Assessing the risk of the August security updates
Today we released 13 security bulletins. Two have a maximum severity rating of Critical, nine have a maximum severity rating of Important, and two have a maximum severity rating of Moderate. We hope...
View ArticleIs SSL broken? – More about Security Bulletin MS12-006 (previously known as...
On January 10th, Microsoft released MS12-006 in response to a new vulnerability discovered in September in SSL 3.0 and TLS 1.0. Here we would like to give further information about the technique used...
View ArticleMore information about the December 2011 ASP.Net vulnerability
Today, we released Security Advisory 2659883 alerting customers to a newly disclosed denial-of-service vulnerability affecting several vendors’ web application platforms, including Microsoft’s ASP.NET....
View ArticleCVE-2012-0002: A closer look at MS12-020’s critical issue
Security Update MS12-020 addresses two vulnerabilities in Microsoft’s implementation of the Remote Desktop Protocol (RDP). One of the two, CVE-2012-0002, is a Critical, remote code execution...
View ArticleMS12-054: Not all remote, pre-auth vulnerabilities are equally appetizing for...
We released security update MS12-054 to address four privately reported issues in Windows networking components failing to properly handle malformed Remote Administration Protocol (RAP) responses. The...
View ArticleWeaknesses in MS-CHAPv2 authentication
MS-CHAP is the Microsoft version of the Challenge-Handshake Authentication Protocol and is described in RFC2759. A recent presentation by Moxie Marlinspike [1] has revealed a breakthrough which...
View ArticleMS12-074: Addressing a vulnerability in WPAD’s PAC file handling
Today we released MS12-074, addressing a Critical class vulnerability in the .NET Framework that could potentially allow remote code execution with no user interaction. This particular CVE,...
View ArticleMS12-083: Addressing a missing certificate revocation check in IP-HTTPS
MS12-083 is being released to address a Security Feature Bypass, a class of vulnerability for which we do not frequently release security updates. This is the third such instance, with MS12-001 and...
View ArticleMS13-018: Hard to let go
MS13-018 addresses a potential denial-of-service condition in the Windows TCP/IP stack. This vulnerability could be leveraged by an attacker in certain circumstances to exhaust a server’s non paged...
View ArticleMultiple Security Updates Affecting TCP/IP: CVE-2021-24074, CVE-2021-24094,...
Today Microsoft released a set of fixes affecting Windows TCP/IP implementation that include two Critical Remote Code Execution (RCE) vulnerabilities (CVE-2021-24074, CVE-2021-24094) and an Important...
View Article
