Microsoft "Fix it" available for Internet Explorer 6, 7, and 8

This past weekend we have alerted you about a vulnerability present in Internet Explorer 6, 7, and 8 which has already been used in limited targeted attacks. Later versions of Internet Explorer (9 and 10) are not affected by this issue. As always, we recommend upgrading to the latest available. For those who are constrained to older…

0

New vulnerability affecting Internet Explorer 8 users

Today, the MSRC released Security Advisory 2794220 alerting customers to limited, targeted attacks affecting customers using Internet Explorer 6, 7, and 8. Internet Explorer 9 and Internet Explorer 10 users are safe. More information about the vulnerability and exploit In this particular vulnerability, IE attempts to reference and use an object that had previously been…

0

Assessing risk for the December 2012 security updates

Today we released seven security bulletins addressing 12 CVE’s. Five of the bulletins have a maximum severity rating of Critical, and two have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack vector Max Bulletin Severity…

0

MS12-083: Addressing a missing certificate revocation check in IP-HTTPS

MS12-083 is being released to address a Security Feature Bypass, a class of vulnerability for which we do not frequently release security updates. This is the third such instance, with MS12-001 and MS12-032 previously having addressed Security Feature bypasses. The security feature being bypassed in the case of MS12-083 is the revocation check in IP-HTTPS….

0

MS12-074: Addressing a vulnerability in WPAD’s PAC file handling

Today we released MS12-074, addressing a Critical class vulnerability in the .NET Framework that could potentially allow remote code execution with no user interaction. This particular CVE, CVE-2012-4776, could allow an attacker on a local network to host a malicious WPAD PAC file containing script code which could be executed on a victim machine without…

0

Assessing risk for the November 2012 security updates

Today we released six security bulletins addressing 19 CVE’s. Four of the bulletins have a maximum severity rating of Critical, one has a maximum severity rating of Important, and one has a maximum severity rating of Moderate. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment….

0

Assessing risk for the October 2012 security updates

Today we released seven security bulletins addressing 20 CVEs (7 Microsoft and 13 Oracle CVE’s). Only one of the bulletins is rated Critical. The other six have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack…

0

Security Advisory 2749655 and timestamping

Today we released Security Advisory 2749655 to alert customers to a clerical error made in code-signing a number of recently released security updates. This error will cause the digital signature to expire and become invalid prematurely – not a security flaw, but an issue that will impair users’ overall security profile. In this blog post,…

0

More information on Security Advisory 2757760’s Fix It

Today, we revised Security Advisory 2757760 with two new pieces of information: A Fix It solution is available to address the vulnerability via an app-compat shim The comprehensive security update will be released out-of-band on Friday. In this blog post, we’d like to explain more about the vulnerability and explain how the Fix It solution…

0

Weaknesses in MS-CHAPv2 authentication

MS-CHAP is the Microsoft version of the Challenge-Handshake Authentication Protocol and is described in RFC2759.  A recent presentation by Moxie Marlinspike [1] has revealed a breakthrough which reduces the security of MS-CHAPv2 to a single DES encryption (2^56) regardless of the password length.  Today, we published Security Advisory 2743314 with recommendations to mitigate the effects of…

0