Welcome to TechNet Blogs Sign in | Join | Help

June 2008 - Posts

Tuesday, June 24, 2008 12:48 PM

New tools to block and eradicate SQL injection

The MSRC released an advisory today that discusses the recent SQL injection attacks and announces three new tools to help identify and block these types of vulnerabilities. The advisory discusses the new tools, the purpose of each, and the way each complements
Posted by swiblog | (Comments Off)
Filed under: ,
Tuesday, June 10, 2008 11:52 AM

MS08-036: PGM? What is PGM?

This morning we released MS08-036 to fix two denial-of-service vulnerabilities in the Windows implementation of the Pragmatic General Multicast (PGM) protocol ( RFC 3208 ). You probably have never heard of PGM. Only one engineer on our team had ever heard
Posted by swiblog | (Comments Off)
Tuesday, June 10, 2008 11:51 AM

MS08-033: So what breaks when you ACL quartz.dll?

In some of the multimedia MSRC bulletins that have been released there is a workaround listed about changing ACL’s on Quartz.dll. So, what exactly breaks when we ACL Quartz.dll? Quartz.dll is a core component of the DirectShow framework. Originally a
Posted by swiblog | (Comments Off)
Filed under: ,
Tuesday, June 10, 2008 11:50 AM

MS08-030: All bark and no bite? The case of the Bluetooth update

This morning we released a critical update for Windows addressing a vulnerability in the Microsoft Bluetooth stack (MS08-030). The bulletin is rated Critical since it allows an attacker to corrupt memory in the Windows kernel, which theoretically could
Posted by swiblog | (Comments Off)
Thursday, June 05, 2008 10:00 AM

Why there won't be a security update for WkImgSrv.dll

Recently, there was a public post in milw0rm ( http://www.milw0rm.com/exploits/5530 ), talking about an issue in the ActiveX control of Microsoft Works 7 WkImgSrv.dll. The PoC claims that it would achieve remote code execution. McAfee Avert Labs Blog
Posted by swiblog | (Comments Off)
 
Page view tracker