting on Friday June 13.
Friday, June 13, 2008
Hello, This is Christopher Budd. I’m back here on the MSRC weblog after spending some time learning the Privacy side of our business (and getting my CIPP certification). I’m here to let you know that we’ve just posted Microsoft Security Advisory 954474. This advisory is to let customers know that we’re aware of an issue that is affecting the deployment of the June 2008 security updates.
Tuesday, June 10, 2008
Hello! This is Tami Gallupe (MSRC Release Manager) and I want to let you know that we just posted our June 2008 Bulletins. We released seven bulletins today, which includes three bulletins with severity rating of Critical three bulletins with severity rating of Important and one with the severity rating of Moderate.
Tuesday, June 10, 2008
This morning we released a critical update for Windows addressing a vulnerability in the Microsoft Bluetooth stack (MS08-030). The bulletin is rated Critical since it allows an attacker to corrupt memory in the Windows kernel, which theoretically could allow an attacker to execute code in the context of the operating system on the remote computer.
Tuesday, June 10, 2008
In some of the multimedia MSRC bulletins that have been released there is a workaround listed about changing ACL’s on Quartz.dll. So, what exactly breaks when we ACL Quartz.dll? Quartz.dll is a core component of the DirectShow framework. Originally a component of DirectX, DirectShow eventually took on a life of its own as multimedia recording and playback evolved.
Tuesday, June 10, 2008
This morning we released MS08-036 to fix two denial-of-service vulnerabilities in the Windows implementation of the Pragmatic General Multicast (PGM) protocol (RFC 3208). You probably have never heard of PGM. Only one engineer on our team had ever heard of it and he previously worked as a tester on the core network components team.
