swiat

Assessing the risk of the June security updates

Tuesday, June 14, 2011

Today we released 16 security bulletins. Nine have a maximum severity rating of Critical and seven have a maximum severity rating of Important. This release addresses several publicly disclosed vulnerabilities. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack vector Max Bulletin Severity Max Exploit-ability rating Likely first 30 days impact Platform mitigations and key notes MS11-050(IE) Victim browses to a malicious webpage.

Read More

• .NET Framework
• Attack Vector
• Exploitability
• IE
• Internet Explorer (IE)
• Rating
• Risk Asessment
• SMB

MS11-044: JIT compiler issue in .NET Framework

Tuesday, June 14, 2011

Today we have released MS11-044 to address CVE-2011-1271, a remote code execution vulnerability in the .NET framework. Here we would like to provide more technical information about this vulnerability and why we believe this issue to be unlikely to be exploited. This root cause of CVE-2011-1271 is that there was a bug in the JIT compiler which would cause it to mistakenly determine that a given object is always null (or non-null) and would omit certain checks.

Read More

• .NET Framework
• Attack Vector

MS11-050: IE9 is better

Tuesday, June 14, 2011

Today, we released MS11-050, a cumulative security update for Internet Explorer to address several vulnerabilities in IE9. The following table lists the CVEs included in MS11-050, and whether each affects IE8 or IE9. CVE Rating IE8 IE9 CVE-2011-1246 Moderate Yes No CVE-2011-1258 Moderate Yes No CVE-2011-1252 Important Yes No CVE-2011-1256 Important Yes No CVE-2011-1255 Critical Yes No CVE-2011-1254 Critical Yes No CVE-2011-1251 Critical Yes No CVE-2011-1250 Critical Yes Yes CVE-2011-1260 Critical Yes Yes CVE-2011-1261 Critical Yes Yes CVE-2011-1262 Critical Yes Yes As shown above, only a minor fraction of vulnerabilities affecting IE8 (and earlier versions of the browser) would still affect IE9.

Read More

• Attack Surface Reduction
• Defense-in-depth
• Internet Explorer (IE)

New version of EMET is now available

Wednesday, May 18, 2011

Today we are pleased to announce a new version of the Enhanced Mitigation Experience Toolkit (EMET) with brand new features and mitigations. Users can click here to download the tool free of charge. The Enhanced Mitigation Experience Toolkit enables and implements different techniques to make successful attacks on your system more difficult.

Read More

• Defense-in-depth
• EMET
• Exploitation
• Mitigations
• Security Tools
• Zero-Day Exploit

Assessing the risk of the April security updates

Tuesday, April 12, 2011

Today we released 17 security bulletins. Nine have a maximum severity rating of Critical and eight have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack vector Max Bulletin Severity Max Exploit-ability Index Likely first 30 days impact Platform mitigations and key notes MS11-018(IE) Victim browses to a malicious webpage.

Read More

• Mitigations
• Rating
• Risk Asessment

MS11-018 addresses the IE8 pwn2own vulnerability

Tuesday, April 12, 2011

Today Microsoft released MS11-018 addressing one of the three vulnerabilities that were used to win the Pwn2Own contest last month at CanSecWest 2011. It took three vulnerabilities to successfully compromise IE8 and meet all the requirements of the organizers. The vulnerability we are fixing today, a use-after-free which does not affect IE9, was the primary vulnerability used to gain code execution.

Read More

• CanSecWest
• Internet Explorer (IE)

MS11-019 and MS11-020: April SMB Updates

Tuesday, April 12, 2011

This month we released updates for the SMB client and server components (MS11-019 and MS11-020 respectively). These bulletins address three externally-reported issues, but also include fixes for several issues that Microsoft identified internally. This blog post provides background on these issues and the work done internally at Microsoft to improve SMB security.

Read More

• Network protocol
• SMB

MS11-034: Addressing vulnerabilities in the win32k subsystem

Tuesday, April 12, 2011

Today we released security bulletin MS11-034 to address vulnerabilities in the win32k subsystem. This update addresses externally reported issues as well as several internally found vulnerabilities that were discovered as part of our variant investigation. The bulletin may appear to address an alarmingly large number of issues. However, if you dig into the issues themselves, you’ll find that the 30 vulnerabilities addressed in this update really just share three separate vulnerability root causes: insufficient validation or locking of win32k objects after a user-mode callback.

Read More

• Exploitability
• Rating
• Win32k.sys

Blocking Exploit Attempts of the Recent Flash 0-Day

Thursday, March 17, 2011

We’ve recently become aware of a new exploit in the wild targeting a 0-day vulnerability in Adobe Flash Player. This exploit differs from the typical Flash Player attacks we’ve seen where a victim is lured into browsing to a website hosting malicious Flash content. Instead, these attacks involve a malicious Flash .

Read More

• Adobe
• EMET
• Flash Player
• Office 2010
• Protected View

Notes on exploitability of the recent Windows BROWSER protocol issue

Wednesday, February 16, 2011

Earlier this week a PoC exploit for a vulnerability in the BROWSER protocol was released on Full Disclosure. There has been some discussion regarding whether this issue can result in Remote Code Execution (RCE) or is only a Denial of Service (DoS). This blog post provides details on the exploitability based on our internal analysis.

Read More

• Attack Vector
• Exploitability
• Network protocol
• Risk Asessment
• SMB