Welcome to TechNet Blogs Sign in | Join | Help

Browse by Tags

All Tags » CanSecWest   (RSS)
Tuesday, June 09, 2009 9:59 AM

MS09-019 (CVE-2009-1532): The "pwn2own" vulnerability

IE8 behavior notes MS09-019 contains the fix for the IE8 vulnerability responsibly disclosed by Nils at the CanSecWest pwn2own competition (CVE-2009-1532). Nils exploited this vulnerability on an IE8 build that did allow .NET assemblies to load in the
Posted by swiblog | (Comments Off)
Wednesday, April 08, 2009 4:18 PM

The History of the !exploitable Crash Analyzer

At the CanSecWest conference earlier this month we made our first public release of the !exploitable Crash Analyzer . While an upcoming white paper and the CanSecWest slide deck go into detail on the technology involved, we thought it might be useful
Posted by swiblog | (Comments Off)
Monday, March 23, 2009 11:35 AM

Released build of Internet Explorer 8 blocks Dowd/Sotirov ASLR+DEP .NET bypass

Last summer at BlackHat Vegas, Alexander Sotirov and Mark Dowd outlined several clever ways to bypass the Windows Vista defense-in-depth protection combination of DEP and ASLR in attacks targeting Internet Explorer. One approach they presented allowed
Posted by swiblog | (Comments Off)
Friday, March 20, 2009 1:28 PM

Enhanced GS in Visual Studio 2010

In a previous post we noted some stack-based vulnerabilities, such as MS08-067, that GS was not designed to mitigate due to the degree of control available to an attacker. However, other vulnerabilities such as the ANI parsing vulnerability in MS07-017
Posted by swiblog | (Comments Off)
Thursday, March 05, 2009 1:30 PM

CanSecWest Preview & New Blog URL

It’s getting busy around here with people preparing for the CanSecWest security conference ( http://cansecwest.com/ ). Many of the Microsoft Security Engineering Center (MSEC) and Microsoft Security Response Center (MSRC) members that regularly post to
Posted by swiblog | (Comments Off)
 
Page view tracker