Microsoft Security Bulletin Advance Notification for July 2011

Discussion in 'other security issues & news' started by ronjor, Jul 7, 2011.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,755
    Location:
    Texas
    https://www.microsoft.com/technet/security/bulletin/ms11-jul.mspx

    Note: See Executive Summaries within the bulletin for information.
     
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,755
    Location:
    Texas
    https://www.microsoft.com/technet/security/bulletin/ms11-jul.mspx
     
  3. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,755
    Location:
    Texas
    http://blogs.technet.com/b/msrc/
     
  4. MessageBoxA

    MessageBoxA Registered Member

    Joined:
    Jun 20, 2011
    Posts:
    53
    Wow,

    Look at that... 14 Win32k.sys vunerabilities discovered by Tarjei. It is amazing that a multi-billion dollar company like Microsoft cannot scan ther own binaries for Null Pointer de-references and use-after-free pointers/handles.

    I love how they add: "An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users."

    That statement is somewhat misleading.

    I don't really understand why researchers like ~Link removed~ about a vunerability the same day the patch is released. He gives enough details in his blog to build a working exploit. He should wait a while longer before going public with details.
     
    Last edited by a moderator: Jul 12, 2011
Loading...
Thread Status:
Not open for further replies.