Security Research & Defense

Tuesday, September 01, 2009 5:59 PM

New vulnerability in IIS5 and IIS6

This afternoon, the MSRC posted a security advisory describing a newly-disclosed vulnerability in the IIS FTP service that could potentially grant remote code execution to untrusted users. You can find the advisory here . Vulnerability summary The vulnerability

Posted by swiblog | (Comments Off)

Filed under: network protocol, detection, Risk Asessment, GS, IIS

Friday, March 20, 2009 1:28 PM

Enhanced GS in Visual Studio 2010

In a previous post we noted some stack-based vulnerabilities, such as MS08-067, that GS was not designed to mitigate due to the degree of control available to an attacker. However, other vulnerabilities such as the ANI parsing vulnerability in MS07-017

Posted by swiblog | (Comments Off)

Filed under: Mitigations, Security Science, CanSecWest, GS

Monday, March 16, 2009 4:15 PM

GS cookie protection – effectiveness and limitations

The Microsoft C/C++ compiler supports the GS switch which aims to detect stack buffer overruns at runtime and terminate the process, thus in most cases preventing an attacker from gaining control of the vulnerable machine. This post will not go into detail

Posted by swiblog | (Comments Off)

Filed under: Mitigations, Exploitability, MS08-067, Security Science, GS

Security Research & Defense

This Blog

Syndication

Search

News

Blogroll

Report a Vulnerability to Microsoft

Tags

Recent Posts

Archives

Browse by Tags

New vulnerability in IIS5 and IIS6

Enhanced GS in Visual Studio 2010

GS cookie protection – effectiveness and limitations