|
Microsoft Advisories
|
Tuesday, 09 June 2009
Revision Note: V2.0 (June 9, 2009): Advisory updated to reflect publication of security bulletin.Summary: Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS09-020 to address this issue. For more information about this issue, including download links for an available security update, please review MS09-020. The vulnerability addressed is the IIS 5.1 and 6.0 WebDAV Authentication Bypass Vulnerability - CVE-2009-1535. |
|
Read more...
|
|
|
Microsoft Advisories
|
Tuesday, 09 June 2009
Severity Rating: Moderate - Revision Note: Bulletin published.Summary: This security update resolves a privately reported vulnerability in Windows Search. The vulnerability could allow information disclosure if a user performs a search that returns a specially crafted file as the first result or if the user previews a specially crafted file from the search results. By default, the Windows Search component is not installed on Microsoft Windows XP and Windows Server 2003. It is an optional component available for download. Windows Search installed on supported editions of Windows Vista and Windows Server 2008 is not affected by this vulnerability. |
|
Read more...
|
|
|
Microsoft Advisories
|
Tuesday, 09 June 2009
Severity Rating: Critical - Revision Note: V2.0 (June 9, 2009): Bulletin rereleased to provide security update packages for Microsoft Office 2004 for Mac, Microsoft Office 2008 for Mac, Open XML File Format Converter for Mac, Microsoft Works 8.5, and Microsoft Works 9. Customers who currently have this software installed need to apply this update immediately.Summary: This security update resolves a publicly disclosed vulnerability and several privately reported vulnerabilities in Microsoft Office PowerPoint that could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
|
Read more...
|
|
|
Microsoft Advisories
|
Tuesday, 09 June 2009
Severity Rating: Critical - Revision Note: Bulletin published.Summary: This security update resolves a privately reported vulnerability in the Microsoft Works converters. The vulnerability could allow remote code execution if a user opens a specially crafted Works file. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
|
Read more...
|
|
|
Microsoft Advisories
|
Tuesday, 09 June 2009
Severity Rating: Important - Revision Note: Bulletin published.Summary: This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft Internet Information Services (IIS). The vulnerabilities could allow elevation of privilege if an attacker sent a specially crafted HTTP request to a Web site that requires authentication. These vulnerabilities allow an attacker to bypass the IIS configuration that specifies which type of authentication is allowed, but not the file system-based access control list (ACL) check that verifies whether a file is accessible by a given user. Successful exploitation of these vulnerabilities would still restrict the attacker to the permissions granted to the anonymous user account by the file system ACLs. |
|
Read more...
|
|
|
Microsoft Advisories
|
Tuesday, 09 June 2009
Severity Rating: Important - Revision Note: Bulletin published.Summary: This security update resolves two publicly disclosed and two privately reported vulnerabilities in the Windows kernel that could allow elevation of privilege. An attacker who successfully exploited any of these vulnerabilities could execute arbitrary code and take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities. The vulnerabilities could not be exploited remotely or by anonymous users. |
|
Read more...
|
|
|
Microsoft Advisories
|
Tuesday, 09 June 2009
Revision Note: V2.0 (June 9, 2009): Advisory updated to reflect publication of security bulletin MS09-008 and Microsoft Security Advisory 971888.Summary: Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS09-008 to address the WPAD issue and have released configuration guidance and updates for DNS devolution in Microsoft Security Advisory 971888. For more information about this issue, including download links for an available security update, please review MS09-008 and Microsoft Security Advisory 971888. The vulnerabilities addressed are the WPAD server registration vulnerabilities in WINS and DNS - CVE-2009-0094 and CVE-2009-0093. |
|
Read more...
|
|
|
Microsoft Advisories
|
Tuesday, 09 June 2009
Severity Rating: Important - Revision Note: Bulletin published.Summary: This security update resolves a publicly disclosed vulnerability in the Windows remote procedure call (RPC) facility where the RPC Marshalling Engine does not update its internal state appropriately. The vulnerability could allow an attacker to execute arbitrary code and take complete control of an affected system. Supported editions of Microsoft Windows are not delivered with any RPC servers or clients that are subject to exploitation of this vulnerability. In a default configuration, users could not be attacked by exploitation of this vulnerability. However, the vulnerability is present in the Microsoft Windows RPC runtime and could affect third-party RPC applications. |
|
Read more...
|
|
|
Microsoft Advisories
|
Tuesday, 09 June 2009
Revision Note: Advisory published.Summary: Microsoft is announcing the availability of an update to DNS devolution that can help customers in keeping their systems protected. Customers whose domain name has three or more labels , such as "contoso.co.us", or who do not have a DNS suffix list configured, or for whom the following mitigating factors do not apply may inadvertently be allowing client systems to treat systems outside of the organizational boundary as though they were internal to the organization's boundary. |
|
Read more...
|
|
|
Microsoft Advisories
|
Tuesday, 09 June 2009
Severity Rating: Critical - Revision Note: Bulletin published.Summary: This security update resolves two privately reported vulnerabilities that could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. |
|
Read more...
|
|
|
<< Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>
|
| Results 11 - 20 of 230 |
VoIP (Voice over IP) allows the integration of your data network and voice communication through a single medium, sending voice over your IP network (through LAN/WAN/Internet). 
Vendor Advisories 