Browsing Tag: Microsoft

Categories: Compliance, Podcasts

Dennis Fisher talks with Stephen Toulouse, director of policy and enforcement for Xbox Live at Microsoft, about his years at the Microsoft Security Response Center, the evolution of security at Microsoft and the joy and pain of being the bad guy on Xbox Live.

Read more...

Categories: Vulnerabilities

Microsoft today released a peck of patches to cover at least seven documented worm holes in the Windows operating system.
The most serious of the vulnerabilities addresses could lead to remote code execution complete system takeover attacks.  The September batch of patches does not address the FTP in IIS vulnerability that is currently being exploited in the wild.

Read more...

Categories: Vulnerabilities

Vendors are finally releasing patches today for the TCP vulnerabilities first publicized nearly a year ago that affect a huge range of networking products, including any device running a version of Cisco’s IOS software, and a number of Microsoft server and desktop operating systems. Both Microsoft and Cisco released fixes for the vulnerabilities on Tuesday.

Read more...

Categories: Vulnerabilities

Less than a week after the publication of exploit code for a gaping hole in the FTP Service in Microsoft Internet Information Services (IIS), attackers are launching what is described as “limited attacks” against Windows users.
Microsoft has updated its security advisory to warn of the new attacks and added new mitigation workarounds for business running (IIS) 5.0, 5.1, and 6.0.

Read more...

Categories: Vulnerabilities

Microsoft late Tuesday confirmed the publication of exploit code for a serious code execution vulnerability in the File Transfer Protocol (FTP) Service in Microsoft Internet Information Services (IIS) 5.0, 5.1, and 6.0.
A security advisory from Redmond warned that the vulnerability could allow remote code execution on affected systems running the FTP service and connected to the Internet.  Read the advisory [microsoft.com]  See workaround information on the SR&D blog [technet.com]

Read more...

Categories: Vulnerabilities

There is exploit code circulating for a newly discovered vulnerability in the FTP service of Microsoft IIS, a flaw which could enable an attacker to run his own code on a remote server. The flaw mainly affects older versions of IIS, Microsoft’s Web server product, but the existence of a working exploit and the popularity of IIS make the vulnerability a serious concern.

Read more...

Categories: Compliance

From Computerworld (Gregg Keizer)
Microsoft’s plan to “sandbox” documents in the next version of Office looks like a “very good step forward,” according to one security analyst.
Last week, Microsoft revealed more details about a new security feature in Office 2010, dubbed “Protected View,” that is designed to shut down the popular hacker tactic of feeding users rigged Word, Excel and PowerPoint files.  Read the full story [computerworld.com]

Read more...