Risk Asessment

Protecting yourself from attacks that leverage fraudulent DigiNotar digital certificates

Sunday, September 04, 2011

Last week, we released Security Advisory 2607712, notifying customers that fraudulent digital certificates had been issued by certificate authority DigiNotar. We’d like to follow up on that notification in this blog post by explaining more about the potential risks and actions you can take to protect yourself from any potential attacks that would leverage those fraudulent certificates.

Read More

• Attack Vector
• Man-in-the-Middle
• Mitigations
• Risk Asessment
• Workarounds

Assessing the risk of the August security updates

Tuesday, August 09, 2011

Today we released 13 security bulletins. Two have a maximum severity rating of Critical, nine have a maximum severity rating of Important, and two have a maximum severity rating of Moderate. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack vector Max Bulletin Severity Max Exploit-ability Likely first 30 days impact Platform mitigations and key notes MS11-057 (IE) Victim browses to a malicious webpage.

Read More

• Exploitability
• Network protocol
• Rating
• Risk Asessment

Vulnerabilities in DNS Server Could Allow Remote Code Execution

Tuesday, August 09, 2011

Today we released MS11-058 to address two vulnerabilities in the Microsoft DNS Service. One of the two issues, CVE-2011-1966, could potentially allow an attacker who successfully exploited the vulnerability to run arbitrary code on Windows Server 2008 and Windows Server 2008 R2 DNS servers having a particular DNS configuration. We’d like to share more detail in this blog post and help you make a risk decision for your environment.

Read More

• Attack Vector
• DNS
• Mitigations
• Network protocol
• Risk Asessment

MS11-053: Vulnerability in the Bluetooth stack could allow remote code execution

Tuesday, July 12, 2011

The single Critical vulnerability in today’s batch of security updates addresses an issue in the Bluetooth stack. Your workstations’ risk to this vulnerability varies, depending on a number of factors. I’d like to use this blog post to outline those risk factors. How can I protect my system? The best way to protect any potentially vulnerable system is to apply the MS11-053 security update.

Read More

• Attack Surface Reduction
• Attack Vector
• Exploitability
• Mitigations
• Network protocol
• Risk Asessment
• Workarounds

WebGL Considered Harmful

Thursday, June 16, 2011

The Khronos Group’s WebGL technology is a cross-platform, low-level 3D graphics API for the web. Recently, Context Information Security published two reports critical of the WebGL technology, WebGL – A New Dimension for Browser Exploitation and WebGL – More WebGL Security Flaws. One of the functions of MSRC Engineering is to analyze various technologies in order to understand how they can potentially affect Microsoft products and customers.

Read More

• Attack Surface Expansion
• Risk Asessment

Assessing the risk of the June security updates

Tuesday, June 14, 2011

Today we released 16 security bulletins. Nine have a maximum severity rating of Critical and seven have a maximum severity rating of Important. This release addresses several publicly disclosed vulnerabilities. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack vector Max Bulletin Severity Max Exploit-ability rating Likely first 30 days impact Platform mitigations and key notes MS11-050(IE) Victim browses to a malicious webpage.

Read More

• .NET Framework
• Attack Vector
• Exploitability
• IE
• Internet Explorer (IE)
• Rating
• Risk Asessment
• SMB

Assessing the risk of the April security updates

Tuesday, April 12, 2011

Today we released 17 security bulletins. Nine have a maximum severity rating of Critical and eight have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack vector Max Bulletin Severity Max Exploit-ability Index Likely first 30 days impact Platform mitigations and key notes MS11-018(IE) Victim browses to a malicious webpage.

Read More

• Mitigations
• Rating
• Risk Asessment

Notes on exploitability of the recent Windows BROWSER protocol issue

Wednesday, February 16, 2011

Earlier this week a PoC exploit for a vulnerability in the BROWSER protocol was released on Full Disclosure. There has been some discussion regarding whether this issue can result in Remote Code Execution (RCE) or is only a Denial of Service (DoS). This blog post provides details on the exploitability based on our internal analysis.

Read More

• Attack Vector
• Exploitability
• Network protocol
• Risk Asessment
• SMB

Assessing the risk of the February security updates

Tuesday, February 08, 2011

Today we released twelve security bulletins. Three have a maximum severity rating of Critical and nine have a maximum severity rating of Important. This release addresses three publicly disclosed vulnerabilities. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack vector Max Bulletin Severity Max Exploit-ability Likely first 30 days impact Platform mitigations and key notes MS11-003(IE) Victim browses to a malicious webpage.

Read More

• Attack Vector
• Exploitability
• Mitigations
• Rating
• Risk Asessment
• Workarounds

Assessing the risk of public issues currently being tracked by the MSRC

Friday, January 07, 2011

At Microsoft, as at most large software vendors, we are likely to have publicly known issues under investigation at any given time. This is what we do on the Security Research & Defense team. Recently we’ve seen confusion from folks trying to make sense of some of the current public issues.

Read More

• Exploitation
• IE
• Killbit
• Mitigations
• Risk Asessment
• Workarounds