Wednesday, June 17th, 2009
Revision Note: V1.3 (June 17, 2009): Added an entry to Frequently Asked Questions to communicate that for the purpose of automatic updating, this update does not replace the Cumulative Security Update of ActiveX Kill Bits (950760) that is described in Microsoft Security Bulletin MS08-032. Advisory Summary:Microsoft is releasing a new set of ActiveX kill... »
Tags: a-new-set, does-not, frequently, kill-bits, replace-the, security-update, the-purpose, update
Posted in Microsoft Security Advisories | No Comments »
Wednesday, June 17th, 2009
Revision Note: V1.2 (June 17, 2009): Added an entry to Frequently Asked Questions to communicate that for the purpose of automatic updating, this update does not replace the Cumulative Security Update of ActiveX Kill Bits (950760) that is described in Microsoft Security Bulletin MS08-032. »
Tags: a-new-set, active, directx, does-not, has-completed, kill-bits, Microsoft Security Advisories, questions, replace-the, security-update, summary, the-purpose, update
Posted in Microsoft Security Advisories | No Comments »
Wednesday, June 17th, 2009
Revision Note: V1.1 (June 17, 2009): Added an entry to Frequently Asked Questions to communicate that for the purpose of automatic updating, this update does not replace the Cumulative Security Update of ActiveX Kill Bits (950760) that is described in Microsoft Security Bulletin MS08-032. Advisory Summary:Microsoft is releasing a new set of ActiveX kill... »
Tags: cve, directx, does-not, has-completed, questions, replace-the, security-update, update
Posted in Microsoft Security Advisories | No Comments »
Friday, June 12th, 2009
In our previous blog post , we explained how DEP works and how to determine if / how a process opted-in to DEP. Now we will demonstrate how DEP can be used to mitigate the risk of a real-world attack »
Tags: activex, database, defense-in-depth, environment, exploit, explorer, internet, sms, vulnerability
Posted in Microsoft Research & Defense | No Comments »
Tuesday, June 9th, 2009
Bulletin Severity Rating:Important - This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft Internet Information Services (IIS). The vulnerabilities could allow elevation of privilege if an attacker sent a specially crafted HTTP request to a Web site that requires authentication. These vulnerabilities allow an attacker to bypass the... »
Tags: a-given-user-, a-malformed-record, access-control, given-user-, privately-reported, restrict-the, security-update, the-anonymous, the-permissions, user-account, windows-search
Posted in Microsoft Security Bulletins | No Comments »
Tuesday, June 9th, 2009
Bulletin Severity Rating:Critical - This security update resolves several privately reported vulnerabilities that could allow remote code execution if a user opens a specially crafted Excel file that includes a malformed record object. An attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system. An attacker could then... »
Tags: a-malformed-record, a-user-opens, accounts-with, allow-remote, privately-reported, resolves-three, security-update, then-install, user-opens, windows-search
Posted in Microsoft Security Bulletins | No Comments »
Tuesday, June 9th, 2009
Bulletin Severity Rating:Critical - This security update resolves three privately reported vulnerabilities in Windows Print Spooler. The most severe vulnerability could allow remote code execution if an affected server received a specially crafted RPC request. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise... »
Tags: affected-server, and-standard, minimal-number, privately-reported, resolves-three, security-update, severity, spooler-, vulnerabilities, windows-search
Posted in Microsoft Security Bulletins | No Comments »
Tuesday, June 9th, 2009
Bulletin Severity Rating:Moderate - This security update resolves a privately reported vulnerability in Windows Search. The vulnerability could allow information disclosure if a user performs a search that returns a specially crafted file as the first result or if the user previews a specially crafted file from the search results »
Tags: a-specially-crafted, from-the-search, microsoft-works, not-affected, not-installed, security-update, windows-search
Posted in Microsoft Security Bulletins | No Comments »
Tuesday, June 9th, 2009
Bulletin Severity Rating:Critical - This security update resolves a privately reported vulnerability in the Microsoft Works converters. The vulnerability could allow remote code execution if a user opens a specially crafted Works file »
Tags: a-user-opens, gain-the-same, local, microsoft-works, remote-code, rights-as-the, rights-on-the, same, security, security-update, system, vulnerabilities, vulnerability
Posted in Microsoft Security Bulletins | No Comments »
Tuesday, June 9th, 2009
Bulletin Severity Rating:Important - This security update resolves two publicly disclosed and two privately reported vulnerabilities in the Windows kernel that could allow elevation of privilege. An attacker who successfully exploited any of these vulnerabilities could execute arbitrary code and take complete control of an affected system »
Tags: are-subject, attacker-must, delete-data, exploit-these, full-user, microsoft-windows-, publicly-disclosed, security-update, then-install, vulnerability, windows
Posted in Microsoft Security Bulletins | No Comments »