-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Microsoft Visual Studio Masked Edit Control "Mask" Buffer Overflow
,----[ Quote ]
| Secunia Advisory: SA31498
| Release Date: 2008-08-14
| Critical: Highly critical
`----
http://secunia.com/advisories/31498/
Palo Alto Networks Discovers Two Vulnerabilities in This Week's Microsoft
Security Bulletin
,----[ Quote ]
| Palo Alto Networks today announced that its Threat Research Team discovered
| two of the 11 vulnerabilities discovered in Microsoft's Patch Tuesday
| security bulletin this week.
`----
http://www.marketwatch.com/news/story/palo-alto-networks-discovers-two/story.aspx?guid=%7B28C59158-542D-4728-8844-5292FCA3B0E6%7D&dist=hppr
Massive number of flaws this past Tuesday. And these are just the ones
Microsoft talks about...
Recent:
Bypassing Microsoft Vista's Memory Protection
,----[ Quote ]
| This is huge...
`----
http://www.schneier.com/blog/archives/2008/08/bypassing_micro.html
Related:
Critical Vulnerability in Microsoft Metrics
,----[ Quote ]
| This is a small subset of all the vulnerabilities, because the
| vulnerabilities that are found through the QA process and the vulnerabilities
| that are found by the security folks they engage as contractors to perform
| penetration testing are fixed in service packs and major updates. For
| Microsoft this makes sense because these fixes get the benefit of a full test
| pass which is much more robust for a service pack or major release than it is
| for a security update.
`----
http://blog.mozilla.com/security/2007/11/30/critical-vulnerability-in-microsoft-metrics/
Skeletons in Microsoft’s Patch Day closet
,----[ Quote ]
| This is the first time I’ve seen Microsoft prominently admit to silently
| fixing vulnerabilities in its bulletins — a controversial practice that
| effectively reduces the number of publicly documented bug fixes (for those
| keeping count) and affects patch management/deployment decisions.
`----
http://blogs.zdnet.com/security/?p=316
Beware of undisclosed Microsoft patches
,----[ Quote ]
| Forget for a moment whether Microsoft is throwing off patch counts
| that Microsoft brass use to compare its security record with those
| of its competitors. What do you think of Redmond’s silent patching
| practice?
`----
http://blogs.zdnet.com/microsoft/?p=527
Microsoft is Counting Bugs Again
,----[ Quote ]
| Sorry, but Microsoft's self-evaluating security counting isn't really a
| good accounting.
|
| [...]
|
| The point: Don't count on security flaw counting. The real flaw is
| the counting.
`----
http://www.microsoft-watch.com/content/security/microsoft_is_counting_bugs_again.html?kc=MWRSS02129TX1K0000535
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkil+uAACgkQU4xAY3RXLo5KhgCfTC3JAjg7BzVnWgKr7z+26/Y4
184An0r80r+gefhXuc2k/I54N/JYW5V4
=Hwzx
-----END PGP SIGNATURE-----
|
|
