The Microsoft Security Response Center (MSRC) Updated : Update on Security Advisory 2269637 Hi everyone, Since we released Security Advisory 2269637 on August 23, we've continued to conduct an investigation not only into our own affected products, but also into how we can best help to protect customers given DLL preloading also affects some third-party applications. We'd like to provide an update on our investigation. First, I want to be clear that Microsoft plans to address those of our products affected by this issue in the most appropriate way for customers. This will primarily be i... Publ.Date : Tue, 31 Aug 2010 21:00:00 GMT Microsoft Security Advisory 2269637 Released Overview Today we released Microsoft Security Advisory 2269637. This is different from other Microsoft Security Advisories because it's not talking about specific vulnerabilities in Microsoft products. Rather, this is our official guidance in response to security research that has outlined a new, remote vector for a well-known class of vulnerabilities, known as DLL preloading or "binary planting" attacks.  We are currently conducting a thorough investigation into how this new vector may a... Publ.Date : Sun, 22 Aug 2010 06:03:00 GMT August 2010 Webcast and QA Hello, Today we published the Questions & Answers from the August 2010 Security Bulleting webcast. We answered a total of 17 questions concerning the March bulletins and open Security Advisories. No particular themes emerged from the questions but there were some good ones so please review them. The video covers the core part of the presentation Adrian Stone and I gave during the webcast. We talk about the 14 bulletins for August and Security Advisory 2264072. Please join us for our next sc... Publ.Date : Thu, 12 Aug 2010 17:17:00 GMT Update on the publicly disclosed Win32k.sys EoP Vulnerability Hi everyone, Yesterday we tweeted to let customers know that we were investigating a publicly disclosed vulnerability in the Windows Kernel-mode drivers (win32k.sys) affecting all supported operating systems. We are not aware of attacks that try to use the reported vulnerability or of any customer impact at this time. Today we have more information, as well as a planned course of action. While most in the industry reported this as a low-severity vulnerability, it generated quite a bit of attent... Publ.Date : Tue, 10 Aug 2010 22:35:00 GMT August 2010 Security Bulletin Release Hello all. As part of our usual cycle of monthly updates, today Microsoft is releasing 14 security bulletins, addressing 34 vulnerabilities. Eight of those bulletins have a Critical severity rating, and we consider four of those to be high-priority deployments: MS10-052 This bulletin resolves a privately reported vulnerability in Microsoft's MPEG Layer-3 audio codecs. The vulnerability could allow remote code execution if a user opens a specially crafted media file or receives specially crafted... Publ.Date : Tue, 10 Aug 2010 16:42:00 GMT RSS feeds Increase Web Traffic