swiat

MS12-054: Not all remote, pre-auth vulnerabilities are equally appetizing for worms..

Tuesday, August 14, 2012

We released security update MS12-054 to address four privately reported issues in Windows networking components failing to properly handle malformed Remote Administration Protocol (RAP) responses. The most severe of these issues, CVE-2012-1851, is a format string vulnerability in the printer spooler service while handling a response message and is a wormable-class vulnerability on Windows XP and Windows Server 2003.

Read More

• Attack Vector
• Network
• Network protocol
• Rating
• Risk Asessment

MS12-060: Addressing a vulnerability in MSCOMCTL.OCX's TabStrip control

Tuesday, August 14, 2012

Today we released MS12-060, addressing a potential remote code execution vulnerability in MSCOMCTL.OCX, the binary included with a number of Microsoft products to provide a set of common ActiveX controls. Limited, targeted attacks exploiting CVE-2012-1856 MS12-060 is on the list of high priority updates for this month for two reasons: we are aware of very limited, targeted attacks taking advantage of CVE-2012-1856 and we expect to see new attacks taking advantage of this vulnerability in days ahead.

Read More

• Attack
• Classid
• Clsid
• Defense-in-depth
• EMET
• Mitigations

Announcing the availability of ModSecurity extension for IIS

Thursday, July 26, 2012

Vulnerabilities in on-line services, like cross-site scripting, cross-site request forgery, or even information disclosure, are important areas of focus for the Microsoft Security Response Center (MSRC). Over the last few years Microsoft has developed a number of tools capable of mitigating selected web specific vulnerabilities (for example, UrlScan). To help on this front we have participated in a community effort to bring the popular open source module ModSecurity to the IIS platform.

Read More

• IIS
• ModSecurity
• Workarounds

Technical Analysis of the Top BlueHat Prize Submissions

Thursday, July 26, 2012

Now that we have announced the winners of the first BlueHat Prize competition, we wanted to provide some technical details on the top entries and explain how we evaluated their submissions. Speaking on behalf of the judges, it was great to see people thinking creatively about defensive solutions to important security problems!

Read More

• Exploitation
• Mitigations
• Security Science

EMET 3.5 Tech Preview leverages security mitigations from the BlueHat Prize

Tuesday, July 24, 2012

Last year at Black Hat Las Vegas, we announced the BlueHat Prize contest – a large cash prize awarded for defensive security research. One month ago, we announced the names of three finalists. On Thursday night shortly after 10 PM, at the Microsoft Researcher Appreciation Party, we will unveil which finalist won which prize – the grand prize of $200,000 USD, the second prize of $50,000 USD, and the third prize of an MSDN subscription, valued at $10,000 USD.

Read More

• EMET
• Mitigations
• ROP

More information on Security Advisory 2737111

Tuesday, July 24, 2012

Today we released Security Advisory 2737111 to describe the way in which vulnerabilities in Oracle’s Outside In technology impact the document preview functionality of Microsoft Exchange Server 2007 and 2010 and FAST Search Server 2010 for SharePoint. In this blog, we would like to discuss the following: What is the Oracle Outside In technology?

Read More

• Mitigations
• Risk Asessment
• SharePoint
• Workarounds

Assessing risk for the July 2012 security updates

Tuesday, July 10, 2012

Today we released nine security bulletins addressing 16 CVE’s. Three of the bulletins have a maximum severity rating of Critical and the other six have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack vector Max Bulletin Severity Max Exploit-ability Likely first 30 days impact Platform mitigations and key notes MS12-043(MSXML) Victim browses to a malicious webpage.

Read More

• Attack Vector
• Risk Asessment

Microsoft's continuing work on digital certificates

Tuesday, July 10, 2012

Over the past several months, Microsoft has made changes both to our own internal PKI practices and to the Windows Update channel (client-side and server-side) PKI handling. You’ve likely already read about those changes on the MSRC blog, the Microsoft Update blog, and in the associated KB articles (949104, 2720211).

Read More

• Defense-in-depth
• PKI

MSXML - 5 steps to stay protected

Tuesday, July 10, 2012

Today Microsoft provided nine bulletin updates, as described in July’s Security Bulletin Summary. This post is going to focus on the first of the issues described in the above summary - Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution. Step 1 – Be informed MS12-043 describes the security update that resolves a publicly disclosed vulnerability in Microsoft XML Core Services.

Read More

• EMET
• FixIt
• MS12-043
• MSXML
• MSXML5

MSXML: Fix it before fixing it

Wednesday, June 13, 2012

Yesterday, Microsoft has released Security Advisory 2719615, associated to a vulnerability in Microsoft XML Core Services. We want to share more details about the issue and explain the additional workarounds available to help you protect your computers. Information about the vulnerability A vulnerability exists in Microsoft XML Core Services 3.0, 4.

Read More

• EMET
• FixIt
• MSXML