Welcome to TechNet Blogs Sign in | Join | Help

Browse by Tags

All Tags » Exploitability   (RSS)
Tuesday, November 10, 2009 10:00 AM

Details on the License Logging Service vulnerability

Today, we released MS09-064 which addresses a vulnerability in the License Logging Service. In this post, we provide some background on the service and the severity of the underlying vulnerability. Background License Logging Service (LLS) is a feature
Posted by swiblog | (Comments Off)
Tuesday, November 10, 2009 10:00 AM

Font Directory Entry Parsing Vulnerability In win32k.sys

MS09-065 addresses a vulnerability (CVE-2009-2514) in the font parsing subsystem of win32k.sys. If not addressed, this vulnerability could allow an attacker to bluescreen (DoS) the machine (best case scenario) or run code of his/her choice, possibly in
Posted by swiblog | (Comments Off)
Monday, October 12, 2009 10:05 AM

Assessing the risk of the October security bulletins

This morning we released 13 security bulletins, our largest release of 2009. Altogether, these bulletins address 34 separate CVEs. We’d like to use this blog post to help you prioritize your deployment of the updates. Prioritization Criteria We’ve provided
Posted by swiblog | (Comments Off)
Tuesday, September 08, 2009 9:57 AM

Assessing the risk of the September Critical security bulletins

This morning we released five security bulletins , all of them having a bulletin maximum severity rating of Critical and two having a bulletin maximum exploitability index rating of "1" (Consistent exploit code likely). We wanted to just say a few words
Posted by swiblog | (Comments Off)
Tuesday, September 08, 2009 9:55 AM

MS09-048: TCP/IP vulnerabilities

This month we released MS09-048 which addresses three vulnerabilities in the Windows TCP/IP stack. One of the vulnerabilities, CVE-2009-1925, is rated Critical due to the risk of Remote Code Execution (RCE). The other two vulnerabilities are Denial of
Posted by swiblog | (Comments Off)
Tuesday, August 04, 2009 12:33 PM

Preventing the exploitation of user mode heap corruption vulnerabilities

Over the past few months we have discussed a few different defense in depth mitigations (like GS [ pt 1 , pt2 ], SEHOP , and DEP [ pt 1 , pt 2 ]) which are designed to make it harder for attackers to successfully exploit memory safety vulnerabilities
Posted by swiblog | (Comments Off)
Thursday, June 11, 2009 1:17 PM

Latest Baidu public posting requires Adminisrator to elevate

Last night we noticed a Windows XP kernel 0day claim in win32k!NtUserConsoleControl posted on baidu.com. We took a quick look and found that the issue requires administrator privileges to execute. We are still investigating, looking for any chance of
Posted by swiblog | (Comments Off)
Tuesday, June 09, 2009 9:59 AM

MS09-019 (CVE-2009-1532): The "pwn2own" vulnerability

IE8 behavior notes MS09-019 contains the fix for the IE8 vulnerability responsibly disclosed by Nils at the CanSecWest pwn2own competition (CVE-2009-1532). Nils exploited this vulnerability on an IE8 build that did allow .NET assemblies to load in the
Posted by swiblog | (Comments Off)
Thursday, April 16, 2009 8:04 PM

MIDI PoC not exploitable for code execution

On Wednesday, a PoC was posted to milw0rm describing an “integer overflow” in Windows Media Player. We investigated the .mid file and found it to be a duplicate of a non-exploitable crash previously posted publicly on Bugtraq around Christmas, four months
Posted by swiblog | (Comments Off)
Tuesday, April 14, 2009 9:59 AM

Prioritizing the deployment of the April security bulletins

We just released eight security bulletins , five of which are rated Critical on at least one platform. We built a reference table of bulletin severity rating, exploitability index rating , and attack vectors. This table is sorted first by bulletin severity,
Posted by swiblog | (Comments Off)
Wednesday, April 08, 2009 4:18 PM

The History of the !exploitable Crash Analyzer

At the CanSecWest conference earlier this month we made our first public release of the !exploitable Crash Analyzer . While an upcoming white paper and the CanSecWest slide deck go into detail on the technology involved, we thought it might be useful
Posted by swiblog | (Comments Off)
Thursday, March 26, 2009 1:39 PM

New EMF gdiplus.dll crash not exploitable for code execution

Yesterday we noticed a blog post and securityfocus article about a potential new vulnerability in Microsoft GDI+ when parsing a specially-crafted EMF file. You might have heard about it referred to as ‘GpFont.SetData()’. We wanted to address some speculation
Posted by swiblog | (Comments Off)
Monday, March 16, 2009 4:15 PM

GS cookie protection – effectiveness and limitations

The Microsoft C/C++ compiler supports the GS switch which aims to detect stack buffer overruns at runtime and terminate the process, thus in most cases preventing an attacker from gaining control of the vulnerable machine. This post will not go into detail
Posted by swiblog | (Comments Off)
Wednesday, January 28, 2009 3:20 PM

Stack overflow (stack exhaustion) not the same as stack buffer overflow

Periodically we get reports into the MSRC of stack exhaustion in client-side applications such as Internet Explorer, Word, etc. These are valid stability bugs that, fortunately, do not lead to an exploitable condition by itself (no potential for elevation
Posted by swiblog | (Comments Off)
Friday, January 09, 2009 12:24 PM

MS09-001: Prioritizing the deployment of the SMB bulletin

This month we released an update for SMB that addresses three vulnerabilities. This blog post provides additional information that might help prioritize the deployment of this update, and help explain the risk for code execution. In the bulletin you will
Posted by swiblog | (Comments Off)
More Posts Next page »
 
Page view tracker