Security Research & Defense

CVE-2012-0002: A closer look at MS12-020's critical issue

Tuesday, March 13, 2012

Security Update MS12-020 addresses two vulnerabilities in Microsoft’s implementation of the Remote Desktop Protocol (RDP). One of the two, CVE-2012-0002, is a Critical, remote code execution vulnerability affecting all versions of Windows. This blog post shares additional information with the following goals: To strongly encourage you to make a special priority of applying this particular update; To give you an option to harden your environment until the update can be applied.

• Mitigations
• Network protocol
• Workarounds

Assessing risk for the February 2012 security updates

Tuesday, February 14, 2012

Today we released nine security bulletins. Four have a maximum severity rating of Critical with the other five having a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack vector Max Bulletin Severity Max Exploit-ability Likely first 30 days impact Platform mitigations and key notes MS12-010(Internet Explorer) Victim browses to a malicious website.

• Attack Vector
• Exploitability
• Mitigations
• Rating
• Risk Asessment

MS12-013: More information about the msvcrt.dll issue

Tuesday, February 14, 2012

Today we are shipping a security update to address a Critical-class memory corruption vulnerability in the Microsoft C Run-Time Library (msvcrt.dll) shipped with Windows. We have issued the bulletin with Critical severity because attackers could potentially trigger the vulnerability by luring a victim into browsing to a malicious webpage that launches Windows Media Player, or by opening a malicious file with Windows Media Player.

MS12-014: Indeo, a blast from the past

Tuesday, February 14, 2012

Today, we shipped security update MS12-014 to address an issue in the Indeo codec. With this blog post, we hope to preemptively answer some common questions that are likely to surface as researchers analyze this security update. Indeo: Blast from the Past Indeo is a video codec that was first developed in 1992, long before some of you reading this blog post were born.

• Attack Vector

Assessing risk for the January 2012 security updates

Tuesday, January 10, 2012

Today we released seven security bulletins. One has a maximum severity rating of Critical with the other six having a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack vector Max Bulletin Severity Max Exploit-ability rating Likely first 30 days impact Platform mitigations and key notes MS12-004(Windows Media) Victim browses to a malicious website or opens a malicious media file.

• Attack Vector
• Exploitability
• Rating
• Risk Asessment

More information on MS12-004

Tuesday, January 10, 2012

This month we released MS12-004 to address CVE-2012-0003 and CVE-2012-0004. CVE-2012-0003 The most severe of these vulnerabilities is CVE-2012-0003 which is a Critical, Remote Code Execution vulnerability. This CVE affects all editions of Windows XP, Windows Server 2003, Windows Vista and Windows Server 2008. Windows 7 is not affected by this vulnerability.

• Rating
• Windows Media components
• Workarounds

More information on the impact of MS12-001

Tuesday, January 10, 2012

Today we released MS12-001, which addresses an issue that can enable an attacker to bypass a defense in depth feature known as SafeSEH. This bypass is limited in scope to applications that make use of binaries that were built with Microsoft Visual C++ .NET 2003 RTM. Binaries that have been built with Microsoft Visual C++ .

• Defense-in-depth
• Mitigations

ASP.NET security update is live!

Thursday, December 29, 2011

Today we released MS11-100, addressing a newly disclosed denial-of-service vulnerability affecting several vendors’ Web application platforms, including Microsoft’s ASP.NET. Yesterday, we posted an SRD blog describing the vulnerability and the detection and workaround opportunities. With this blog post, we’d like to update you on the following topics: Why is this bulletin rated “Critical” for a Denial-of-Service vulnerability?

• .NET Framework
• Detection
• Rating
• Security Bulletin

More information about the December 2011 ASP.Net vulnerability

Tuesday, December 27, 2011

Today, we released Security Advisory 2659883 alerting customers to a newly disclosed denial-of-service vulnerability affecting several vendors’ web application platforms, including Microsoft’s ASP.NET. This blog post will cover the following: Impact of the vulnerability How to know if your configuration is vulnerable to denial-of-service How to detect the vulnerability being exploited at network layer How to detect the vulnerability being exploited on the server Background on the workaround to protect your website Impact of the vulnerability

• .NET Framework
• Detection
• Network protocol
• Workarounds

Assessing the risk of the December 2011 security updates

Tuesday, December 13, 2011

Today we released thirteen security bulletins. Three have a maximum severity rating of Critical with the other ten having a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack vector Max Bulletin Severity Max Exploit-Ability Index Likely first 30 days impact Platform mitigations and key notes MS11-087 (TTF Font parsing) Victim opens a malicious Office document or browses to a malicious website.

• Attack Vector
• Exploitability
• Risk Asessment