Mitigations

Assessing the risk of the October security updates

Tuesday, October 12, 2010

Today we released sixteen security bulletins. Four have a maximum severity rating of Critical, ten have a maximum severity rating of Important, and two have a maximum severity rating of Moderate. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack vector Max Bulletin Severity Max exploit-ability Likely first 30 days impact Platform mitigations and key notes MS10-071 (IE) Victim browses to a malicious webpage.

Read More

• Exploitability
• Mitigations
• Rating
• Risk Asessment

Security Advisory 2416728 Released

Friday, September 17, 2010

Hi everyone, Today we released Security Advisory 2416728 describing a publicly disclosed vulnerability in ASP.NET that affects all versions of the .NET Framework. At this time we are not aware of any attacks using this vulnerability and we encourage customers to review the advisory for mitigations and workarounds. Our Security Research & Defense team has written a blog post to explain how the workarounds work and have provided a script to help administrators determine if they have ASP.

Read More

• Advisory
• Microsoft Active Protections Program (MAPP)
• Mitigations
• Security Advisory
• Workarounds

Assessing the risk of the September security updates

Tuesday, September 14, 2010

Today we released nine security bulletins. Four have a maximum severity rating of Critical with the other five having a maximum severity rating of Important. Furthermore, six of the nine bulletins either do not affect the latest version of our products or affect them with reduced severity. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment.

Read More

• Attack Vector
• Exploitability
• Mitigations
• Rating
• Risk Asessment

MS10-061: Printer Spooler Vulnerability

Tuesday, September 14, 2010

This morning we released security bulletin MS10-061 to address an issue in the Windows print spooler. In this blog post, we’d like to provide additional detail about the specific configurations of Windows that are vulnerable to this issue and more background on its connection to the Stuxnet malware. Vulnerable configurations

Read More

• Attack Vector
• Mitigations
• Network
• Network protocol
• Risk Asessment

MS10-065: Exploitability of the IIS FastCGI request header vulnerability

Tuesday, September 14, 2010

This month, Microsoft released an update for IIS that addresses three vulnerabilities. The blog post focuses on one of these: the Request Header Buffer Overflow Vulnerability (CVE-2010-2730), which affects IIS version 7.5 and has a maximum security impact of Remote Code Execution (RCE). Below we provide more details on the vulnerability and the potential for reliable remote code execution, to assist with assessing risk and prioritizing deployment of the update.

Read More

• Exploitability
• IIS
• Mitigations
• Network protocol
• Risk Asessment

Announcing BlueHat v10: A Security Odyssey

Friday, September 10, 2010

BlueHat v10 is on the horizon and I’m happy to be able to announce the lineup. This year we’ll be hosting our annual conference on October 13-15 at the Microsoft campus here in Redmond and, with the success of last year’s con, we’re working overtime to make it the most robust, top-notch BlueHat yet.

Read More

• BlueHat Security Briefings
• Community-based Defense
• EcoStrat
• Hallway Tracks
• Mitigations
• MSRC
• MSRC Ecosystem Strategy
• Risk Assessment
• Security Conference Engagement
• Security Development Lifecycle (SDL)
• Security Ecosystem
• Security Engineering
• Security Research
• Security Tools
• Watering Hole

Use EMET 2.0 to block Adobe Reader and Acrobat 0-day exploit

Friday, September 10, 2010

Background on the exploit As you probably know there is a new exploit in the wild for Adobe Reader and Acrobat. This particular exploit is using the Return Oriented Programming (ROP) exploit technique in order to bypass Data Execution Prevention (DEP). Normally Address Space Layout Randomization (ASLR) would help prevent successful exploitation.

Read More

• 0-day
• Adobe
• EMET
• Mitigations

The Enhanced Mitigation Experience Toolkit 2.0 is Now Available

Thursday, September 02, 2010

Today we are pleased to announce the availability of the Enhanced Mitigation Experience Toolkit (EMET) version 2.0. Users can click here to download the tool free of charge. For those who may be unfamiliar with the tool, EMET provides users with the ability to deploy security mitigation technologies to arbitrary applications.

Read More

• EMET
• Enhanced Mitigation Evaluation Toolkit
• Enhanced Mitigation Experience Toolkit
• Mitigations
• Security Science
• Security Tools
• Tools

An update on the DLL-preloading remote attack vector

Tuesday, August 31, 2010

Last week, we released Security Advisory 2269637 notifying customers of a publicly disclosed remote attack vector to a class of vulnerabilities affecting applications that load dynamic-link libraries (DLL’s) in an insecure manner. At that time, we also released a tool to help protect systems by disallowing unsafe DLL-loading behavior. Today we wanted to provide an update by answering several questions we have received from customers and addressing common misperceptions about the risk posed by this class of vulnerability.

Read More

• Attack Vector
• Mitigations
• Risk Asessment
• Spoofing
• Workarounds

More information about the DLL Preloading remote attack vector

Monday, August 23, 2010

Today we released Security Advisory 2269637 notifying customers of a remote attack vector to a class of vulnerabilities affecting applications that load DLL’s in an insecure manner. The root cause of this issue has been understood by developers for some time. However, last week researchers published a remote attack vector for these issues, whereas in the past, these issues were generally considered to be local and relatively low impact.

Read More

• Mitigations
• Risk Asessment
• Workarounds