aslr

  1. two exploits sharing one concept …

    at first it seems these are two entirely different exploits. digging a bit deeper … they both share one ultimate concept … subjugating the hardware (core/chip), rather than the os's software. if i understand correctly … the first one even bypasses the os...
  2. MS15-053 - Important: Vulnerabilities in JScript and VBScript Scripting Engines Could Allow...

    Severity Rating: Important Revision Note: V1.0 (May 12, 2015): Bulletin published. Summary: This security update resolves ASLR security feature bypasses in the JScript and VBScript scripting engines in Microsoft Windows. An attacker could use an ASLR bypass in conjunction with another...
  3. MS15-053 - Important: Vulnerabilities in JScript and VBScript Scripting Engines Could Allow...

    Severity Rating: Important Revision Note: V1.0 (May 12, 2015): Bulletin published. Summary: This security update resolves ASLR security feature bypasses in the JScript and VBScript scripting engines in Microsoft Windows. An attacker could use an ASLR bypass in conjunction with another...
  4. MS14-085 - Important: Vulnerability in Microsoft Graphics Component Could Allow Information...

    Severity Rating: Important Revision Note: V1.0 (December 9, 2014): Bulletin published. Summary: This security update resolves a publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow information disclosure if a user browses to a website containing specially crafted...
  5. MS14-046 - Important: Vulnerability in .NET Framework Could Allow Security Feature Bypass...

    Severity Rating: Important Revision Note: V1.0 (August 12, 2014): Bulletin published. Summary: This security update resolves a privately reported vulnerability in Microsoft .NET Framework. The vulnerability could allow security feature bypass if a user visits a specially crafted website. In a...
  6. MS14-047 - Important: Vulnerability in LRPC Could Allow Security Feature Bypass (2978668) -...

    Severity Rating: Important Revision Note: V1.0 (August 12, 2014): Bulletin published. Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if an attacker uses the vulnerability in conjunction with...
  7. MS14-046 - Important: Vulnerability in .NET Framework Could Allow Security Feature Bypass...

    Severity Rating: Important Revision Note: V1.0 (August 12, 2014): Bulletin published. Summary: This security update resolves a privately reported vulnerability in Microsoft .NET Framework. The vulnerability could allow security feature bypass if a user visits a specially crafted website. In a...
  8. The March 2014 Security Updates

    This month we release five bulletins to address 23 unique CVEs in Microsoft Windows, Internet Explorer and Silverlight. If you need to prioritize, the update for Internet Explorer addresses the issue first described in Security Advisory 2934088, so it should be at the top of your list. While...
  9. MS13-106 - Important : Vulnerability in a Microsoft Office Shared Component Could Allow...

    Severity Rating: Important Revision Note: V1.0 (December 10, 2013): Bulletin published. Summary: This security update resolves one publicly disclosed vulnerability in a Microsoft Office shared component that is currently being exploited. The vulnerability could allow security feature bypass if a...
  10. An update is available for the ASLR feature in Windows 7 or in Windows Server 2008 R2

    More...
  11. An update is available for the ASLR feature in Windows 7 or in Windows Server 2008 R2

    Describes an update that adds the ForceASLR feature to the Address Space Layout Randomization (ASLR) feature in Windows 7 or in Windows Server 2008 R2. More...
  12. An update is available for the ASLR feature in Windows 7

    Describes an update that adds the ForceASLR feature to the Address Space Layout Randomization (ASLR) feature in Windows 7. More...
  13. A guide to exploit mitigations and the July 2011 security bulletin release

    Hello all -- Over the years we’ve often talked about exploit mitigations – DEP, ASLR, SEHOP and so forth – as effective tools for improving computer security, reducing risk, preventing attacks, and minimizing operational disruption. Today we’re releasing a user’s...
  14. Google Chrome PWNED on Windows 7, exploit leaps over sandbox/ASLR/DEP

    If you’ve been using Google Chrome and feeling smug that you’re browser is immune to being attacked, think again. Link Removed due to 404 Error
  15. December 2010 Advance Notification Service is released

    Hi everyone. Mike Reavey from the MSRC here. Today we're releasing our Link Removed due to 404 Error for the December 2010 security bulletin release. As we do every month, we've given information about the coming December release and provided links to detailed information so you can plan your...
  16. Windows 7 What to make of the hacker who broke IE8 in two minutes

    Link Removed Some of you might have seen today's story by Gregg Keizer of our sister publication Computerworld headlined "Link Removed due to 404 Error" and may have asked the same question I asked. Two minutes? Dutch hacker Peter Vreugdenhil broke into the current edition of the Web browser...
  17. Windows 7 Paid Hacker Busts IE8 On Windows 7 In Two Minutes......

    March 25, 2010 (Dutch researcher explains his strategy for outwitting Microsoft defense mechanisms to win $ 10,000) Peter Vreugdenhil of the Netherlands bypasses DEP & ASLER to bring down Microsoft's Browser. And another German Researcher who wouldn't give his full name, called Nils found a...
  18. Windows Vista New Security Patch For Opera 10 & 10.5

    March 9, 2010 Opera confirms " highly critical" browser bug in "Windows Versions of Opera 10 and 10.5. According to "Scunins Report" theoretically the flaw could be used to corrupt memory, crash Opera and execute attack code. In an 64 environment the bug would crash Opera, in a 32 , memory...
  19. Windows 7 Pros and Cons of Windows 7 Security

    Link Removed The recently released Microsoft Security Intelligence Report highlights the vast improvements in security from Windows XP to Windows 7. Even so, no operating system is perfect. I asked security experts what they think about Windows 7 security and came up with a list of what...