Welcome to TechNet Blogs Sign in | Join | Help

Browse by Tags

Friday, July 18, 2008 2:04 PM

How to parse the .doc file format

This past February, Microsoft publicly released the Office binary file formats specification . These describe how to parse Word, Excel, and PowerPoint files to review or extract the content. Because they describe the structure of these file formats in
Posted by swiblog | (Comments Off)
Filed under: ,
Tuesday, July 08, 2008 10:02 AM

MS08-040: How to spot MTF files crossing network boundary

Today we released MS08-040 to patch several vulnerabilities in the SQL Server Database Engine; one of them involves the SQL Server backup file format. The format is also known as MTF (Microsoft Tape Format). The vulnerability requires an attacker to be
Posted by swiblog | (Comments Off)
Tuesday, July 08, 2008 10:01 AM

MS08-039: Which users are vulnerable to the OWA XSS vulnerability?

Today we released MS08-039 which addressed several XSS vulnerabilities in Microsoft Exchange’s Outlook Web Access component. While this is an update to be applied to the Exchange server, the clients who use OWA are the computers potentially at risk. We’d
Posted by swiblog | (Comments Off)
Filed under: ,
Tuesday, July 08, 2008 10:00 AM

MS08-037 : More entropy for the DNS resolver

We released security bulletin MS08-020 two months ago to improve the DNS transaction ID entropy. You can read more about the MS08-020 algorithm change in this blog entry . Increasing the entropy makes it more difficult for attackers to spoof DNS replies.
Posted by swiblog | (Comments Off)
Wednesday, July 02, 2008 7:55 AM

The IE8 XSS Filter

Hello, our team and IE have recently collaborated on a new IE8 feature that was announced today – the XSS Filter. Check it out here: http://blogs.msdn.com/ie/archive/2008/07/02/ie8-security-part-iv-the-xss-filter.aspx This effort demonstrates our commitment
Posted by swiblog | (Comments Off)
Tuesday, June 24, 2008 12:48 PM

New tools to block and eradicate SQL injection

The MSRC released an advisory today that discusses the recent SQL injection attacks and announces three new tools to help identify and block these types of vulnerabilities. The advisory discusses the new tools, the purpose of each, and the way each complements
Posted by swiblog | (Comments Off)
Filed under: ,
Tuesday, June 10, 2008 11:52 AM

MS08-036: PGM? What is PGM?

This morning we released MS08-036 to fix two denial-of-service vulnerabilities in the Windows implementation of the Pragmatic General Multicast (PGM) protocol ( RFC 3208 ). You probably have never heard of PGM. Only one engineer on our team had ever heard
Posted by swiblog | (Comments Off)
Tuesday, June 10, 2008 11:51 AM

MS08-033: So what breaks when you ACL quartz.dll?

In some of the multimedia MSRC bulletins that have been released there is a workaround listed about changing ACL’s on Quartz.dll. So, what exactly breaks when we ACL Quartz.dll? Quartz.dll is a core component of the DirectShow framework. Originally a
Posted by swiblog | (Comments Off)
Filed under: ,
Tuesday, June 10, 2008 11:50 AM

MS08-030: All bark and no bite? The case of the Bluetooth update

This morning we released a critical update for Windows addressing a vulnerability in the Microsoft Bluetooth stack (MS08-030). The bulletin is rated Critical since it allows an attacker to corrupt memory in the Windows kernel, which theoretically could
Posted by swiblog | (Comments Off)
Thursday, June 05, 2008 10:00 AM

Why there won't be a security update for WkImgSrv.dll

Recently, there was a public post in milw0rm ( http://www.milw0rm.com/exploits/5530 ), talking about an issue in the ActiveX control of Microsoft Works 7 WkImgSrv.dll. The PoC claims that it would achieve remote code execution. McAfee Avert Labs Blog
Posted by swiblog | (Comments Off)
Thursday, May 29, 2008 10:20 PM

SQL Injection Attack

(Special thanks to Neil Carpenter for helping out on this blog post) Recent Trends Beginning late last year, a number of websites were defaced to include malicious HTML <script> tags in text that was stored in a SQL database and used to generate
Posted by swiblog | (Comments Off)
Filed under: ,
Tuesday, May 13, 2008 10:15 AM

MS08-026: How to prevent Word from loading RTF files

This month we released an update for Microsoft Word that fixed issues relating to loading RTF files (CVE-2008-1091) and HTML files (CVE-2008-1434). Office applications like Microsoft Word can load a large variety of different file formats, and some people
Posted by swiblog | (Comments Off)
Filed under: ,
Wednesday, April 09, 2008 9:02 AM

MS08-025: Win32k vulnerabilities

MS08-025 addresses several vulnerabilities in win32k.sys where you can execute arbitrary code in kernel mode. These bugs can only be exploited locally and there is no remote vector we are aware of. One of these vulnerabilities deals on how we can bypass
Posted by swiblog | (Comments Off)
Wednesday, April 09, 2008 9:01 AM

MS08-023: Same bug, four different security bulletin ratings

Security bulletin MS08-023 addressed two ActiveX control vulnerabilities, one in a Visual Studio ActiveX control and another in a Yahoo!’s Music Jukebox ActiveX control. The security update sets the killbit for both controls. For more about how the killbit
Posted by swiblog | (Comments Off)
Wednesday, April 09, 2008 9:00 AM

MS08-020 : How predictable is the DNS transaction ID?

Today we released MS08-020 to address a weakness in the Transaction ID (TXID) generation algorithm in the DNS client resolver. The TXID is a 16-bit entity that is primarily used as a synchronization mechanism between DNS servers/clients; in fact, you
Posted by swiblog | (Comments Off)
Filed under: ,
More Posts Next page »
 
Page view tracker