Microsoft has issued a formal security advisory to confirm the remote reboot flaw in its implementation of the SMB2 protocol, going a step further to warn that a successful attack could lead to remote code execution and full system takeover.
Browsing Tag: Microsoft
Dennis Fisher talks with Stephen Toulouse, director of policy and enforcement for Xbox Live at Microsoft, about his years at the Microsoft Security Response Center, the evolution of security at Microsoft and the joy and pain of being the bad guy on Xbox Live.
Microsoft today released a peck of patches to cover at least seven documented worm holes in the Windows operating system.
The most serious of the vulnerabilities addresses could lead to remote code execution complete system takeover attacks. The September batch of patches does not address the FTP in IIS vulnerability that is currently being exploited in the wild.
Vendors are finally releasing patches today for the TCP vulnerabilities first publicized nearly a year ago that affect a huge range of networking products, including any device running a version of Cisco’s IOS software, and a number of Microsoft server and desktop operating systems. Both Microsoft and Cisco released fixes for the vulnerabilities on Tuesday.
Microsoft’s September batch of security updates will include fixes for a multiple “critical” vulnerabilities affecting the Windows operating system.
In all, the software maker will release five bulletins with patches for a range of flaws that could expose users to remote code execution attacks.
Less than a week after the publication of exploit code for a gaping hole in the FTP Service in Microsoft Internet Information Services (IIS), attackers are launching what is described as “limited attacks” against Windows users.
Microsoft has updated its security advisory to warn of the new attacks and added new mitigation workarounds for business running (IIS) 5.0, 5.1, and 6.0.
There is an unpatched flaw in Microsoft SQL Server that could enable an attacker to access users’ passwords on the database server. The vulnerability is in SQL Server 2000, 2005 and 2008.
Microsoft late Tuesday confirmed the publication of exploit code for a serious code execution vulnerability in the File Transfer Protocol (FTP) Service in Microsoft Internet Information Services (IIS) 5.0, 5.1, and 6.0.
A security advisory from Redmond warned that the vulnerability could allow remote code execution on affected systems running the FTP service and connected to the Internet. Read the advisory [microsoft.com] See workaround information on the SR&D blog [technet.com]
There is exploit code circulating for a newly discovered vulnerability in the FTP service of Microsoft IIS, a flaw which could enable an attacker to run his own code on a remote server. The flaw mainly affects older versions of IIS, Microsoft’s Web server product, but the existence of a working exploit and the popularity of IIS make the vulnerability a serious concern.
From Computerworld (Gregg Keizer)
Microsoft’s plan to “sandbox” documents in the next version of Office looks like a “very good step forward,” according to one security analyst.
Last week, Microsoft revealed more details about a new security feature in Office 2010, dubbed “Protected View,” that is designed to shut down the popular hacker tactic of feeding users rigged Word, Excel and PowerPoint files. Read the full story [computerworld.com]