mitigation

Hello. Today we’re releasing six security bulletins – one Critical-class, four Important and one Moderate – addressing seven issues in Microsoft Windows, Visual Studio, and Expression Design. We recommend that customers focus on MS12-020, our sole critical-class bulletin, as...

Revision Note: V1.0 (December 28, 2011): Advisory published. Summary: Microsoft is aware of detailed information that has been published describing a new method to exploit hash tables. Attacks targeting this type of vulnerability are generically known as hash collision attacks. Attacks...

Hello, Today we published Security Advisory 2659883 to provide a workaround to help protect ASP.NET customers from a publicly disclosed vulnerability that affects various Web platforms industry-wide. We are not aware of any attacks using this vulnerability, which affects all supported versions...

Hello. Today we released Security Advisory 2588513, addressing an information-disclosure issue in SSL (Secure Sockets Layer) 3.0 and TLS (Transport Layer Security) 1.0 to provide guidance for customers. This is an industry-wide issue with limited impact that affects the Internet ecosystem as a...

Describes the Enhanced Mitigation Experience Toolkit. A link is provided to download the toolkit. Link Removed

Plug and Prey: Malicious USB Devices

Dillon Beresford and Brian Meixell were planning to perform a demonstration of how to attack critical infrastructure at the TakeDown Conference but cancelled after they were "asked very nicely" to refrain from providing that information. Beresford, a security analyst at NSS Labs, told Link...

Exploitability Index Improvements Now Offer Additional Guidance In October of 2008, Microsoft published its first Link Removed a rating system that helps customers identify the likelihood that a specific vulnerability would be exploited within the first 30 days after bulletin release. As of...

Hello - Today we're releasing Link Removed due to 404 Error, to address nine fraudulent digital certificates issued by Comodo Group Inc, a root certificate authority. Comodo has since revoked the digital certificates. This is not a Microsoft security vulnerability; however, one of the...

I guess the first question I should ask is do the experts here at this forum think this thing is worthwhile. It looks like this might be the way of hardening my operating system that I have been thinking I'd like to have. It also looks like it could hinder the operation of a computer. I've...

Revision Note: V1.2 (January 11, 2011): Added the workaround, Prevent the recursive loading of CSS style sheets in Internet Explorer, and revised Executive Summary to reflect investigation of limited attacks. Summary: Microsoft is investigating new, public reports of targeted attacks attempting...

Revision Note: V1.1 (December 31, 2010): Revised Executive Summary to reflect investigation of targeted attacks. Advisory Summary:Microsoft is investigating new, public reports of targeted attacks attempting to exploit a vulnerability in all supported versions of Internet Explorer. The main...

Hi everyone, Today we released Link Removed due to 404 Error to address a new vulnerability that could impact Internet Explorer users if they visit a website hosting malicious code. As of now, the impact of this vulnerability is extremely limited and we are not aware of any affected customers...

Hello all. As part of our usual cycle of monthly updates, today Microsoft is releasing 14 security bulletins, addressing 34 vulnerabilities. Eight of those bulletins have a Critical severity rating, and we consider four of those to be high-priority deployments: Link Removed due to 404 Error...

Hi everyone, Yesterday we Link Removed to let customers know that we were investigating a publicly disclosed vulnerability in the Windows Kernel-mode drivers (win32k.sys) affecting all supported operating systems. We are not aware of attacks that try to use the reported vulnerability or of any...

Hello, Today we published the Link Removed due to 404 Error. During the webcast, we answered 10 questions concerning the September bulletins, including inquiries about bulletin, Link Removed due to 404 Error, involving the Stuxnet vulnerability. We also were asked about the Enhanced Mitigation...

Revision Note: V1.1 (July 19, 2010): Clarified the vulnerability description and the "Is this a security vulnerability that requires Microsoft to issue a security update?" FAQ entry. Advisory Summary:Microsoft is investigating reports of limited, targeted attacks exploiting a vulnerability in...

Microsoft announced today of new attacks against IE6 and IE7. An unpatched bug that attackers have been recently exploiting, which injects malicious code the computer. The oldest IE 5.01 and the newest IE 8 respectively, are not vulnerable to such attacks. The best way to defend from these...