You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
active attacks
About this tag
The active attacks tag on WindowsForum.com covers discussions about real-world exploits targeting Microsoft products and services. Topics include unauthorized digital certificates used for spoofing and phishing, as well as vulnerabilities in ASP.NET that could lead to information disclosure. The content references security advisories from Microsoft, workarounds using tools like URLScan and IIS Request Filtering, and details about affected Windows versions. These threads focus on understanding the nature of active attacks, implementing mitigations, and staying informed about emerging threats. The tag is relevant for IT professionals and security-conscious users seeking to protect Windows environments from ongoing exploitation.
Severity Rating:
Revision Note: V1.1 (June 13, 2012): Advisory revised to notify customers that Windows Mobile 6.x, Windows Phone 7, and Windows Phone 7.5 devices are not affected by the issue.
Summary: Microsoft is aware of active attacks using three unauthorized digital certificates derived...
access denied
activeattacks
browser security
certificate
cybersecurity
digital certificates
extended security updates
internet explorer
man-in-the-middle
microsoft
phishing
revision note
security
security advisory
spoofing
vulnerability
web security
windows phone
Hi everyone -
We've updated Microsoft Security AdvisoryLink Removed due to 404 Error to include a step in the workaround requiring the blocking of requests that specify the application error path on the querystring. This can be done using URLScan, a free tool for Internet Information Services...
activeattacks
advisory
block requests
email alerts
iis
microsoft
monitoring
msrc blog
network security
request filtering
scott guthrie
security
server 2008
trustworthy computing
update
urlscan
vulnerability
windows 7
windows vista
workaround
Revision Note: V1.2 (September 24, 2010): Added an entry to the FAQ to announce a revision to the workaround, "Enable a UrlScan or Request Filtering rule, enable ASP.NET custom errors, and map all error codes to the same error page." Customers who have already applied the workaround should...
activeattacks
advisory
asp.net
customerrors
encryption
errorpage
faq
information
information disclosure
microsoft
request filtering
security
security breach
server issues
tampering
urlscan
viewstate
vulnerability
web.config
workaround
Revision Note: V1.1 (September 20, 2010): Revised Executive Summary to communicate that Microsoft is aware of limited, active attacks. Also added additional entries to the Frequently Asked Questions section and additional clarification to the workaround. Advisory Summary:Microsoft is...