The authors will periodically post Microsoft
security items of note on this page (older items are in the Archive).
2008
02/27/08 - How Safe Are Your Private Pictures on the Net?
Co-author
Joel Scambray interviewed on Fox News Los Angeles television about
web site security at services like Flickr, TinyPic, and Photobucket, where
supposedly private videos and pictures have become exposed on the Internet.
2007
11/26/07 - Hackers
will feed on Vista in 2008
As Windows Vista gains in adoption, experts expect malware authors to
increasingly focus their attention on finding vulnerabilities in the operating
system and altering their social engineering techniques to accommodate
it.
11/26/07 - Microsoft
Working to Close Web Proxy Vulnerability
Microsoft announced it is working to fix an eight-year-old flaw in Windows
that lets hackers exploit a Web proxy auto-configuration protocol to take
over groups of machines with a single attack.
11/21/-07 - Random
Number Generator Flaw Found in Windows XP
Microsoft has confirmed that Windows XP has the same random number generator
flaw that researchers recently discovered in Windows 2000. Windows Vista,
Windows Server 2003 and Windows Server 2008 do not have the flaw.
11/17/07 - Patched
Microsoft DNS Bug Has Existed a Long Time
The DNS cache poisoning bug stems from a flaw that has been known to researchers
for 10 years or more, according to two security firms. In related news,
Security
Concerns Cause Shift from Windows DNS Server to BIND 9.
2006
08/02/06 - Vista kernel security bypass revealed at Black Hat
In her presentation entitled "Subverting
Vista Kernel For Fun And Profit," rootkit researcher Joanna Rutkowska
described a technique for inserting arbitrary code into the latest Vista
Beta 2 kernel (x64 edition), thus effectively bypassing Vista's feature
that allows only digitally signed code to be loaded into kernel. The technique
involved using administrator privileges to insert a new driver into the
system page file, which is then loaded dynamically into memory (thus not
requiring reboot). Proposed mitigations include encrypting the page file,
or disabling paging of kernel memory. Both entail drawbacks that may make
them prohibitive in commercial applications. Rutkowska also presented
her "Blue
Pill" technique for usurping a running operating system into
a virtual machine using AMD's Pacifica technology.
06/29/06 - Microsoft Security guidance updates released
Microsoft released updates to five previously released security guides,
including the Security
Risk Management Guide v1.2, Windows
NT4.0 and Windows 98 Threat Mitigation Guide v1.1, Windows
XP Security Guide v2.2, Windows
Server 2003 Security Guide v2.1, and Microsoft
Identity and Access Management Series v1.4.
06/28/06 - "Blue
Pill" rootkit technique hides malware
Well-known malware researcher Joanna Rutkowska publicly discloses information
about using the AMD64 Secure Virtual Machine (SVM)/Pacifica instruction
set to submerge a running operating system under the control of a hypervisor,
on-the-fly (no reboot required). She hypothesizes that this technique
could be a super-stealth mechanism to hide malware. Rutkowska also alluded
to a new technique for loading arbitrary code into the Vista kernel, bypassing
cryptographic signing requirements.
06/12/06 - Address Space Layout Randomization to ship in Vista
Windows Vista will apparently ship with a new feature called Address Space
Layout Randomization (ASLR) that randomizes memory locations to prevent
buffer overflow exploitation. Michael Howard's blog has some
implementation details, and
this Wikipedia article links to some other implementations.
