mitigation

I’m here at the Moscone Center, San Francisco, California, attending the annual Link Removed. There’s a great crowd here and many valuable discussions. Our Microsoft Security Response Center (MSRC) engineering teams have been working hard on the next version of EMET, which helps customers...

Original release date: January 17, 2014 | Last revised: February 09, 2014 Systems Affected Certain UDP protocols have been identified as potential attack vectors: DNS NTP SNMPv2 NetBIOS SSDP CharGEN QOTD BitTorrent Kad Quake Network Protocol Steam Protocol Overview A Distributed...

There are times when we get too close to a topic. We familiarize ourselves with every aspect and nuance, but fail to recognize not everyone else has done the same. Whether you consider this myopia, navel-gazing, or human nature, the effect is the same. I recognized this during the recent webcast...

Original release date: November 05, 2013 | Last revised: November 06, 2013 Systems Affected Microsoft Windows systems running Windows 7, Vista, and XP operating systems Overview US-CERT is aware of a malware campaign that surfaced in 2013 and is associated with an increasing number of...

Today we released Security Advisory 2887505 regarding an issue that affects Internet Explorer. There are only reports of a limited number of targeted attacks specifically directed at Internet Explorer 8 and 9, although the issue could potentially affect all supported versions. This issue could...

Original release date: July 12, 2013 Systems Affected McAfee ePolicy Orchestrator (ePO) Overview A new exploit tool targets two vulnerabilities in McAfee’s ePolicy Orchestrator (ePO). Description A new exploit tool specifically built to attack McAfee’s ePolicy Orchestrator (ePO) targets...

Original release date: July 12, 2013 Systems Affected McAfee ePolicy Orchestrator (ePO) Overview A new exploit tool targets two vulnerabilities in McAfee’s ePolicy Orchestrator (ePO).  Description A new exploit tool specifically built to attack McAfee’s ePolicy Orchestrator (ePO)...

Original release date: March 29, 2013 Systems Affected Domain Name System (DNS) servers Overview A Domain Name Server (DNS) Amplification attack is a popular form of Distributed Denial of Service (DDoS) that relies on the use of publically accessible open recursive DNS servers to...

Original release date: February 20, 2013 Systems Affected Any system using Oracle Java including JDK and JRE 7 Update 13 and earlier JDK and JRE 6 Update 39 and earlier JDK and JRE 5.0 Update 39 and earlier SDK and JRE 1.4.2_41 and earlier Web browsers using the Java plug-in are at...

Original release date: February 01, 2013 | Last revised: February 06, 2013 Systems Affected Any system using Oracle Java including JDK and JRE 7 Update 11 and earlier JDK and JRE 6 Update 38 and earlier JDK and JRE 5.0 Update 38 and earlier SDK and JRE 1.4.2_40 and earlier JavaFX...

Link Removed

Before we discuss this month’s release, I wanted to briefly touch on the big event happening this week. No, I’m not talking about the romantically-themed holiday on Thursday. I’m talking about the start of spring training and the return of baseball. There are a few things I am...

We will release a Fix it in the next few days to address an issue in Internet Explorer, as outlined in the Security Advisory 2757760 that we released yesterday. While we have only seen a few attempts to exploit the issue, impacting an extremely limited number of people, we are taking this...

Provides recommendations for organizations that use MS-CHAP v2/PPTP to implement the Protected Extensible Authentication Protocol (PEAP) in their networks. This mitigates known attacks by encapsulating the MS-CHAP v2 authentication traffic in TLS. More...

Minutes ago in Las Vegas at the Microsoft Researcher Appreciation Party, we completed the journey we set out on together at the 2011 Black Hat briefings. There, we asked the security research community to focus its talent and expertise on defense, to design and prototype novel runtime mitigation...

In a little less than 24 hours, we will award $200,000 to Jared DeMott, Ivan Frantic, or Vasilis Pappas as we name the inaugural winner of the BlueHat Prize – and we’ll award more than $50,000 for the two runners-up. As excitement builds towards that announcement, I was fortunate...

One year ago this week we challenged the security community to take an unconventional focus on defensive innovation. We called that challenge the Link Removed due to 404 Error, and tomorrow night, we will award the grand prize of $200,000 to one of the finalists - Jared DeMott, Ivan Fratric, or...

Today, as a part of our continuing phased mitigation strategy recently discussed, we have initiated the additional hardening of Windows Update. We’ve also provided more information about the MD5 hash-collision attacks used by the Flame malware in the SRD blog. This information should help...

Hello, At Microsoft, our commitment is to help ensure customer trust in their computing experience. That was the impetus for Trustworthy Computing, and central to that is the priority we place on taking the necessary actions to help protect our customers. Yesterday, we issued Security Advisory...

On March 15, we became aware of public proof-of-concept code that results in denial of service for the issue addressed by MS12-020, which we released Tuesday. We continue to watch the threat landscape and we are not aware of public proof-of-concept code that results in remote code execution...