2009年9月9日のセキュリティリリース予定 (定例)
Thursday, September 03, 2009
小野寺です。 9 月 9 日に予定している定例のセキュリティリリースについてのお知らせです。 公開を予定してい
2009
Microsoft Security Advisory 975191 Revised
Thursday, September 03, 2009
Hi Everyone, Today we updated Security Advisory 975191 as we are now seeing limited attacks. Additionally, a new proof of concept published allowing for Denial of Service (DoS) attacks on Windows XP and Windows Server 2003 with read access to the File Transfer Protocol (FTP) service. This does not require Write access.
Security Wars: 2-1. 世界的に大きな意義をもつ事件
Wednesday, September 02, 2009
小野寺です。 Security Wars を更新! Security Wars: 2-1. 世界的に大きな意義をもつ事件 http://technet.microsoft.com/ja-jp/security/ee414077.aspx 世界最初のコンピューター ウイルスといわれ
September 2009 bulletin Release
Wednesday, September 02, 2009
Advance Notification for the September 2009 Security Bulletin Release This month we will be releasing 5 security bulletins, all affecting Windows, and all with an aggregate severity rating of critical. As always, the target for release is the second Tuesday of the month at 10:00 a.m. PDT (UTC -8). Please check back here at that time as we will be posting our risk and impact assessment, a new deployment prioritization table and an overview video.
SQL Server information disclosure non-vulnerability
Wednesday, September 02, 2009
We’ve gotten some questions about a reported issue with SQL Server exposing plaintext user passwords. We investigated the issue and found that attackers would need administrative control of a SQL Server to extract passwords from it. We checked with the security researchers who reported the issue and they confirmed that this is an information disclosure issue requiring the attacker to first have administrative control of the installation.
Microsoft Security Advisory 975191 Released
Tuesday, September 01, 2009
Hi Everyone, This is Alan Wallace, senior communications manager for our security response communications team. Today, Microsoft released Security Advisory 975191, to provide customer guidance and protection from a vulnerability that could allow remote code execution on affected systems running the FTP service in Microsoft Internet Information Services (IIS) 5.0, 5.
New vulnerability in IIS5 and IIS6
Tuesday, September 01, 2009
This afternoon, the MSRC posted a security advisory describing a newly-disclosed vulnerability in the IIS FTP service that could potentially grant remote code execution to untrusted users. You can find the advisory here. Vulnerability summary The vulnerability is a stack overflow in the FTP service when listing a long, specially-crafted directory name.
Security WARS: a long time ago in a network far, far away...
Friday, August 28, 2009
小野寺です。 情報戦争が、また新たに始まったとかそういう話ではありません。 先日、セキュリティ ニュース レ
自動実行(自動再生/AutoPlay/Autorun)の動作変更
Friday, August 28, 2009
小野寺です。 先日、セキュリティ アドバイザリ 967940を更新して、自動実行の動作を変更する更新プログ
August 2009 Security Bulletin Webcast Video and Customer Q and A
Friday, August 14, 2009
As we do every month on the Wednesday following our standard second Tuesday security bulletin release, we conducted a live webcast where Adrian Stone and myself went through the bulletins in detail and then answered customer questions with the help of several subject matter experts (SMEs). It is apparent that there is still a bit of confusion around the Active Template Library (ATL) issue and how current updates relate to work we have already done to provide mitigations, protections and guidance to customers.