Monday, August 20, 2012
Today, we published Security Advisory 2743314, which provides guidance that will help protect customers from a technique that could allow a man-in-the middle attack to obtain a user’s domain credentials when VPN is configured to use PPTP and MSCHAPv2. Customers concerned with this scenario are advised to review the guidance described in the advisory to help protect themselves.
Monday, August 20, 2012
MS-CHAP is the Microsoft version of the Challenge-Handshake Authentication Protocol and is described in RFC2759. A recent presentation by Moxie Marlinspike [1] has revealed a breakthrough which reduces the security of MS-CHAPv2 to a single DES encryption (2^56) regardless of the password length. Today, we published Security Advisory 2743314 with recommendations to mitigate the effects of this issue.
Monday, August 20, 2012
2012 年 8 月 21 日、セキュリティ アドバイザリ 2743314 カプセル化されていない MS-CHAP v2 認証により、情報漏えいが起こる を公
Friday, August 17, 2012
Hello. Today we’re publishing the August 2012 Security Bulletin Webcast Questions & Answers page. During the webcast, we fielded twelve questions focusing primarily on MS12-060 covering Windows Common Controls, MS12-052 regarding Internet Explorer, and Security Advisory 2661254 addressing trust certificates with RSA keys less than 1024 bit key lengths. Three additional questions were answered after the webcast.
Tuesday, August 14, 2012
皆さん、こんにちは! 先ほど 8 月のマイクロソフト ワンポイント セキュリティ情報を公開しました。 本日 8 月 15
Tuesday, August 14, 2012
Today we released nine security bulletins addressing 26 CVE’s (13 Microsoft and 13 Oracle CVE’s). Five of the bulletins have a maximum severity rating of Critical and the other four have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment.
Tuesday, August 14, 2012
Security Advisory 2661254 - Update For Minimum Certificate Key Length Before we get into the details of this month’s bulletin release, let’s take a look at an important change on how Windows deals with certificates that have RSA keys of less than 1024 bits in length. We’ve been talking about this subject since June, and today we are announcing the availability of an update to Windows that restricts the use of certificates with RSA keys less than 1024 bits in length with Security Advisory 2661254.
Tuesday, August 14, 2012
We released security update MS12-054 to address four privately reported issues in Windows networking components failing to properly handle malformed Remote Administration Protocol (RAP) responses. The most severe of these issues, CVE-2012-1851, is a format string vulnerability in the printer spooler service while handling a response message and is a wormable-class vulnerability on Windows XP and Windows Server 2003.
Tuesday, August 14, 2012
Today we released MS12-060, addressing a potential remote code execution vulnerability in MSCOMCTL.OCX, the binary included with a number of Microsoft products to provide a set of common ActiveX controls. Limited, targeted attacks exploiting CVE-2012-1856 MS12-060 is on the list of high priority updates for this month for two reasons: we are aware of very limited, targeted attacks taking advantage of CVE-2012-1856 and we expect to see new attacks taking advantage of this vulnerability in days ahead.
Monday, August 13, 2012
以前より本ブログでもご案内していました証明書の鍵長に関する更新を、本日、セキュリティ アドバイザリ 2661254 と
