Security Research & Defense

Assessing the risk of the December security updates

Tuesday, December 14, 2010

Today we released seventeen security bulletins. Two have a maximum severity rating of Critical, fourteen have a maximum severity rating of Important, and one has a maximum severity rating of Moderate. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack vector Max Bulletin Severity Max Exploit-ability Likely first 30 days impact Platform mitigations and key notes MS10-090(IE) Victim browses to a malicious webpage.

• Priority
• Risk Asessment

MS10-104: SharePoint 2007 Vulnerability

Tuesday, December 14, 2010

Today we released MS10-104 to address vulnerability CVE-2010-3964 in SharePoint 2007 server with an important severity rating. In this blog, we would like to cover some additional details of this vulnerability. Is my SharePoint server affected by this vulnerability? There are two types of installations for a SharePoint server: standalone and farm.

• Mitigation
• SharePoint

MS10-105: Image Filters Update

Tuesday, December 14, 2010

This month we shipped a security update and bulletin (ms10-105) to address vulnerabilities in the .cgm, .tif, .fpx, and .pct image filters. These filters are shipped with Microsoft Office to extend image rendering for applications. Neither Office 2010 nor Office 2007 use filters to perform rendering by default. Both use GDI+ instead.

• Image Filters
• Office
• Registry

On the effectiveness of DEP and ASLR

Wednesday, December 08, 2010

DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomization) have proven themselves to be important and effective countermeasures against the types of exploits that we see in the wild today. Of course, any useful mitigation technology will attract scrutiny, and over the past year there has been an increasing amount of research and discussion on the subject of bypassing DEP and ASLR [1,2].

• Defense-in-depth
• DEP
• EMET
• Exploitability
• Exploitation
• Mitigations
• Security Science

Updated EMET Version 2.0.0.3 Released

Wednesday, November 17, 2010

It’s recently come to our attention that some Enhanced Mitigation Experience Toolkit (EMET) v2.0 users may have potential issues with the update functionality of specific applications from Adobe and Google. As a result, today we released a new version of EMET that will help ensure these updaters work as expected when EMET is in place for added protection.

• EMET

DEP, EMET protect against attacks on the latest Internet Explorer vulnerability

Wednesday, November 03, 2010

Today we released Security Advisory 2458511notifying customers of limited attacks leveraging an Internet Explorer vulnerability. The beta version of Internet Explorer 9 is not affected while Internet Explorer 6, 7, and 8 are affected. So far the attacks we have seen only target Internet Explorer versions 6 and 7 on Windows XP.

• DEP
• EMET
• Exploitability
• Internet Explorer (IE)
• Mitigations
• Workarounds

Assessing the risk of the October security updates

Tuesday, October 12, 2010

Today we released sixteen security bulletins. Four have a maximum severity rating of Critical, ten have a maximum severity rating of Important, and two have a maximum severity rating of Moderate. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack vector Max Bulletin Severity Max exploit-ability Likely first 30 days impact Platform mitigations and key notes MS10-071 (IE) Victim browses to a malicious webpage.

• Exploitability
• Mitigations
• Rating
• Risk Asessment

MS10-086: Disk Clustering Vulnerability

Tuesday, October 12, 2010

This morning we released security bulletin MS10-086 to address a vulnerability in Windows failover disk clustering. Exposure to this vulnerability will only occur if Failover Clustering is installed. Failover Clustering is supported on Windows Server 2008 R2 Enterprise, Windows Server 2008 R2 Datacenter, Windows Server 2008 R2 Hyper-V, and Windows Server 2008 R2 Storage Server editions.

• Disk Clustering
• Moderate

Note on Bulletin Severity for MS10-081 and MS10-074

Tuesday, October 12, 2010

Today we released MS10-081 (Important severity) and MS10-074 (Moderate severity), each providing an update for a single vulnerability. In this blog post we are going to cover some additional details on the severity of these vulnerabilities that may factor into how you prioritize the deployment of this month’s updates. Neither of the two vulnerabilities covered by MS10-081 and MS10-074 have attack vectors through Microsoft software.

• Rating

Additional Information about the ASP.NET Vulnerability

Monday, September 20, 2010

Over the past couple of days we’ve received some additional questions regarding the ASP.NET vulnerability. In this post we will answer some of the most common ones. Is My ASP.NET Site Affected By This Issue? Yes, all sites that use ASP.NET are affected by this vulnerability. You should follow the recommendations outlined in the advisory.