Microsoft Security Advisory (971888): Update for DNS Devolution – Version: 1.0
Revision Note: Advisory published.
Summary: Microsoft is announcing the availability of an update to DNS devolution that can help customers in keeping their systems protected. Customers whose domain name has three or more labels , such as “contoso.co.us”, or who do not have a DNS suffix list configured, or for whom the following mitigating factors do not apply may inadvertently be allowing client systems to treat systems outside of the organizational boundary as though they were internal to the organization’s boundary.
Microsoft Security Advisory (945713): Vulnerability in Web Proxy Auto-Discovery (WPAD) Could Allow Information Disclosure – Version: 2.0
Revision Note: V2.0 (June 9, 2009): Advisory updated to reflect publication of security bulletin MS09-008 and Microsoft Security Advisory 971888.
Summary: Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS09-008 to address the WPAD issue and have released configuration guidance and updates for DNS devolution in Microsoft Security Advisory 971888. For more information about this issue, including download links for an available security update, please review MS09-008 and Microsoft Security Advisory 971888. The vulnerabilities addressed are the WPAD server registration vulnerabilities in WINS and DNS – CVE-2009-0094 and CVE-2009-0093.
Microsoft Security Advisory (971492): Vulnerability in Internet Information Services Could Allow Elevation of Privilege – Version: 2.0
Revision Note: V2.0 (June 9, 2009): Advisory updated to reflect publication of security bulletin.
Summary: Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS09-020 to address this issue. For more information about this issue, including download links for an available security update, please review MS09-020. The vulnerability addressed is the IIS 5.1 and 6.0 WebDAV Authentication Bypass Vulnerability – CVE-2009-1535.
Microsoft Security Advisory (956391): Update Rollup for ActiveX Kill Bits – Version: 1.3
Revision Note: V1.3 (June 17, 2009): Added an entry to Frequently Asked Questions to communicate that for the purpose of automatic updating, this update does not replace the Cumulative Security Update of ActiveX Kill Bits (950760) that is described in Microsoft Security Bulletin MS08-032.
Summary: Microsoft is releasing a new set of ActiveX kill bits with this advisory.
Greetings from Barcelona
This week I am in Barcelona, where the Virus Bulletin conference is taking place. I will be attending some preVB meetings, such as the AVPD (AntiVirus Product Developers) hosted by ICSA Labs and the WildList meeting, where we’ll talk about some future plans. All the meetings and the conference itself will take place at the [...]—
read the article