Information regarding MD5 collisions problem

Today Microsoft released a security advisory (961509) regarding collisions in MD5 hashes on certificates. This specific problem affects the entire industry and is not a Microsoft specific vulnerability. Serious weaknesses in MD5 have been known for many years now; it is because of these weaknesses that MD5 is banned in new code under the Microsoft…

0

Windows Media Player crash not exploitable for code execution

On Christmas Day, the MSRC opened a case tracking a Bugtraq-posted POC describing a “malformed WAV,SND,MID file which can lead to a remote integer overflow”. By Saturday evening, we saw reputable internet sources claiming this bug could lead to executing arbitrary code on the system. We investigated right away and found that this bug cannot…

0

More information about the SQL stored procedure vulnerability

Security Advisory 961040 provides mitigations and workarounds for a newly-public post-authentication heap buffer overrun in SQL Server, MSDE, and SQL Express. This blog post goes into more detail about the attack surface for each affected version and the overall risk from this vulnerability. As listed in the advisory, the following products have the vulnerable code:…

0

Clarification on the various workarounds from the recent IE advisory

Today Microsoft revised the Workarounds section of Security Advisory 961051. We wanted to share more detail about the vulnerability and explain the additional workarounds here to help you protect your computers. Information about the vulnerability The vulnerability is caused by memory corruption resulting from the way Internet Explorer handles DHTML Data Bindings. This affects all currently supported…

0

MS08-076: Windows Media Components: Part 2 of 2

In this part, we would like to talk more about CVE-2008-3010: ISATAP vulnerability in Windows Media components. As described in the bulletin MS08-076, Windows Media components (Windows Media Player, Windows Media Format Runtime, and Windows Media Services) treat an ISATAP server address as an intranet zone address, and thus may leak NTLM credentials.   There…

0

MS08-076: Windows Media Components: Part 1 of 2

Today we released MS08-076, which addresses two flaws in the Windows Media components: Windows Media Player, Windows Media Format Runtime, and Windows Media Services. Viewed separately, the issues are not that severe and the aggregate severity rating is Important at most. However, if the two issues are combined the impact can be quite severe, with…

0

MS08-075: Reducing attack surface by turning off protocol handlers

Today Microsoft released a security update, MS08-075, that fixes a vulnerability in Windows Explorer in Vista and Server 2008 that was exposed through the search-ms protocol handler.  This is a remote unauthenticated vulnerability that requires user interaction, so we wanted to give you a bit more information about protocol handlers and how you can reduce…

0

MS08-068: SMB credential reflection defense

Today Microsoft released a security update, MS08-068, which addresses an NTLM reflection vulnerability in the SMB protocol. The vulnerability is rated Important on most operating systems, except Vista and Windows Server 2008 where it has a rating of Moderate. This blog post is intended to explain why the issue is less severe on Vista and…

0

Most common questions that we’ve been asked regarding MS08-067

Since the release we have received several great questions regarding MS08-067 (http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx), thus we decided to compile answers for them. We still want to encourage everyone to apply the update.   Can the vulnerability be reached through RPC over HTTP? No, the vulnerability cannot be reached through RPC over HTTP. RPC over HTTP is an…

0

More detail about MS08-067, the out-of-band netapi32.dll security update

Today Microsoft released a security update that fixes a remote code execution vulnerability in the Windows Server Service. This is a serious vulnerability and we have seen targeted attacks using this vulnerability to compromise fully-patched Windows XP and Windows Server 2003 computers so we have released the fix “out of band” (not on the regular…

0