swiat | Microsoft Security Response Center

Assessing risk for the June 2012 security updates

Tuesday, June 12, 2012

Today we released seven security bulletins. Three have a maximum severity rating of Critical and the other four have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack vector Max Bulletin Severity Max Exploit-ability Index Likely first 30 days impact Platform mitigations and key notes MS12-037(Internet Explorer) Victim browses to a malicious webpage.

Flame malware collision attack explained

Wednesday, June 06, 2012

Since our last MSRC blog post, we’ve received questions on the nature of the cryptographic attack we saw in the complex, targeted malware known as Flame. This blog summarizes what our research revealed and why we made the decision to release Security Advisory 2718704 on Sunday night PDT. In short, by default the attacker’s certificate would not work on Windows Vista or more recent versions of Windows.

Malware
PKI

Microsoft certification authority signing certificates added to the Untrusted Certificate Store

Sunday, June 03, 2012

Today, we released Security Advisory 2718704, notifying customers that unauthorized digital certificates have been found that chain up to a Microsoft sub-certification authority issued under the Microsoft Root Authority. With this blog post, we’d like to dig into more technical aspects of this situation, potential risks to your enterprise, and actions you can take to protect yourself against any potential attacks that would leverage unauthorized certificates signed by Microsoft.

Malware
PKI

Introducing EMET v3

Tuesday, May 15, 2012

We are pleased to announce the release of a new version of our Enhanced Mitigation Experience Toolkit (EMET) - EMET 3.0. EMET it is a free utility that helps prevent vulnerabilities in software from being successfully exploited for code execution. It does so by opt-ing in software to the latest security mitigation technologies.

MS12-034: Duqu, ten CVE's, and removing keyboard layout file attack surface

Tuesday, May 08, 2012

There are several interesting “stories” to tell about security update MS12-034: Addressing the Duqu vulnerability again? Why so many affected products? Keyboard layout behavior introduced with Windows Vista conditionally applied down-level Addressing the Duqu vulnerability again? Five months ago, we released security update MS11-087 to address CVE-2011-3402, a vulnerability that was being exploited by the Duqu malware to execute arbitrary code when a user opened a malicious Office document.

Assessing risk for the April 2012 security updates

Tuesday, April 10, 2012

Today we released 6 security bulletins. Four have a maximum severity rating of Critical with the other two addressing Important class vulnerabilities. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack vector Max Bulletin Severity Max Exploit-ability Rating Likely first 30 days impact Platform mitigations and key notes MS12-027(Windows Common Controls) Attackers have leveraged this vulnerability in limited, targeted attacks by emailing malicious RTF file to victims.

MS12-025 and XBAP: No longer a driveby threat

Tuesday, April 10, 2012

One of the security bulletins released today, MS12-025, addresses a code execution vulnerability in the .NET Framework. To exploit the vulnerability, an attacker would build a malicious XBAP application and lure victims to a malicious website serving the XBAP. The good news is that a zero-click “driveby” style attack is no longer possible from the Internet on workstations where MS11-044 (published June 2011) has been installed.

MS12-027: Enhanced protections regarding ActiveX controls in Microsoft Office documents

Tuesday, April 10, 2012

Security Update MS12-027 addresses a code execution vulnerability in MSCOMCTL.OCX, the Windows Common Controls ActiveX control. By default, this component is included with all 32-bit versions of Microsoft Office. We’d like to cover the following topics in this blog post: Limited, targeted attacks leveraging this vulnerability Mitigations in recent versions of Office to reduce the risk Extra protections to block all or specific ActiveX controls in Office documents The new Office 2010 kill bit feature Limited, targeted attacks leveraging this vulnerability

CVE-2012-0002: A closer look at MS12-020's critical issue

Tuesday, March 13, 2012

Security Update MS12-020 addresses two vulnerabilities in Microsoft’s implementation of the Remote Desktop Protocol (RDP). One of the two, CVE-2012-0002, is a Critical, remote code execution vulnerability affecting all versions of Windows. This blog post shares additional information with the following goals: To strongly encourage you to make a special priority of applying this particular update; To give you an option to harden your environment until the update can be applied.

Assessing risk for the February 2012 security updates

Tuesday, February 14, 2012

Today we released nine security bulletins. Four have a maximum severity rating of Critical with the other five having a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack vector Max Bulletin Severity Max Exploit-ability Likely first 30 days impact Platform mitigations and key notes MS12-010(Internet Explorer) Victim browses to a malicious website.