« Testing RESTful Services with AppScan Standard | Main | Handling Complex Scenarios with AppScan's Custom Parameters »

January 19, 2012

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d835130c5153ef0168e5c92ecf970c

Listed below are links to weblogs that reference Microsoft Anti-XSS Library Bypass (MS12-007):

Comments

Dotnetchris

The blog post seems more to be about spreading FUD about Microsoft than actually addressing the issue. You blog about a known security flaw, that has already been patched nearly 2 weeks ago.

http://technet.microsoft.com/en-us/security/bulletin/ms12-007

Microsoft has clearly already published this issue along with the 4.2 version of Anti-XSS that closes this security vulnerability.

Where is your link to the fix?

AppSecInsider

@Dotnetchris - have you bothered to look in the "Acknowledgments" section of the Microsoft security bulletin? It was *our team* that disclosed this to Microsoft. We then waited for Microsoft to patch this issue, and only then published the full details of the issue. That's called responsible disclosure. There's no FUD here, just technical details.

The comments to this entry are closed.

Follow us on Twitter

AppScan Free Trial


Try IBM Security AppScan software at no charge.

Become a Fan