Killbit | Microsoft Security Response Center

MSVIDCTL (MS09-032) and the ATL vulnerability

Tuesday, July 28, 2009

Today we have released Security Advisory 973882 that describes vulnerabilities in the Microsoft Active Template Library (ATL), as well as security updates for Internet Explorer (MS09-034) and Visual Studio (MS09-035). The Visual Studio update addresses several vulnerabilities in the public versions of the ATL headers and libraries. The IE update contains two defense in depth mitigations to help prevent exploitation of the ATL vulnerabilities described in Security Advisory 973882 and MS09-035 (the IE updates contains additional security fixes that are not related to the ATL issue).

Overview of the out-of-band release

Tuesday, July 28, 2009

Today we released Security Advisory 973882 and with it, two out-of-band security bulletins. These updates are MS09-034 (an Internet Explorer update) and MS09-035 (a Visual Studio update). At this time _for customers who have applied _ MS09-032_ we are not aware of any “in the wild” exploits that leverage the vulnerabilities documented in 973882 and MS09-035_.

Security Bulletin Webcast Video, Questions and Answers – July 2009

Wednesday, July 15, 2009

Today Adrian Stone and I conducted the security bulletin webcast for June covering the six bulletins we released yesterday and Security Advisory 973472 (vulnerability in Office Web Components). There were several questions about MS09-028 and MS09-032. These security updates addressed two open security advisories (971778 and 972890 respectively). One common question was “if I installed the Fix it workaround in the advisory, do I need to uninstall it before installing the update in the bulletin?

More information about the Office Web Components ActiveX vulnerability

Monday, July 13, 2009

We are aware of public attacks on the Internet exploiting a vulnerability in the Office Web Components Spreadsheet ActiveX control (OWC 10 and OWC11). Microsoft has released an advisory with further information available here. What’s the attacking vector? This vulnerability could be used for remote code execution in a “browse and get owned” scenario.

Questions about Timing and Microsoft Security Advisory 972890

Thursday, July 09, 2009

Hi everyone, Mike Reavey here. You’ve probably seen in Jerry’s Advance Notification posting today announcing that we’re on track to release an update to address the issue discussed in Microsoft Security Advisory 972890. We’ve gotten some questions from customers about when we got the first report of this vulnerability and how long the investigation has taken relative to the outbreak of attacks against this vulnerability.

New vulnerability in MPEG2TuneRequest ActiveX Control Object in msvidctl.dll

Monday, July 06, 2009

We are aware of active attacks exploiting a remote code execution vulnerability in Microsoft’s MPEG2TuneRequest ActiveX Control Object. We have released advisory 972890 providing guidance to help our customers stay protected. In this blog post, we’d like to go into more detail to help you understand this issue. What’s the attack vector?

New vulnerability in quartz.dll Quicktime parsing

Thursday, May 28, 2009

Recently, we found a remote code execution vulnerability in Microsoft’s DirectShow platform (quartz.dll) when processing the QuickTime format. We have released advisory 971778 providing guidance to help protect customers. We’d like to go into more detail in this blog to help you understand: Which configurations are at risk? Why is this a high risk vulnerability?

Bulletin severity for October bulletins

Tuesday, October 14, 2008

Bulletin severity is an interesting topic to many blog readers. We often hear that you think a bulletin should be rated higher or lower. Sometimes we even hear one person suggesting a higher rating and another suggesting a lower rating for the same issue. J This post is not to advocate for or against the MSRC rating system but we’d just like you to understand what we were thinking for each bulletin.

MS08-041 : The Microsoft Access Snapshot Viewer ActiveX control

Tuesday, August 12, 2008

MS08-041 fixes a vulnerability in the Microsoft Access Snapshot Viewer ActiveX control. It’s an interesting vulnerability so we wanted to go into more detail about platforms at reduced risk and also more about the servicing strategy for this vulnerability. Windows Vista at reduced risk? We first heard about this vulnerability from customers sending in reports of active attacks.

MS08-050 : Locking an ActiveX control to specific applications.

Tuesday, August 12, 2008

MS08-050 concerns an ActiveX control that can be maliciously scripted to leak out personal information such as email addresses. There appeared to be no need for the control to have this behaviour so giving it a Kill-Bit seemed the correct approach to take. During the extensive testing that each security update undergoes, however, it became apparent that the Kill-Bit wasn’t ideal as it partially broke the Remote Assistance application.