Skip to main content

Risk Asessment

MS09-019 (CVE-2009-1532): The "pwn2own" vulnerability

Tuesday, June 09, 2009

IE8 behavior notes MS09-019 contains the fix for the IE8 vulnerability responsibly disclosed by Nils at the CanSecWest pwn2own competition (CVE-2009-1532). Nils exploited this vulnerability on an IE8 build that did allow .NET assemblies to load in the Internet Zone. The final, released build of IE8 does not allow .Net assemblies to load in the Internet Zone.

MS09-024: Lower risk if you have Microsoft Word installed

Tuesday, June 09, 2009

Today we released bulletin MS09-024 that fixes vulnerabilities in text converters for the Microsoft Works document file format (WPS). Reduced impact if Microsoft Office is installed The Works converters included with Microsoft Word are vulnerable. However, the Microsoft Word installer does not associate the WPS file extension with Word. So a user double-clicking a WPS file attachment for the first time would see the following dialog:

MS09-026: How a developer can know if their RPC interface is affected

Tuesday, June 09, 2009

Today we are releasing MS09-026 which fixes a vulnerability in the Microsoft Windows RPC (Remote Procedure Call) NDR20 marshalling engine. This component is responsible for preparing data to be sent over the network and then translating it back to what the server or client application uses. NDR20 is specific to 32-bit applications that use RPC to transfer data.

New vulnerability in quartz.dll Quicktime parsing

Thursday, May 28, 2009

Recently, we found a remote code execution vulnerability in Microsoft’s DirectShow platform (quartz.dll) when processing the QuickTime format. We have released advisory 971778 providing guidance to help protect customers. We’d like to go into more detail in this blog to help you understand: Which configurations are at risk? Why is this a high risk vulnerability?

More information about the IIS authentication bypass

Monday, May 18, 2009

Security Advisory 971492 provides official guidance about the new IIS authentication bypass vulnerability. We’d like to go into more detail in this blog to help you understand: Am I at risk? If so, what could happen? How can I protect myself? Which IIS configurations are at risk? Only a specific IIS configuration is at risk from this vulnerability.

MS09-012: Fixing “Token Kidnapping”

Tuesday, April 14, 2009

This morning we released MS09-012, an update to address the publicly-disclosed issue commonly referred to as Token Kidnapping ( This vulnerability allows escalation from the Network Service account to the Local System account. Normally malicious users are not running as Network Service, except for a very few programs like IIS, where arbitrary code can be executed within a service running as Network Service.

MS09-013 and MS09-014: NTLM Credential Reflection Updates for HTTP clients

Tuesday, April 14, 2009

This month we are taking another step towards blocking NTLM reflection attacks by releasing MS09-014 for Internet Explorer and MS09-013 for Windows. This is the third update related to NTLM credential reflection we have released, and I thought it would be good to go into a bit more detail on why this update was needed, how it relates to the previous updates (MS08-068 and MS08-076), and the severity of the issue.

Prioritizing the deployment of the April security bulletins

Tuesday, April 14, 2009

We just released eight security bulletins, five of which are rated Critical on at least one platform. We built a reference table of bulletin severity rating, exploitability index rating, and attack vectors. This table is sorted first by bulletin severity, next by exploitability index rating, and then by bulletin number. We hope it helps you choose an order of bulletins to start your prioritization and testing if you can’t deploy them all out immediately.