mitigation

  1. Strength, flexibility and the March 2012 security bulletins

    Hello. Today we’re releasing six security bulletins – one Critical-class, four Important and one Moderate – addressing seven issues in Microsoft Windows, Visual Studio, and Expression Design. We recommend that customers focus on MS12-020, our sole critical-class bulletin, as...
  2. Microsoft Security Advisory (2659883): Vulnerability in ASP.NET Could Allow Denial of Service - Vers

    Revision Note: V1.0 (December 28, 2011): Advisory published. Summary: Microsoft is aware of detailed information that has been published describing a new method to exploit hash tables. Attacks targeting this type of vulnerability are generically known as hash collision attacks. Attacks...
  3. Microsoft releases Security Advisory 2659883, offers workaround for industry-wide issue

    Hello, Today we published Security Advisory 2659883 to provide a workaround to help protect ASP.NET customers from a publicly disclosed vulnerability that affects various Web platforms industry-wide. We are not aware of any attacks using this vulnerability, which affects all supported versions...
  4. Microsoft releases Security Advisory 2588513

    Hello. Today we released Security Advisory 2588513, addressing an information-disclosure issue in SSL (Secure Sockets Layer) 3.0 and TLS (Transport Layer Security) 1.0 to provide guidance for customers. This is an industry-wide issue with limited impact that affects the Internet ecosystem as a...
  5. The Enhanced Mitigation Experience Toolkit

    Describes the Enhanced Mitigation Experience Toolkit. A link is provided to download the toolkit. Link Removed
  6. Windows 7 Plug and Prey: Malicious USB Devices

    Plug and Prey: Malicious USB Devices
  7. Researchers cancel SCADA hack talk

    Dillon Beresford and Brian Meixell were planning to perform a demonstration of how to attack critical infrastructure at the TakeDown Conference but cancelled after they were "asked very nicely" to refrain from providing that information. Beresford, a security analyst at NSS Labs, told Link...
  8. Exploitability Index Improvements Now Offer Additional Guidance

    Exploitability Index Improvements Now Offer Additional Guidance In October of 2008, Microsoft published its first Link Removed a rating system that helps customers identify the likelihood that a specific vulnerability would be exploited within the first 30 days after bulletin release. As of...
  9. VIDEO Fukushima still a threat: senior officials

  10. VIDEO US Nuclear Experts Offer Dire Predictions For Japanese Fukushima Nuke Plant

  11. Microsoft Releases Security Advisory 2524375

    Hello - Today we're releasing Link Removed due to 404 Error, to address nine fraudulent digital certificates issued by Comodo Group Inc, a root certificate authority. Comodo has since revoked the digital certificates. This is not a Microsoft security vulnerability; however, one of the...
  12. Windows 7 EMET - Enhanced Mitigation Experience Toolkit, How should it be set up?

    I guess the first question I should ask is do the experts here at this forum think this thing is worthwhile. It looks like this might be the way of hardening my operating system that I have been thinking I'd like to have. It also looks like it could hinder the operation of a computer. I've...
  13. Microsoft Security Advisory (2488013): Vulnerability in Internet Explorer Could Allow Remote Code Ex

    Revision Note: V1.2 (January 11, 2011): Added the workaround, Prevent the recursive loading of CSS style sheets in Internet Explorer, and revised Executive Summary to reflect investigation of limited attacks. Summary: Microsoft is investigating new, public reports of targeted attacks attempting...
  14. Microsoft Security Advisory (2488013): Vulnerability in Internet Explorer Could Allow Remote Code Ex

    Revision Note: V1.1 (December 31, 2010): Revised Executive Summary to reflect investigation of targeted attacks. Advisory Summary:Microsoft is investigating new, public reports of targeted attacks attempting to exploit a vulnerability in all supported versions of Internet Explorer. The main...
  15. Microsoft Releases Security Advisory 2458511

    Hi everyone, Today we released Link Removed due to 404 Error to address a new vulnerability that could impact Internet Explorer users if they visit a website hosting malicious code. As of now, the impact of this vulnerability is extremely limited and we are not aware of any affected customers...
  16. August 2010 Security Bulletin Release

    Hello all. As part of our usual cycle of monthly updates, today Microsoft is releasing 14 security bulletins, addressing 34 vulnerabilities. Eight of those bulletins have a Critical severity rating, and we consider four of those to be high-priority deployments: Link Removed due to 404 Error...
  17. Update on the publicly disclosed Win32k.sys EoP Vulnerability

    Hi everyone, Yesterday we Link Removed to let customers know that we were investigating a publicly disclosed vulnerability in the Windows Kernel-mode drivers (win32k.sys) affecting all supported operating systems. We are not aware of attacks that try to use the reported vulnerability or of any...
  18. Q&A from the September 2010 Security Release Bulletin Webcast

    Hello, Today we published the Link Removed due to 404 Error. During the webcast, we answered 10 questions concerning the September bulletins, including inquiries about bulletin, Link Removed due to 404 Error, involving the Stuxnet vulnerability. We also were asked about the Enhanced Mitigation...
  19. Microsoft Security Advisory (2286198): Vulnerability in Windows Shell Could Allow Remote Code Execut

    Revision Note: V1.1 (July 19, 2010): Clarified the vulnerability description and the "Is this a security vulnerability that requires Microsoft to issue a security update?" FAQ entry. Advisory Summary:Microsoft is investigating reports of limited, targeted attacks exploiting a vulnerability in...
  20. Windows Vista Internet Explorer 6 And 7 Users Beware !

    Microsoft announced today of new attacks against IE6 and IE7. An unpatched bug that attackers have been recently exploiting, which injects malicious code the computer. The oldest IE 5.01 and the newest IE 8 respectively, are not vulnerable to such attacks. The best way to defend from these...