Truth but defeated ! Microsoft has built clickjack protection in its new browser IE8 Security patches are about to be released and are under development for IE8 Statistics speaks IE8 will be the target.But Microsoft should overcome the upgraded codes for this security vulneribility in near future. PS: Post the same under suggestions for Microsoft.

JWL wrote: Error: 80072EFD = ERROR_INTERNET_CANNOT_CONNECT Translation: Cannot connect to the Internet server There’s a possibility that either a 3rd party firewall, anti-spyware program, web accelerator, Internet security/antivirus program and/or a proxy server is interfering with the Windows Update Services (SVCHOST) accessing

Acresso has published a fix for a security issue in FLEXnet Connect (previously called InstallShield Update Service) that was reported in September 2008. The problem was that FLEXnet connect used an unauthenticated HTTP connection to download and execute scripts from the update server.

Severity Rating: Critical - Revision Note: V1.1 (February 16, 2009): Added a link to Microsoft Knowledge Base Article 961260 under Known Issues in the Executive Summary.Summary: This security update resolves two privately reported vulnerabilities. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Severity Rating: Critical - Revision Note: V2.0 (February 16, 2009): Added the Microsoft Exchange Server MAPI Client as affected software. Also, added several entries to the section, Frequently Asked Questions (FAQ) Related to This Security Update, relating to updating the MAPI Client and the Exchange System Management tools

Microsoft and other security firms are warning that IE could be soon exploited based on reserved engineering techniques used by malware writers.  It’s important to apply these security updates expediently to ensure protection . Microsoft Security Updates - February 2009 http://www.microsoft.com/technet/security/bulletin/ms09-Feb.mspx http://isc.sans.org/diary.html?storyid=5836 http://www.f-secure.com/weblog/archives/00001604.html   Microsoft have released details of this month’s patches as part of February “Patch Tuesday”. The 4 patches that have been released are as follows: Critical: MS09-002 - Cumulative Security Update for Internet Explorer (961260) Affects: Internet Explorer 7 Link: http://www.microsoft.com/technet/security/Bulletin/MS09-002.mspx MS09-003 - Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (959239) Affects: Microsoft Exchange Server 2000/2003/2007 Link: http://www.microsoft.com/technet/security/Bulletin/MS09-003.mspx Important: MS09-004 - Vulnerability in Microsoft SQL Server Could Allow Remote Code Execution (959420) Affects: SQL Server 2000/2005 (Inc Desktop/Express Editions) Link: http://www.microsoft.com/technet/security/bulletin/ms09-004.mspx MS09-005 - Vulnerabilities in Microsoft Office Visio Could Allow Remote Code Execution (957634) Affects: Visio 2002/2003/2007 Link: http://www.microsoft.com/technet/security/bulletin/MS09-005.mspx

… MS09-002 - Cumulative Security Update for Internet Explorer (961260) MS09-0 ..

Issued: February 11, 2009 Summary The following bulletins have undergone a minor revision increment. Please see the appropriate bulletin for more details.

I just saw that the folks over on the MSRC blog just posted the info for the February security bulleting release.

I just saw that the folks over on the MSRC blog just posted the info for the February security bulleting release.

When I do analysis and reports on Microsoft products, I typically look for where the Security Development Lifecycle (SDL) has helped to provide improvement and provide some stats on that.  This year, I decided to try and do this monthly to make it easier for me that when I do it all at once. Once I started doing it, I realized that it might be interesting to share it.  This is my first draft, so format may evolve over time.  I hope you find this information useful. First, here is a summary of the 3 vulnerabilities addressed in January, which were addressed in a single update (MS09-001)

Microsoft Security Bulletin MS09-004 – Important.