Excellent new article up on TechNet by Jeff Jones explaining the Microsoft security response process:

Once a potential issue is reported to Microsoft, either privately or publicly, our team immediately begins an investigation to reproduce and verify the reported issue and to identify any associated or variant issues. Historically, only about 1 out of 10 reported issues turns out to be a new and unique security issue that warrants opening an investigation, while the other 9 fall into categories of known issues, non-security issues, or errors.

Slashdot linked to a Hacker Hall of Fame on The Learning Channel's Web site earlier this week. I see that this page is part of a larger page for the show Hackers: Outlaws and Angles. There's a ton of great information there if you're into computer security.

 

Peter Huene discusses the Visual C++ project system in this information-packed posting:

Exploring the Visual C++ Project Object Model : Properties (part I)

For my first product-related post, I want to talk a little about the VC++ project system and properties (relative to versions 2002 and 2003).  By “properties” I mean the project settings you specify in the project properties dialog.  So how does what you set in the project properties dialog relate to the Visual C++ Project System Object Model? 

We released three new security bulletins today:

ASN .1 Vulnerability Could Allow Code Execution (828028): MS04-007

Vulnerability in the Windows Internet Naming Service (WINS) Could Allow Code Execution (830352): MS04-006

Vulnerability in Virtual PC for Mac could lead to privilege elevation (835150): MS04-005

The two Windows updates are available through Windows Update. You can download the Virtual PC for Mac updates from the MS04-005 bulletin. MS04-007 is pretty nasty, so get your machines patched right away.
This posting is provided "AS IS" with no warranties, and confers no rights.

We updated the Mydoom virus page today with information about Mydoom.C (a.k.a. DoomJuice.A) You can get the details here.

We also updated the MyDoom (A,B) and DoomJuice.A Worm Removal Tool. Here's some information about that:

This tool will help to remove the MyDoom.A, MyDoom.B, and DoomJuice.A (aka "MyDoom.C") worms from infected systems. Once the tool has run—after the End-User License Agreement (EULA) is accepted—it automatically checks for infection and removes any of the targeted worms that are found. If a machine is infected with the MyDoom.B worm, the tool will also provide the user with the default version of the hosts file and set the "read-only" attribute for that file. This action will allow the user to visit previously-blocked Microsoft and antivirus websites.

I often find myself describing to people at work (Microsoft) what developer centers we have on MSDN. I think its important to occasionally let people know that these exist and what's available for developers. The MSDN Developer Centers page descibes the key developer centers and their purpose:

Developer Centers are locations on MSDN that aggregate all the content and resources that you need to be successful around a particular product, technology, audience or geography. They provide a clear roadmap and a means to help you more directly in strategic areas.

I use this page to hit the various developer centers all the time. Many of the people in my Friends list on my blog page are Content Strategists for MSDN. I'm the Content Strategist for the Security and the Visual C++ Developer Centers.

I heard about this earlier today and I meant to post about it but I forgot. I was reminded again on Slashdot. You can read the NGSSoftware advisory here.

By crafting malformed .RP, .RT, .RAM, .RPM & .SMIL files it is possible to cause heap and stack based overruns in RealPlayer / RealOne Player. By forcing a browser to a website containing such a file, code could be exectued on the target machine running in the context of the logged on user, alternatively the end user would be required to open the attachment (except in the case of the .RPM file)

If you run Real player, be sure to update your installation. Real has posted updates here.

Russell Beattie analyzes the current smartphone market and he says he even got to play with a Windows Smartphone. Here's his take on that:

And speaking of the other OSes, let me tell you that I finally got to fondle a Windows Mobile Smartphone for a few minutes the other day and it was surprisingly good. Actually, it was amazingly good. Compelling, easy to use, quick menus, all the functionality that I would expect (and more). As someone who (regretfully) uses Windows on a daily basis, I was completely at home with the UI and icons, etc. Seeing the Internet Explorer icon was obviously where I would browse the web. The MSN Messenger icon showed me I could chat, the File manager was clean, the back button worked intelligently and clearly, the home screen with the organized PIM info was incredibly useful.

Lest you take him out of context, please read the whole piece. Russell is a Java developer and he's not a Microsoft fan to say the least, but he's consistently insightful and entertaining.

Jason points out a new Solution Guide they developed for Unix/Windows auth. I may headline this on the Security Developer Center when I get a chance.

Solution Guide for Windows Security and Directory Services for UNIX
Using Active Directory and Kerberos for authentication and identity store in a heterogeneous UNIX and Windows IT environment.

A heavily disclaimed, yet tasty posting form Andy Pennell on How to Not Step Into Functions using the Visual C++ Debugger

Ever stepped into a function you didn’t want to? Like an ATL or MFC CString constructor for example? Or a conversion operator you are really not interested in? Well there is a way to tell the Visual Studio debugger to never, ever step into a particular function. This is not a documented option, but the information is available in newgroups...