Security Research & Defense | Microsoft Security Response Center

MS11-056: Vulnerabilities in the Client/Server Runtime Subsystem and Console Host

Tuesday, July 12, 2011

Today we released security update MS11-056 to address vulnerabilities in the Windows Client/Server Runtime Subsystem (CSRSS) and Console Host (conhost.exe). We also closed an internally found elevation of privilege attack vector on Windows 7 and Windows Server 2008 R2, significantly reducing the opportunity for any console issues discovered in the future to result in elevation of privilege on those platforms.

Attack Surface Reduction

WebGL Considered Harmful

Thursday, June 16, 2011

The Khronos Group’s WebGL technology is a cross-platform, low-level 3D graphics API for the web. Recently, Context Information Security published two reports critical of the WebGL technology, WebGL – A New Dimension for Browser Exploitation and WebGL – More WebGL Security Flaws. One of the functions of MSRC Engineering is to analyze various technologies in order to understand how they can potentially affect Microsoft products and customers.

Assessing the risk of the June security updates

Tuesday, June 14, 2011

Today we released 16 security bulletins. Nine have a maximum severity rating of Critical and seven have a maximum severity rating of Important. This release addresses several publicly disclosed vulnerabilities. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack vector Max Bulletin Severity Max Exploit-ability rating Likely first 30 days impact Platform mitigations and key notes MS11-050(IE) Victim browses to a malicious webpage.

MS11-044: JIT compiler issue in .NET Framework

Tuesday, June 14, 2011

Today we have released MS11-044 to address CVE-2011-1271, a remote code execution vulnerability in the .NET framework. Here we would like to provide more technical information about this vulnerability and why we believe this issue to be unlikely to be exploited. This root cause of CVE-2011-1271 is that there was a bug in the JIT compiler which would cause it to mistakenly determine that a given object is always null (or non-null) and would omit certain checks.

MS11-050: IE9 is better

Tuesday, June 14, 2011

Today, we released MS11-050, a cumulative security update for Internet Explorer to address several vulnerabilities in IE9. The following table lists the CVEs included in MS11-050, and whether each affects IE8 or IE9. CVE Rating IE8 IE9 CVE-2011-1246 Moderate Yes No CVE-2011-1258 Moderate Yes No CVE-2011-1252 Important Yes No CVE-2011-1256 Important Yes No CVE-2011-1255 Critical Yes No CVE-2011-1254 Critical Yes No CVE-2011-1251 Critical Yes No CVE-2011-1250 Critical Yes Yes CVE-2011-1260 Critical Yes Yes CVE-2011-1261 Critical Yes Yes CVE-2011-1262 Critical Yes Yes As shown above, only a minor fraction of vulnerabilities affecting IE8 (and earlier versions of the browser) would still affect IE9.

New version of EMET is now available

Wednesday, May 18, 2011

Today we are pleased to announce a new version of the Enhanced Mitigation Experience Toolkit (EMET) with brand new features and mitigations. Users can click here to download the tool free of charge. The Enhanced Mitigation Experience Toolkit enables and implements different techniques to make successful attacks on your system more difficult.

Assessing the risk of the April security updates

Tuesday, April 12, 2011

Today we released 17 security bulletins. Nine have a maximum severity rating of Critical and eight have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack vector Max Bulletin Severity Max Exploit-ability Index Likely first 30 days impact Platform mitigations and key notes MS11-018(IE) Victim browses to a malicious webpage.

MS11-018 addresses the IE8 pwn2own vulnerability

Tuesday, April 12, 2011

Today Microsoft released MS11-018 addressing one of the three vulnerabilities that were used to win the Pwn2Own contest last month at CanSecWest 2011. It took three vulnerabilities to successfully compromise IE8 and meet all the requirements of the organizers. The vulnerability we are fixing today, a use-after-free which does not affect IE9, was the primary vulnerability used to gain code execution.

MS11-019 and MS11-020: April SMB Updates

Tuesday, April 12, 2011

This month we released updates for the SMB client and server components (MS11-019 and MS11-020 respectively). These bulletins address three externally-reported issues, but also include fixes for several issues that Microsoft identified internally. This blog post provides background on these issues and the work done internally at Microsoft to improve SMB security.

MS11-034: Addressing vulnerabilities in the win32k subsystem

Tuesday, April 12, 2011

Today we released security bulletin MS11-034 to address vulnerabilities in the win32k subsystem. This update addresses externally reported issues as well as several internally found vulnerabilities that were discovered as part of our variant investigation. The bulletin may appear to address an alarmingly large number of issues. However, if you dig into the issues themselves, you’ll find that the 30 vulnerabilities addressed in this update really just share three separate vulnerability root causes: insufficient validation or locking of win32k objects after a user-mode callback.