Microsoft’s Web site, which is full of great information, is an unusually large fire hose to drink from. However, today Dr. Johannes Ullrich at SANS pointed out one great, tightly focused piece on Microsoft’s “Security Research & Defense” TechNet blog: a chart breaking down the top outstanding security issues with Microsoft’s products. It also lists workarounds:
Issues addressed are:
–Internet Explorer 6/7/8 vulnerability in recursive style sheet importing. (CVE-2010-3971)
— Windows graphics rendering engine vulnerability in parsing BMP thumbnails embedded within an OLESS document container. (CVE-2010-3970)
— IIS 7.0 and 7.5 FTP service vulnerability in encoding Telnet IAC (Interpret As Command) characters in the FTP response.
— Internet Explorer fuzzer released publicly capable of hitting Internet Explorer crashes
— WMI Administrative Tools ActiveX control vulnerability.
Thank you Jonathan Ness of MSRC Engineering for being so concise.