attacks

Revision Note: V1.0 (June 3, 2012): Advisory published. Summary: Microsoft is aware of active attacks using three unauthorized digital certificates derived by a Microsoft Certificate Authority. An unauthorized certificate could be used to spoof content, perform phishing attacks, or...

Mac Users Now Also Susceptible to Targeted Attacks | Malware Blog | Trend Micro

Revision Note: V1.3 (November 8, 2011): Added link to MAPP Partners with Updated Protections in the Executive Summary. Revised impact statement for the workaround, Deny access to T2EMBED.DLL, to address a reoffer issue on Windows XP and Windows Server 2003. Also, revised the mitigating factors...

Revision Note: V1.0 (December 8, 2009): Advisory published. Summary: This advisory addresses the potential for attacks that affect the handling of credentials using Integrated Windows Authentication (IWA), and the mechanisms Microsoft has made available for customers to help protect...

Revision Note: V1.0 (August 10, 2010): Advisory published. Summary: Microsoft is aware of the potential for attacks that leverage the Windows Service Isolation feature to gain elevation of privilege. This advisory discusses potential attack scenarios and provides suggested actions that...

Revision Note: V3.0 (September 6, 2011): Revised to announce the release of an update that addresses this issue. Summary: Microsoft is aware of active attacks using at least one fraudulent digital certificate issued by DigiNotar, a certification authority present in the Trusted Root...

Revision Note: V3.0 (September 6, 2011): Revised to announce the release of an update that addresses this issue. Advisory Summary:Microsoft is aware of active attacks using at least one fraudulent digital certificate issued by DigiNotar, a certification authority present in the Trusted Root...

America's Cybercrime Risk - A Look at Articles on Information Management and National Security

LulzSec has launched a new hacking campaign dubbed Operation Anti-Security and calls on everyone, supporters and enemies alike, to attack Web sites belonging to any government agency or government-friendly organization This sounds very serious. Banks and large corporations seem to be their...

Revision Note: V2.0 (April 19, 2011): Added Windows Mobile 6.x, Windows Phone 7, Microsoft Kin, and Zune devices to affected software and devices.Summary: Microsoft is aware of nine fraudulent digital certificates issued by Comodo, a certification authority present in the Trusted Root...

Last summer at the Black Hat security conference, we announced a philosophical shift in how we refer to vulnerability disclosure, called "Coordinated Vulnerability Disclosure" (CVD). Our intent was to focus on how coordination and collaboration are required to resolve security issues in a way...

Revision Note: V1.1 (March 11, 2011): Revised Executive Summary to reflect investigation of limited, targeted attacks. Advisory Summary:Microsoft has completed the investigation into public reports of this vulnerability. We have issued MS11-026 to address this issue. For more information about...

Just a line to see if anyone has encounterd ,that internet nasty vista 2011 malware remover,that is a trojan,that attaches itself to windows secdurity center, or pretends to be windows security center, and begins to warn through various false scans and notices, of attacks and spyware ,and all...

Revision Note: V1.3 (January 11, 2011): Revised the workaround, Prevent the recursive loading of CSS style sheets in Internet Explorer, to add the impact for the workaround.Summary: Microsoft is investigating new, public reports of limited attacks attempting to exploit a vulnerability in all...

Revision Note: V1.2 (January 11, 2011): Added the workaround, Prevent the recursive loading of CSS style sheets in Internet Explorer, and revised Executive Summary to reflect investigation of limited attacks. Advisory Summary:Microsoft is investigating new, public reports of targeted attacks...

BH Landscape Next week, many of us here will be heading down to Las Vegas for Black Hat. The MSRC, and other teams in Microsoft, have been attending Black Hat for years. In fact, we've been sponsoring the show for the last eight years-the last five as a platinum sponsor. Some might ask why...

Overview Today we released MicrosoftLink Removed due to 404 Error. This is different from other Microsoft Security Advisories because it's not talking about specific vulnerabilities in Microsoft products. Rather, this is our official guidance in response to security research that has outlined a...

Hi everyone - We've just updated Link Removed due to 404 Error as we've begun to see limited attacks with the ASP.NET vulnerability. We have added questions and answers and encourage customers to review this information and evaluate it for their environment. We have also added additional...

Revision Note: V1.0 (August 10, 2010): Advisory published.Summary: Microsoft is aware of the potential for attacks that leverage the Windows Service Isolation feature to gain elevation of privilege. This advisory discusses potential attack scenarios and provides suggested actions that can help...

Revision Note: V1.0 (August 10, 2010): Advisory published.Summary: Microsoft is aware of the potential for attacks that leverage the Windows Service Isolation feature to gain elevation of privilege. This advisory discusses potential attack scenarios and provides suggested actions that can help...