Today we are releasing MS09-026 which fixes a vulnerability in the Microsoft Windows RPC (Remote Procedure Call) NDR20 marshalling engine. This component is responsible for preparing data to be sent over the network and then translating it back to what the server or client application uses. NDR20 is...

Since the release we have received several great questions regarding MS08-067 ( http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx ), thus we decided to compile answers for them. We still want to encourage everyone to apply the update. Can the vulnerability be reached through RPC...

Today Microsoft released a security update that fixes a remote code execution vulnerability in the Windows Server Service. This is a serious vulnerability and we have seen targeted attacks using this vulnerability to compromise fully-patched Windows XP and Windows Server 2003 computers so we have released...

Today, we released MS08-065 to fix an issue in MSMQ. You’ll notice that the bulletin was rated “Important” and indicates that remote code execution is possible. However, we would like to show you that in practice the severity of the fixed issue is limited only to information disclosure. If the MSMQ...

Microsoft Host Integration Server 2006 is an interesting product. It allows developers to manage business processes on IBM mainframe and AS/400 (big iron) servers as XML web services. You can find a free trial version available for download at http://www.microsoft.com/hiserver/downloads/default.mspx...

We have received a few inquiries about the full disclosure posting http://seclists.org/fulldisclosure/2007/Dec/0470.html , where a range check was added in Windows XP SP3 for the Terminal Server RPC function RpcWinStationEnumerateProcesses. The speculation stated that this change was to hide an overflow...