MS08-036: PGM? What is PGM?

This morning we released MS08-036 to fix two denial-of-service vulnerabilities in the Windows implementation of the Pragmatic General Multicast (PGM) protocol (RFC 3208).  You probably have never heard of PGM.  Only one engineer on our team had ever heard of it and he previously worked as a tester on the core network components team.  PGM…

0

MS07-063 - The case of the insecure signature

MS07-063 addresses a weakness in the SMBv2 message signing algorithm. SMB signing is a feature enabled by default on domain controllers to prevent man-in-the-middle attacks. As you can imagine, if an attacker on your local subnet can tamper with the SMB network traffic between your domain controller and domain-joined clients, they can cause all kind…

2