Skip to main content


EMET 4.0's Certificate Trust Feature

Wednesday, May 08, 2013

Three weeks ago, we released a beta version of EMET 4.0 to get feedback on the new EMET features and to get more real-world testing before the official release. We have been amazed and so grateful for the thousands of downloads and hundreds of emails with feature suggestions, bug reports, questions about the new features, and kind words cheering us on.

Weaknesses in MS-CHAPv2 authentication

Monday, August 20, 2012

MS-CHAP is the Microsoft version of the Challenge-Handshake Authentication Protocol and is described in RFC2759. A recent presentation by Moxie Marlinspike [1] has revealed a breakthrough which reduces the security of MS-CHAPv2 to a single DES encryption (2^56) regardless of the password length. Today, we published Security Advisory 2743314 with recommendations to mitigate the effects of this issue.

Protecting yourself from attacks that leverage fraudulent DigiNotar digital certificates

Sunday, September 04, 2011

Last week, we released Security Advisory 2607712, notifying customers that fraudulent digital certificates had been issued by certificate authority DigiNotar. We’d like to follow up on that notification in this blog post by explaining more about the potential risks and actions you can take to protect yourself from any potential attacks that would leverage those fraudulent certificates.

MS10-049: An inside look at CVE-2009-3555, the TLS renegotiation vulnerability

Tuesday, August 10, 2010

This issue was identified by security researchers Marsh Ray and Steve Dispensa. The vulnerability exists because certain Transport Layer Security (TLS)/Secure Sockets Layer (SSL) protected protocols assume that data received after a TLS renegotiation is sent by the same client as before the renegotiation. Renegotiation is TLS functionality that allows either peer to change the parameters of the secure session.

MS10-030: Malicious Mail server vulnerability

Tuesday, May 11, 2010

Today we released the fix for CVE-2010-0816 in MS10-030. This vulnerability affects Outlook Express, Windows Mail, and Windows Live Mail. We recommend that you install the update as soon as possible, but realize that some customers may need to prioritize which updates they install first. While the vulnerability is rated critical, many customers may not be affected by it.