MS08-078 and the SDLhttp://blogs.msdn.com/sdl/archive/2008/12/18/ms08-078-and-the-sdl.aspxHi, Michael here. Every bug is an opportunity to learn, and the security update that fixed the data binding bug that affected Internet Explorer users is no exception. The Common Vulnerabilities and Exposures (CVE) entry for this bug is CVE-2008-4844 .en-USCommunityServer 2.1 SP1 (Build: 61025.2)Now its Firefox&#8217;s and Opera&#8217;s turn (Updated) &laquo; InfoSec Philippineshttp://blogs.msdn.com/sdl/archive/2008/12/18/ms08-078-and-the-sdl.aspx#9245573Sun, 21 Dec 2008 18:56:35 GMT91d46819-8472-40ad-a661-2c78acb4018c:9245573Now its Firefox&#8217;s and Opera&#8217;s turn (Updated) &laquo; InfoSec Philippines<p>PingBack from <a rel="nofollow" target="_new" href="http://infosecphils.wordpress.com/2008/12/19/now-its-firefoxs-and-operas-turn/">http://infosecphils.wordpress.com/2008/12/19/now-its-firefoxs-and-operas-turn/</a></p> Microsoft explains how it missed critical IE bughttp://blogs.msdn.com/sdl/archive/2008/12/18/ms08-078-and-the-sdl.aspx#9247963Mon, 22 Dec 2008 22:55:21 GMT91d46819-8472-40ad-a661-2c78acb4018c:9247963infoworld.com<p>Microsoft Corp.&amp;#39;s developers missed a critical bug in Internet Explorer because they weren&amp;#39;t</p> Ejemplo Practico – Cuando los testers no están capacitados… o al menos no lo suficientehttp://blogs.msdn.com/sdl/archive/2008/12/18/ms08-078-and-the-sdl.aspx#9251879Wed, 24 Dec 2008 18:25:11 GMT91d46819-8472-40ad-a661-2c78acb4018c:9251879El Ddaz<p>Este post esta adelantado a su tiempo&amp;#160; - porque tenia que salir antes otro post - , pero la situaci&#243;n</p> re: MS08-078 and the SDLhttp://blogs.msdn.com/sdl/archive/2008/12/18/ms08-078-and-the-sdl.aspx#9252799Fri, 26 Dec 2008 02:24:58 GMT91d46819-8472-40ad-a661-2c78acb4018c:9252799Kieran Tully<p>&quot;The fix was to check the maximum iteration count on each loop iteration rather than once before the loop&quot;</p> <p>But does this actually fix the issue or just reduce the time window in which it can be exploited? Surely the correct fix is to make the check and action atomic with respect to the array?</p> re: MS08-078 and the SDLhttp://blogs.msdn.com/sdl/archive/2008/12/18/ms08-078-and-the-sdl.aspx#9253859Sat, 27 Dec 2008 00:04:57 GMT91d46819-8472-40ad-a661-2c78acb4018c:9253859Kieran Tully<p>Actually looking again the fix is fine; I thought the array update was happening in another thread.</p> <p>Though surely Size() is 2 at the start, so MaxIdx is 1?</p> MSDN FLASH IRELAND - INTERNATIONAL RESOURCES - 15 JANUARY 2009http://blogs.msdn.com/sdl/archive/2008/12/18/ms08-078-and-the-sdl.aspx#9320796Thu, 15 Jan 2009 16:21:12 GMT91d46819-8472-40ad-a661-2c78acb4018c:9320796Microsoft Ireland Blog<p>a {color : #0033CC;} a:link {color: #0033CC;} a:visited.local {color: #0033CC;} a:visited {color : #800080;}</p> One Tool Does not Rule them Allhttp://blogs.msdn.com/sdl/archive/2008/12/18/ms08-078-and-the-sdl.aspx#9415935Fri, 13 Feb 2009 00:44:08 GMT91d46819-8472-40ad-a661-2c78acb4018c:9415935The Security Development Lifecycle<p>Hello, Michael here... Over the last couple of years, I've released information about various Microsoft</p> re: MS08-078 and the SDLhttp://blogs.msdn.com/sdl/archive/2008/12/18/ms08-078-and-the-sdl.aspx#9471519Thu, 12 Mar 2009 13:06:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:9471519Tanveer Badar<p>I agree with Kieran on this, moving the check closer will only shorten the time window but not prevent the exploit form happening.</p> <p>Another correct fix, in addition to what Kieran suggested, would be to make a copy of array and act on it. I believe that's how CreateFile works, where it makes a copy of file name parameter before doing anything with it.</p>