MS09-019 (CVE-2009-1532): The "pwn2own" vulnerability

IE8 behavior notes MS09-019 contains the fix for the IE8 vulnerability responsibly disclosed by Nils at the CanSecWest pwn2own competition (CVE-2009-1532). Nils exploited this vulnerability on an IE8 build that did allow .NET assemblies to load in the Internet Zone. The final, released build of IE8 does not allow .Net assemblies to load in the…

0

MS09-013 and MS09-014: NTLM Credential Reflection Updates for HTTP clients

This month we are taking another step towards blocking NTLM reflection attacks by releasing MS09-014 for Internet Explorer and MS09-013 for Windows. This is the third update related to NTLM credential reflection we have released, and I thought it would be good to go into a bit more detail on why this update was needed,…

0

Released build of Internet Explorer 8 blocks Dowd/Sotirov ASLR+DEP .NET bypass

Last summer at BlackHat Vegas, Alexander Sotirov and Mark Dowd outlined several clever ways to bypass the Windows Vista defense-in-depth protection combination of DEP and ASLR in attacks targeting Internet Explorer. One approach they presented allowed attackers to use .NET framework DLL’s to allocate executable pages of memory at predictable locations within the iexplore.exe process….

0

Bulletin severity for October bulletins

Bulletin severity is an interesting topic to many blog readers.  We often hear that you think a bulletin should be rated higher or lower.  Sometimes we even hear one person suggesting a higher rating and another suggesting a lower rating for the same issue.  J  This post is not to advocate for or against the…

0

MS08-015: Protocol Handler and its Default Security Zone

MS08-015, CVE-2008-0110, addresses a vulnerability in Microsoft Outlook’s implementation of “mailto” URI handling. The attack can be launched via IE or other applications which invoke the “mailto” protocol. Applications can register pluggable protocol handlers to handle a custom Uniform Resource Locator (URL) protocol scheme. Here “mailto” is one example of the various protocol handles that…

0