Today we released MS08-039 which addressed several XSS vulnerabilities in Microsoft Exchange’s Outlook Web Access component. While this is an update to be applied to the Exchange server, the clients who use OWA are the computers potentially at risk. We…
We released security bulletin MS08-020 two months ago to improve the DNS transaction ID entropy. You can read more about the MS08-020 algorithm change in this blog entry. Increasing the entropy makes it more difficult for attackers to spoof DNS replies…
Today we released MS08-040 to patch several vulnerabilities in the SQL Server Database Engine; one of them involves the SQL Server backup file format. The format is also known as MTF (Microsoft Tape Format). The vulnerability requires an attacker to be…
