Skip to main content
MSRC

Month Archives: April 2013

Defending Websites from XSS attacks with ModSecurity 2.7.3 and OWASP Core Rule Set 2.2.7

Sunday, April 28, 2013

Even though cross-site scripting vulnerabilities have a 15-year history, they remain a big problem in the web security space. According to our research, there are hundreds of new issues discovered each month, and at least a few of them are being used in high-severity attacks. The general problem of cross-site scripting has no easy solution.

New update available for MS13-036

Tuesday, April 23, 2013

Portuguese (Brazil), Русский Today we released a new update to replace KB2823324, which was originally made available through MS13-036. As we previously discussed, we stopped distributing this update when we learned some customers were having issues. The new update, KB2840149, still addresses the Moderate security issue described in MS13-036, and should not cause these issues.

Introducing EMET v4 Beta

Thursday, April 18, 2013

Great news! Today we are proud to announce a beta release of the next version of the Enhanced Mitigation Experience Toolkit (EMET) – EMET 4.0. Download it here: http://www.microsoft.com/en-us/download/details.aspx?id=38761 EMET is a free utility that helps prevent memory corruption vulnerabilities in software from being successfully exploited for code execution. It does so by opt-ing in software to the latest security mitigation techniques.

April 2013 Security Bulletin Webcast, Q&A, and Slide Deck

Tuesday, April 16, 2013

Today we’re publishing the April 2013 Security Bulletin Webcast Questions & Answers page. We fielded nine questions during the webcast, with almost half of those focused on the Remote Desktop Client bulletin (MS13-024). One question that was not answered on air has been included on the Q&A page. We invite our customers to join us for the next public webcast on Wednesday, May 15, 2013, at 11 a.

KB2839011 Released to Address Security Bulletin Update Issue

Thursday, April 11, 2013

Portuguese (Brazil), Русский We are aware that some of our customers may be experiencing difficulties after applying security update 2823324, which we provided in security bulletin MS13-036 on Tuesday, April 9. We’ve determined that the update, when paired with certain third-party software, can cause system errors. As a precaution, we stopped pushing 2823324 as an update when we began investigating the error reports, and have since removed it from the download center.