Welcome to TechNet Blogs Sign in | Join | Help

Browse by Tags

All Tags » Attack Surface Reduction   (RSS)
Tuesday, June 09, 2009 9:59 AM

MS09-019 (CVE-2009-1532): The "pwn2own" vulnerability

IE8 behavior notes MS09-019 contains the fix for the IE8 vulnerability responsibly disclosed by Nils at the CanSecWest pwn2own competition (CVE-2009-1532). Nils exploited this vulnerability on an IE8 build that did allow .NET assemblies to load in the
Posted by swiblog | (Comments Off)
Thursday, May 28, 2009 10:21 AM

New vulnerability in quartz.dll Quicktime parsing

Recently, we found a remote code execution vulnerability in Microsoft’s DirectShow platform (quartz.dll) when processing the QuickTime format. We have released advisory 971778 providing guidance to help protect customers. We’d like to go into more detail
Posted by swiblog | (Comments Off)
Tuesday, May 12, 2009 10:11 AM

MS09-017: An out-of-the-ordinary PowerPoint security update

Security update MS09-017 addresses the PowerPoint (PPT) zero-day vulnerability that has recently been used in targeted attacks. We issued security advisory 969136 with workarounds on April 2nd after we first saw the exploits in-the-wild abusing this vulnerability.
Posted by swiblog | (Comments Off)
Tuesday, April 14, 2009 9:00 AM

MS09-010: Reducing the text converter attack surface

MS09-010 addresses vulnerabilities in Word converters used by WordPad and by Office to load files saved in old file formats. Some of you probably saw this bulletin and thought “I never open documents from versions of Word prior to Word XP,” and you may
Posted by swiblog | (Comments Off)
 
Page view tracker