Welcome to TechNet Blogs Sign in | Join | Help

July 2008 - Posts

Friday, July 18, 2008 2:04 PM

How to parse the .doc file format

This past February, Microsoft publicly released the Office binary file formats specification . These describe how to parse Word, Excel, and PowerPoint files to review or extract the content. Because they describe the structure of these file formats in
Posted by swiblog | (Comments Off)
Tuesday, July 08, 2008 10:02 AM

MS08-040: How to spot MTF files crossing network boundary

Today we released MS08-040 to patch several vulnerabilities in the SQL Server Database Engine; one of them involves the SQL Server backup file format. The format is also known as MTF (Microsoft Tape Format). The vulnerability requires an attacker to be
Posted by swiblog | (Comments Off)
Tuesday, July 08, 2008 10:01 AM

MS08-039: Which users are vulnerable to the OWA XSS vulnerability?

Today we released MS08-039 which addressed several XSS vulnerabilities in Microsoft Exchange’s Outlook Web Access component. While this is an update to be applied to the Exchange server, the clients who use OWA are the computers potentially at risk. We’d
Posted by swiblog | (Comments Off)
Filed under: ,
Tuesday, July 08, 2008 10:00 AM

MS08-037 : More entropy for the DNS resolver

We released security bulletin MS08-020 two months ago to improve the DNS transaction ID entropy. You can read more about the MS08-020 algorithm change in this blog entry . Increasing the entropy makes it more difficult for attackers to spoof DNS replies.
Posted by swiblog | (Comments Off)
Wednesday, July 02, 2008 7:55 AM

The IE8 XSS Filter

Hello, our team and IE have recently collaborated on a new IE8 feature that was announced today – the XSS Filter. Check it out here: http://blogs.msdn.com/ie/archive/2008/07/02/ie8-security-part-iv-the-xss-filter.aspx This effort demonstrates our commitment
Posted by swiblog | (Comments Off)
 
Page view tracker