Microsoft Security Response Center Blog

Rustock updates and Advance Notification Service for the July 2011 Security Bulletin Release

Thursday, July 07, 2011

Hello all – This week we released a special Security Intelligence Reportthat showcases some of the data we amassed in the wake of the big Rustock botnet takedown in the spring of 2010. The new SIR also delves into the diplomacy, secrecy and intellectual property law that all played important roles in the successful international effort that led to the takedown of the Rustock botnet on March 16.

• ANS
• Microsoft Office
• Microsoft Windows

Q&A from June 2011 Security Bulletin Webcast

Saturday, June 18, 2011

Hello, Today we published the June Security Bulletin Webcast Questions & Answers page. We fielded fifteen questions on various topics during the webcast, including bulletins released and the Malicious Software Removal Tool. There were two questions during the webcast that we were unable to answer, and we have included those questions and answers on the Q&A page.

WebGL Considered Harmful

Thursday, June 16, 2011

The Khronos Group’s WebGL technology is a cross-platform, low-level 3D graphics API for the web. Recently, Context Information Security published two reports critical of the WebGL technology, WebGL – A New Dimension for Browser Exploitation and WebGL – More WebGL Security Flaws. One of the functions of MSRC Engineering is to analyze various technologies in order to understand how they can potentially affect Microsoft products and customers.

• Attack Surface Expansion
• Risk Asessment

Building a safe internet... together!

Wednesday, June 15, 2011

Handle: Cluster IRL: Maarten Van Horenbeeck Rank: Senior Program Manager Likes: Slicing covert channels, foraging in remote memory pools, and setting off page faults Dislikes: The crackling sound of crypto breaking, warm vodka martni Hi everyone, Together with my colleagues Jeff Williams and Holly Stewart from the Microsoft Malware Protection Center (MMPC) I am here at the 23rd Annual FIRST conference in Vienna, Austria this week.

Assessing the risk of the June security updates

Tuesday, June 14, 2011

Today we released 16 security bulletins. Nine have a maximum severity rating of Critical and seven have a maximum severity rating of Important. This release addresses several publicly disclosed vulnerabilities. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack vector Max Bulletin Severity Max Exploit-ability rating Likely first 30 days impact Platform mitigations and key notes MS11-050(IE) Victim browses to a malicious webpage.

• .NET Framework
• Attack Vector
• Exploitability
• IE
• Internet Explorer (IE)
• Rating
• Risk Asessment
• SMB

Autorun-Related Malware Declines and the June 2011 Security Bulletin Release

Tuesday, June 14, 2011

Hello there. First off, I’d like to share some news regarding the updates we made to the Autorun feature in Security Advisory 967940, which we released in February 2011. The advisory made changes to how Autorun handles “non-shiny” media (eg., USB thumb drives). The change was expected to make a significant difference to infection rates by malware that uses Autorun to propagate, and we’ve been monitoring those rates ever since.

• Internet Explorer (IE)
• Malicious Software Removal Tool (MSRT)
• Security Bulletin
• Security bulletin release
• Security Update

MS11-044: JIT compiler issue in .NET Framework

Tuesday, June 14, 2011

Today we have released MS11-044 to address CVE-2011-1271, a remote code execution vulnerability in the .NET framework. Here we would like to provide more technical information about this vulnerability and why we believe this issue to be unlikely to be exploited. This root cause of CVE-2011-1271 is that there was a bug in the JIT compiler which would cause it to mistakenly determine that a given object is always null (or non-null) and would omit certain checks.

• .NET Framework
• Attack Vector

MS11-050: IE9 is better

Tuesday, June 14, 2011

Today, we released MS11-050, a cumulative security update for Internet Explorer to address several vulnerabilities in IE9. The following table lists the CVEs included in MS11-050, and whether each affects IE8 or IE9. CVE Rating IE8 IE9 CVE-2011-1246 Moderate Yes No CVE-2011-1258 Moderate Yes No CVE-2011-1252 Important Yes No CVE-2011-1256 Important Yes No CVE-2011-1255 Critical Yes No CVE-2011-1254 Critical Yes No CVE-2011-1251 Critical Yes No CVE-2011-1250 Critical Yes Yes CVE-2011-1260 Critical Yes Yes CVE-2011-1261 Critical Yes Yes CVE-2011-1262 Critical Yes Yes As shown above, only a minor fraction of vulnerabilities affecting IE8 (and earlier versions of the browser) would still affect IE9.

• Attack Surface Reduction
• Defense-in-depth
• Internet Explorer (IE)

June Advance Notification Service and 10 Immutable Laws Revisited

Thursday, June 09, 2011

Before we get into this month’s release, we wanted to alert you to updates to a document that’s been central to much of how Microsoft thinks about security. Ten years ago, Microsoft penned the “Ten Immutable Laws of Security,” which debuted on TechNet. It was written before the rise of – among other technologies and trends – cloud computing, social networking, widespread smartphone adoption, and Windows XP, to name but a few landmarks along the way.

• ANS
• Internet Explorer (IE)
• Monthly bulletin release
• Security
• Security Bulletin

New version of EMET is now available

Wednesday, May 18, 2011

Today we are pleased to announce a new version of the Enhanced Mitigation Experience Toolkit (EMET) with brand new features and mitigations. Users can click here to download the tool free of charge. The Enhanced Mitigation Experience Toolkit enables and implements different techniques to make successful attacks on your system more difficult.

• Defense-in-depth
• EMET
• Exploitation
• Mitigations
• Security Tools
• Zero-Day Exploit