Skip to main content
MSRC

FixIt

Fix it tool available to block Internet Explorer attacks leveraging CVE-2014-0322

Wednesday, February 19, 2014

Today, we released Security Advisory 2934088 to provide guidance to customers concerned about a new vulnerability found in Internet Explorer versions 9 and 10. This vulnerability has been exploited in limited, targeted attacks against Internet Explorer 10 users browsing to www.vfw.org and www.gifas.asso.fr. We will cover the following topics in this blog post:

CVE-2013-3906: a graphics vulnerability exploited through Word documents

Tuesday, November 05, 2013

Recently we become aware of a vulnerability of a Microsoft graphics component that is actively exploited in targeted attacks using crafted Word documents sent by email. Today we are releasing Security Advisory 2896666 which includes a proactive Fix it workaround for blocking this attack while we are working on the final update.

MS13-080 addresses two vulnerabilities under limited, targeted attacks

Tuesday, October 08, 2013

Today we released MS13-080 which addresses nine CVEs in Internet Explorer. This bulletin fixes multiple security issues, including two critical vulnerabilities that haven been actively exploited in limited targeted attacks, which we will discuss in details in this blog entry. CVE-2013-3893: the final patch after Fix it workaround Previously, Microsoft released Security Advisory 2887505 and made available the Fix it workaround 51001 to provide earlier protection to all customers for an actively exploited security issue that was reported to us.

Java: A Fix it for when you cannot let go

Wednesday, May 29, 2013

There is much to say about the use of Java in both consumer and enterprise environments. Like any other platforms, it has both devoted supporters and fervent critics. But for most, Java is a requirement, a means to an end. In the past few years, Java as a platform has been the target of numerous malware attacks, which exploit a number of Java runtime vulnerabilities on the target machines.

Microsoft "Fix it" available for Internet Explorer 6, 7, and 8

Monday, December 31, 2012

This past weekend we have alerted you about a vulnerability present in Internet Explorer 6, 7, and 8 which has already been used in limited targeted attacks. Later versions of Internet Explorer (9 and 10) are not affected by this issue. As always, we recommend upgrading to the latest available. For those who are constrained to older versions, today we are providing a Microsoft “Fix it” solution designed to reduce the attack surface of this vulnerability.

More information on Security Advisory 2757760's Fix It

Wednesday, September 19, 2012

Today, we revised Security Advisory 2757760 with two new pieces of information: A Fix It solution is available to address the vulnerability via an app-compat shim The comprehensive security update will be released out-of-band on Friday. In this blog post, we’d like to explain more about the vulnerability and explain how the Fix It solution addresses the issue.

MSXML - 5 steps to stay protected

Tuesday, July 10, 2012

Today Microsoft provided nine bulletin updates, as described in July’s Security Bulletin Summary. This post is going to focus on the first of the issues described in the above summary - Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution. Step 1 – Be informed MS12-043 describes the security update that resolves a publicly disclosed vulnerability in Microsoft XML Core Services.

MSXML: Fix it before fixing it

Wednesday, June 13, 2012

Yesterday, Microsoft has released Security Advisory 2719615, associated to a vulnerability in Microsoft XML Core Services. We want to share more details about the issue and explain the additional workarounds available to help you protect your computers. Information about the vulnerability A vulnerability exists in Microsoft XML Core Services 3.0, 4.