Microsoft: Latest Security Advisories
Microsoft Security Advisory (977544): Vulnerabilities in SMB Could Allow Denial of Service - 11/13/2009
Submitted by adicoef on Fri, 11/13/2009 - 03:00
Revision Note: V1.0 (November 13, 2009): Advisory published. Advisory Summary:Microsoft is investigating new public reports of a possible denial of service vulnerability in the Server Message Block (SMB) protocol. This vulnerability cannot be used to take control of or install malicious software on a user’s system. However, Microsoft is aware that detailed exploit code has been published for the vulnerability. Microsoft is not currently aware of active attacks that use this exploit code or of customer impact at this time.
Microsoft Security Advisory (975497): Vulnerabilities in SMB Could Allow Remote Code Execution - 9/8/2009
Submitted by adicoef on Tue, 09/08/2009 - 02:00
Revision Note: V1.0 (September 8, 2009): Advisory published. Advisory Summary:Security Advisory
Microsoft Security Advisory (975191): Vulnerability in Internet Information Services FTP Service Could Allow for Remote Code Execution - 9/1/2009
Submitted by adicoef on Tue, 09/01/2009 - 02:00
Revision Note: Advisory published. Advisory Summary:Microsoft is investigating new public reports of a vulnerability in the FTP Service in Microsoft Internet Information Services (IIS) 5.0, Microsoft Internet Information Services (IIS) 5.1, and Microsoft Internet Information Services (IIS) 6.0. The vulnerability could allow remote code execution on affected systems that are running the FTP service and are connected to the Internet.
Microsoft Security Advisory (973811): Extended Protection for Authentication - 8/11/2009
Submitted by adicoef on Tue, 08/11/2009 - 02:00
Revision Note: Advisory published. Advisory Summary:Microsoft is announcing the availability of a new feature, Extended Protection for Authentication, on the Windows platform. This feature enhances the protection and handling of credentials when authenticating network connections using Integrated Windows Authentication (IWA).
Microsoft Security Advisory (973882): Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution - 7/28/2009
Submitted by adicoef on Tue, 07/28/2009 - 02:00
Revision Note: V1.0 (July 28, 2009): Advisory published. Advisory Summary:Security Advisory
Microsoft Security Advisory (973472): Vulnerability in Microsoft Office Web Components Control Could Allow Remote Code Execution - 7/13/2009
Submitted by adicoef on Mon, 07/13/2009 - 02:00
Revision Note: Advisory published. Advisory Summary:Microsoft is investigating a privately reported vulnerability in Microsoft Office Web Components. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. When using Internet Explorer, code execution is remote and may not require any user intervention.
Microsoft Security Advisory (972890): Vulnerability in Microsoft Video ActiveX Control Could Allow Remote Code Execution - 7/6/2009
Submitted by adicoef on Mon, 07/06/2009 - 02:00
Revision Note: Advisory published. Advisory Summary:Microsoft is investigating a privately reported vulnerability in Microsoft Video ActiveX Control. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. When using Internet Explorer, code execution is remote and may not require any user intervention.
Microsoft Security Advisory (945713): Vulnerability in Web Proxy Auto-Discovery (WPAD) Could Allow Information Disclosure - 6/9/2009
Submitted by adicoef on Tue, 06/09/2009 - 02:00
Revision Note: V2.0 (June 9, 2009): Advisory updated to reflect publication of security bulletin MS09-008 and Microsoft Security Advisory 971888. Advisory Summary:Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS09-008 to address the WPAD issue and have released configuration guidance and updates for DNS devolution in Microsoft Security Advisory 971888. For more information about this issue, including download links for an available security update, please review MS09-008 and Microsoft Security Advisory 971888.
Microsoft Security Advisory (971888): Update for DNS Devolution - 6/9/2009
Submitted by adicoef on Tue, 06/09/2009 - 02:00
Revision Note: Advisory published. Advisory Summary:Microsoft is announcing the availability of an update to DNS devolution that can help customers in keeping their systems protected. Customers whose domain name has three or more labels , such as "contoso.co.us", or who do not have a DNS suffix list configured, or for whom the following mitigating factors do not apply may inadvertently be allowing client systems to treat systems outside of the organizational boundary as though they were internal to the organization's boundary.
Microsoft Security Advisory (969898): Update Rollup for ActiveX Kill Bits - 6/9/2009
Submitted by adicoef on Tue, 06/09/2009 - 02:00
Revision Note: Advisory published. Advisory Summary:Microsoft is releasing a new set of ActiveX kill bits with this advisory.