Security Research & Defense : January 2009

Friday, January 30, 2009 12:44 PM

XSS Filter Improvements in IE8 RC1

On Monday IE8 RC1 was released . Here are some of the most interesting improvements and bug fixes to the XSS Filter feature: Some byte sequences enabled the filter to be bypassed, depending on system locale URLs containing certain byte sequences bypassed

Posted by swiblog | (Comments Off)

Filed under: Internet Explorer (IE), XSS Filter, XSS, Security Science

Wednesday, January 28, 2009 3:20 PM

Stack overflow (stack exhaustion) not the same as stack buffer overflow

Periodically we get reports into the MSRC of stack exhaustion in client-side applications such as Internet Explorer, Word, etc. These are valid stability bugs that, fortunately, do not lead to an exploitable condition by itself (no potential for elevation

Posted by swiblog | (Comments Off)

Filed under: full-disclosure, Internet Explorer (IE), Exploitability

Friday, January 09, 2009 12:24 PM

MS09-001: Prioritizing the deployment of the SMB bulletin

This month we released an update for SMB that addresses three vulnerabilities. This blog post provides additional information that might help prioritize the deployment of this update, and help explain the risk for code execution. In the bulletin you will

Posted by swiblog | (Comments Off)

Filed under: SMB, rating, kernel, Exploitability

Security Research & Defense

This Blog

Syndication

Search

News

Blogroll

Report a Vulnerability to Microsoft

Tags

Recent Posts

Archives

January 2009 - Posts

XSS Filter Improvements in IE8 RC1

Stack overflow (stack exhaustion) not the same as stack buffer overflow

MS09-001: Prioritizing the deployment of the SMB bulletin