Welcome to TechNet Blogs Sign in | Join | Help

Browse by Tags

All Tags » Risk Asessment   (RSS)
Monday, October 12, 2009 10:05 AM

Assessing the risk of the October security bulletins

This morning we released 13 security bulletins, our largest release of 2009. Altogether, these bulletins address 34 separate CVEs. We’d like to use this blog post to help you prioritize your deployment of the updates. Prioritization Criteria We’ve provided
Posted by swiblog | (Comments Off)
Monday, October 12, 2009 10:00 AM

MS09-056: Addressing the X.509 CryptoAPI ASN.1 security vulnerabilities

MS09-056 addresses two vulnerabilities that affect how the Windows CryptoAPI parses X.509 digital certificates. Applications on the Windows platform as well as Windows components such as the WinHTTP API can call into the CryptoAPI which provides cryptographic
Posted by swiblog | (Comments Off)
Monday, October 12, 2009 9:24 AM

MS09-051: A note on the affected platforms

MS09-051 addresses a vulnerability (CVE-2009-0555) in the speech codec of Microsoft Window Media Component. Users of Windows XP/Windows Vista/Windows Server 2003/Windows Server 2008* are affected by this vulnerability. However, for Win2k users, the story
Posted by swiblog | (Comments Off)
Friday, September 18, 2009 10:00 AM

Update on the SMB vulnerability situation

We’d like to give everyone an update on the situation surrounding the new Microsoft Server Message Block Version 2 (SMBv2) vulnerability affecting Windows Vista and Windows Server 2008. Easy way to disable SMBv2 First exploit for code execution released
Posted by swiblog | (Comments Off)
Tuesday, September 08, 2009 9:57 AM

Assessing the risk of the September Critical security bulletins

This morning we released five security bulletins , all of them having a bulletin maximum severity rating of Critical and two having a bulletin maximum exploitability index rating of "1" (Consistent exploit code likely). We wanted to just say a few words
Posted by swiblog | (Comments Off)
Tuesday, September 08, 2009 9:55 AM

MS09-048: TCP/IP vulnerabilities

This month we released MS09-048 which addresses three vulnerabilities in the Windows TCP/IP stack. One of the vulnerabilities, CVE-2009-1925, is rated Critical due to the risk of Remote Code Execution (RCE). The other two vulnerabilities are Denial of
Posted by swiblog | (Comments Off)
Wednesday, September 02, 2009 4:31 PM

SQL Server information disclosure non-vulnerability

We’ve gotten some questions about a reported issue with SQL Server exposing plaintext user passwords. We investigated the issue and found that attackers would need administrative control of a SQL Server to extract passwords from it . We checked with the
Posted by swiblog | (Comments Off)
Filed under: ,
Tuesday, September 01, 2009 5:59 PM

New vulnerability in IIS5 and IIS6

This afternoon, the MSRC posted a security advisory describing a newly-disclosed vulnerability in the IIS FTP service that could potentially grant remote code execution to untrusted users. You can find the advisory here . Vulnerability summary The vulnerability
Posted by swiblog | (Comments Off)
Tuesday, August 11, 2009 9:48 AM

MS09-039: More information about the WINS security bulletin

This morning, we released security update MS09-039 addressing vulnerabilities in the Microsoft Windows Internet Name Service (WINS). In this blog post, we’d like to help you understand the following: What is the risk of this vulnerability? Why is it rated
Posted by swiblog | (Comments Off)
Filed under: ,
Tuesday, August 11, 2009 8:39 AM

MS09-036: ASP.NET Denial-of-Service vulnerability

We have released MS09-036 to address an anonymous denial of service (DoS) vulnerability in ASP.NET. We’d like to go into more detail in this blog to help you understand: Which configurations are at risk? What could happen if my configuration is impacted?
Posted by swiblog | (Comments Off)
Tuesday, July 14, 2009 9:10 AM

MS09-031: More information about the ISA issue

The ISA blog has a really great post this morning about MS09-031 . It only affects a specific configuration and they outline it. If you have any questions about MS09-031, check out their blog . - Jonathan Ness, MSRC Engineering *Posting is provided "AS
Posted by swiblog | (Comments Off)
Filed under:
Tuesday, July 14, 2009 9:09 AM

MS09-029: Vulnerabilities in the EOT parsing engine

Today we released MS09-029, which addresses vulnerabilities related to EOT font files. To answer a few commonly asked questions, here is a brief FAQ regarding the update: Q: What is the EOT file format? A: EOT stands for Embedded OpenType Font. EOT support
Posted by swiblog | (Comments Off)
Thursday, June 11, 2009 1:17 PM

Latest Baidu public posting requires Adminisrator to elevate

Last night we noticed a Windows XP kernel 0day claim in win32k!NtUserConsoleControl posted on baidu.com. We took a quick look and found that the issue requires administrator privileges to execute. We are still investigating, looking for any chance of
Posted by swiblog | (Comments Off)
Tuesday, June 09, 2009 9:59 AM

MS09-019 (CVE-2009-1532): The "pwn2own" vulnerability

IE8 behavior notes MS09-019 contains the fix for the IE8 vulnerability responsibly disclosed by Nils at the CanSecWest pwn2own competition (CVE-2009-1532). Nils exploited this vulnerability on an IE8 build that did allow .NET assemblies to load in the
Posted by swiblog | (Comments Off)
Tuesday, June 09, 2009 9:56 AM

MS09-023: Windows Search and MSHTML Host Apps

Today, we released MS09-023, a bulletin for Windows Search 4.0. It is an information disclosure vulnerability rated as Moderate. We would like to go into more details in this blog to help you understand: What is the attack vector? Why is this vulnerability
Posted by swiblog | (Comments Off)
More Posts Next page »
 
Page view tracker