PAPER: Dynamic Data Flow Analysis via Virtual Code Integration (aka The SpiderPig case) <!– Envelope-to: email@address Delivery-date: Tue, 19 May 2009 21:59:36 +0100 Received: from outgoing.securityfocus.com ([205.206.231.27] helo=outgoing3.securityfocus.com) by lt.network5.net with esmtp (Exim 4.43) id 1M6WPQ-0001ek-3I for email@address; Tue, 19 May 2009 21:59:36 +0100 Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20]) by outgoing3.securityfocus.com (Postfix) with QMQP id [...]
Posts Tagged ‘Microsoft’
Microsoft releases SDL tool
Microsoft releases SDL tool Microsoft on Tuesday released a free tool to help application developers better secure their programs. The SDL (Secure Development Lifecycle) Process Template for Visual Studio Team System provides a framework — including auditable requirements — for building security into applications. The offering complements previous Microsoft SDL releases: Optimization Model, Pro Network [...]
Microsoft validates web server vulnerability
Microsoft validates web server vulnerability Microsoft on Tuesday confirmed the presence of a privilege-escalation vulnerability in its Internet Information Services web server — but said no exploits are underway. URL: http://feedproxy.google.com/~r/SCMagazineHome/~3/MRQDeMPNzOQ/
Microsoft Internet Information Services (IIS) Elevation of Privilege Vulnerability
Microsoft Internet Information Services (IIS) Elevation of Privilege Vulnerability Summary: Fortinet’s FortiGuard Global Security Research Team investigates an elevation of privilege vulnerability in Microsoft Internet Information Services (IIS). Impact: Elevation of privilege. Affected Software: Microsoft Internet Information Services 5.0 Microsoft Internet Information Services 5.1 Microsoft Internet Information Services 6.0 Solutions: The FortiGuard Global Security Research [...]
ShouldIBackupMy.com – A project for Open Hack 2009
ShouldIBackupMy.com ¡V A project for Open Hack 2009 Last week I attended Open Hack 2009, an event hosted by Yahoo in which participants are encouraged to create applications (hacks) in 24 hours ideally using their APIs or libraries. During the last two Hack Days at which Yahoo was one of the main sponsors I never [...]
IIS 6 attack could let hackers snoop on servers
IIS 6 attack could let hackers snoop on servers Security vendors are warning users of Microsoft’s Internet Information Services 6 Web-server software that a new online attack could put their data at risk. The flaw was made public Thursday, when security researcher Nikolaos Rangos posted details of the vulnerability to the Full Disclosure security mailing [...]
New Microsoft IIS flaw
New Microsoft IIS flaw A vulnerability in Microsoft Internet Information Services (IIS) web server could enable an attacker to access or upload files to protected WebDAV folders. The SANS Internet Storm Center said in a blog post that “adding certain Unicode characters to an URL makes it possible to bypass authentication in IIS.” The vulnerability [...]
Vulnerability in Internet Information Services Could Allow Elevation of Privilege – 5/18/2009
Microsoft Security Advisory (971492): Vulnerability in Internet Information Services Could Allow Elevation of Privilege – 5/18/2009 Revision Note: Security Advisory published. Advisory Summary:Microsoft is investigating new public reports of a possible vulnerability in Microsoft Internet Information Services (IIS). An elevation of privilege vulnerability exists in the way that the WebDAV extension for IIS handles HTTP [...]
PDF Flaw Patched — But Does Anybody Know?
PDF Flaw Patched — But Does Anybody Know? As expected, Adobe patched a zero-day vulnerability in its popular Adobe Reader software last week, marking the second time in three months that it delivered an update on the same day Microsoft issued its monthly fixes. But while Microsoft’s PowerPoint patch received lots of attention, the Adobe [...]
New Microsoft Office 2010 test build leaks
New Microsoft Office 2010 test build leaks Microsoft officials said last week that the company would release a new test build of its Office 2010 suite in July. But it looks like some testers got it at the end of this week and subsequently leaked it to the Web. The build that leaked is not [...]
IIS6.0 WebDav Remote Auth Bypass, (Fri, May 15th)
IIS6.0 WebDav Remote Auth Bypass, (Fri, May 15th) If you’re in the security business long enough, this one will sound extremely familiar: Apparently, adding certain Unicode characters to an URL makes it possible to bypass authentication in Microsoft IIS6 with WebDav and access or even upload files in folders which are supposed to be password [...]
Microsoft criticised by SANS for releasing vulnerability details
Microsoft criticised by SANS for releasing vulnerability details Microsoft’s advance notifications of patching are putting Mac users at risk. Speaking to Computer World, Swa Frantzen, an analyst at SANS Institute’s Internet Storm Center, criticised Microsoft for issuing patches that fix the Windows versions of PowerPoint while announcing that patches for the same flaws in the [...]
Hackers ‘destroy’ flight sim site
Hackers ‘destroy’ flight sim site Flight simulator site Avsim has been “destroyed” by malicious hackers. The site, which launched in 1996, covered all aspects of flight simulation, although its main focus was on Microsoft’s Flight Simulator. The attack took down the site’s two servers and the owners had not established an external backup system. The [...]
Microsoft PowerPoint Sound Data (CVE-2009-0223) Remote Code Execution Vulnerability
Vuln: Microsoft PowerPoint Sound Data (CVE-2009-0223) Remote Code Execution Vulnerability Microsoft PowerPoint Sound Data (CVE-2009-0223) Remote Code Execution Vulnerability URL: http://www.securityfocus.com/bid/34834
Pirated Windows 7 Builds Botnet with Trojan
Pirated Windows 7 Builds Botnet with Trojan Security researchers at Damballa report shutting down the command and control server of a botnet built by a Trojan bundled with pirated copies of Windows 7 RC. The Trojan is believed to have infected thousands of users. Attackers pushing pirated, malware-laced copies of Microsoft’s upcoming Windows 7 operating [...]
