23/04/2008 07:00 AM

Revision Note: April 23, 2008: Added clarification to impact of workaround for IIS 6.0 Advisory Summary:Security Advisory

23/04/2008 07:00 AM

Revision Note: April 23, 2008: Added an FAQ entry about known issues in installing the kernel update Advisory Summary:Security Advisory

21/03/2008 07:00 AM

Revision Note: Advisory published Advisory Summary:Microsoft is investigating new public reports of limited, targeted attacks using a vulnerability in the Microsoft Jet Database Engine that can be exploited through Microsoft Word. Customers running Windows Server 2003 Service Pack 2, Vista, and Vista Service Pack 1 are not vulnerable to the buffer overrun being attacked, as they include a version of the Microsoft Jet Database Engine that is not vulnerable to this issue. Customers using Microsoft Word 2000 Service Pack 3, Microsoft Word 2002 Service Pack 3, Microsoft Word 2003 Service Pack 2, Microsoft Word 2003 Service Pack 3, Microsoft Word 2007, and Microsoft Word 2007 Service Pack 1 on Microsoft Windows 2000, Windows XP, or Windows Server 2003 Service Pack 1 are vulnerable to these attacks.

12/03/2008 07:00 AM

Revision Note: Advisory updated to reflect the correct Excel file formats in the MOICE Workarounds section. Advisory Summary:Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS08-014 to address this issue. For more information about this issue, including download links for an available security update, please review MS08-014. The vulnerability addressed is the Microsoft Excel Vulnerability - CVE-2008-0081.

09/01/2008 08:00 AM

Revision Note: Advisory Updated: The registry key for the Configure a Domain Suffix Search List workaround has been corrected to the proper key of SearchList. Advisory Summary:Microsoft is investigating new public reports of a vulnerability in the way Windows resolves hostnames that do not include a fully-qualified domain name (FQDN). The technology that the vulnerability affects is Web Proxy Auto-Discovery (WPAD). Microsoft has not received any information to indicate that this vulnerability has been publicly used to attack customers, and Microsoft is not aware of any customer impact at this time. Microsoft is aggressively investigating the public reports. Customers whose domain name begins in a third-level or deeper domain, such as “contoso.co.us”, or for whom the following mitigating factors do not apply, are at risk from this vulnerability.

09/05/2008 08:49 PM

Downloads and Executes Arbitrary Files Once executed, Win32/SillyDl.DUK lies dormant for 1 hour in an attempt to hide itself from the system user. The trojan then contacts the IP address 58.65.239.98 and downloads two files. SillyDl.DUK saves the files to the %My Documents% directory using randomly generated filenames, for example "008567.exe", and then executes the files. Note: %My Documents% is a variable location and refers to the location of the user's My Documents folder. Th...

09/05/2008 08:49 PM

Win32/SillyDl.EHG is a downloading trojan. Win32/SillyDl variants may be installed via Internet Explorer exploits when users visit malicious web pages; other trojan downloaders or components; or they may be packaged with software that the user has chosen to install. A downloader is a program that automatically downloads and runs and/or installs other software without the user's knowledge or...

09/05/2008 08:49 PM

Win32/SillyDl.EHH is a downloading trojan. Win32/SillyDl variants may be installed via Internet Explorer exploits when users visit malicious web pages; other trojan downloaders or components; or they may be packaged with software that the user has chosen to install. A downloader is a program that automatically downloads and runs and/or installs other software without the user's knowledge or...

09/05/2008 08:49 PM

Win32/SillyDl.EHI is a downloading trojan. Win32/SillyDl variants may be installed via Internet Explorer exploits when users visit malicious web pages; other trojan downloaders or components; or they may be packaged with software that the user has chosen to install. A downloader is a program that automatically downloads and runs and/or installs other software without the user's knowledge or...

09/05/2008 08:49 PM

Win32/SillyDl.EHJ is a downloading trojan. Win32/SillyDl variants may be installed via Internet Explorer exploits when users visit malicious web pages; other trojan downloaders or components; or they may be packaged with software that the user has chosen to install. A downloader is a program that automatically downloads and runs and/or installs other software without the user's knowledge or...

09/05/2008 08:26 PM

Capitol Hill politicos aren't alone in considering new antipiracy mandates for schools. Tennessee just passed the first such law, and universities are bracing for other states to follow.

09/05/2008 08:02 PM

The potential for U.S. solar energy looks bright, but what hurdles are standing in the way of its broad adoption?

09/05/2008 07:58 PM

EarthLink is supposedly threatening to shut down Philadelphia's citywide Wi-Fi network as it negotiates a way out of its 10-year contract to build and run the network.

09/05/2008 07:42 PM

The social network seems ready to let users go past its traditional limit on friends, even though few have come close to that level.

09/05/2008 07:37 PM

Satellite images from NASA track a cyclone and the flooding it caused--which may end up killing more than 100,000 residents of Myanmar.

09/05/2008 08:49 PM

Adware

09/05/2008 08:49 PM

09/05/2008 08:49 PM

09/05/2008 08:49 PM

09/05/2008 08:49 PM