Microsoft Security Response Center Blog

September 2010 Security Bulletin Release

Monday, September 13, 2010

Hi everyone, With this month’s bulletin release, I want to highlight the great work done through our partnerships in the Microsoft Active Protections Program (MAPP). MAPP represents our commitment to community based defense and a shared sense of responsibility to help protect the computing ecosystem. In July of this year, the Stuxnet malware emerged onto the threat landscape and resulted in the release of an out-of-band security update, MS10-046, to address a zero-day vulnerability the malware used to compromise systems.

Read More

• Advisory
• Exploitability Index
• Malicious Software Removal Tool (MSRT)
• Microsoft Active Protections Program (MAPP)
• Microsoft Office
• Microsoft Windows
• Monthly bulletin release
• Security
• Security Advisory
• Security Bulletin
• Security Update
• Security Update Webcast

Announcing BlueHat v10: A Security Odyssey

Friday, September 10, 2010

BlueHat v10 is on the horizon and I’m happy to be able to announce the lineup. This year we’ll be hosting our annual conference on October 13-15 at the Microsoft campus here in Redmond and, with the success of last year’s con, we’re working overtime to make it the most robust, top-notch BlueHat yet.

Read More

• BlueHat Security Briefings
• Community-based Defense
• EcoStrat
• Hallway Tracks
• Mitigations
• MSRC
• MSRC Ecosystem Strategy
• Risk Assessment
• Security Conference Engagement
• Security Development Lifecycle (SDL)
• Security Ecosystem
• Security Engineering
• Security Research
• Security Tools
• Watering Hole

Use EMET 2.0 to block Adobe Reader and Acrobat 0-day exploit

Friday, September 10, 2010

Background on the exploit As you probably know there is a new exploit in the wild for Adobe Reader and Acrobat. This particular exploit is using the Return Oriented Programming (ROP) exploit technique in order to bypass Data Execution Prevention (DEP). Normally Address Space Layout Randomization (ASLR) would help prevent successful exploitation.

Read More

• 0-day
• Adobe
• EMET
• Mitigations

September 2010 Bulletin Release Advance Notification

Thursday, September 09, 2010

Hello - Today we’re releasing our Advance Notification Service (ANS) for the September Security Bulletins, which are scheduled for release Tuesday, September 14, 2010. This is a service we provide to help enterprises plan and prepare for the upcoming security bulletin release. This month we will be releasing 9 bulletins addressing 13 11 vulnerabilities affecting Windows, Internet Information Services (IIS), and Microsoft Office.

Read More

• Monthly bulletin release

The Enhanced Mitigation Experience Toolkit 2.0 is Now Available

Thursday, September 02, 2010

Today we are pleased to announce the availability of the Enhanced Mitigation Experience Toolkit (EMET) version 2.0. Users can click here to download the tool free of charge. For those who may be unfamiliar with the tool, EMET provides users with the ability to deploy security mitigation technologies to arbitrary applications.

Read More

• EMET
• Enhanced Mitigation Evaluation Toolkit
• Enhanced Mitigation Experience Toolkit
• Mitigations
• Security Science
• Security Tools
• Tools

An update on the DLL-preloading remote attack vector

Tuesday, August 31, 2010

Last week, we released Security Advisory 2269637 notifying customers of a publicly disclosed remote attack vector to a class of vulnerabilities affecting applications that load dynamic-link libraries (DLL’s) in an insecure manner. At that time, we also released a tool to help protect systems by disallowing unsafe DLL-loading behavior. Today we wanted to provide an update by answering several questions we have received from customers and addressing common misperceptions about the risk posed by this class of vulnerability.

Read More

• Attack Vector
• Mitigations
• Risk Asessment
• Spoofing
• Workarounds

Update on Security Advisory 2269637

Tuesday, August 31, 2010

Hi everyone, Since we released Security Advisory 2269637 on August 23, we’ve continued to conduct an investigation not only into our own affected products, but also into how we can best help to protect customers given DLL preloading also affects some third-party applications. We’d like to provide an update on our investigation.

Read More

• Security
• Security Advisory
• Vulnerability

More information about the DLL Preloading remote attack vector

Monday, August 23, 2010

Today we released Security Advisory 2269637 notifying customers of a remote attack vector to a class of vulnerabilities affecting applications that load DLL’s in an insecure manner. The root cause of this issue has been understood by developers for some time. However, last week researchers published a remote attack vector for these issues, whereas in the past, these issues were generally considered to be local and relatively low impact.

Read More

• Mitigations
• Risk Asessment
• Workarounds

Microsoft Security Advisory 2269637 Released

Saturday, August 21, 2010

Overview Today we released MicrosoftSecurity Advisory 2269637. This is different from other Microsoft Security Advisories because it’s not talking about specific vulnerabilities in Microsoft products. Rather, this is our official guidance in response to security research that has outlined a new, remote vector for a well-known class of vulnerabilities, known as DLL preloading or “binary planting” attacks.

Read More

• Advisory
• Security
• Vulnerability

August 2010 Webcast and QA

Thursday, August 12, 2010

Hello, Today we published the Questions & Answers from the August 2010 Security Bulleting webcast. We answered a total of 17 questions concerning the March bulletins and open Security Advisories. No particular themes emerged from the questions but there were some good ones so please review them. The video covers the core part of the presentation Adrian Stone and I gave during the webcast.

Read More

• Security Advisory
• Security Bulletin
• Security Update
• Security Update Webcast
• Video