IE 8 XSS Filter Architecture / Implementation

Recently we announced the Internet Explorer 8 XSS Filter and talked a bit about its design philosophy. This post will describe the filter’s architecture and implementation in more detail. Design Goals The Internet Explorer 8 XSS Filter is intended to mitigate reflected / “Type-1” XSS vulnerabilities in a way that does not “break the web.”…

4

Welcome to the new Microsoft Security Vulnerability Research and Defense blog!

We are excited to have this outlet to share more in-depth technical information about vulnerabilities serviced by MSRC security updates and ways you can protect your organization from security vulnerabilities. You can read much more about the goals of the blog and about the SWI teams contributing to the blog in our “About” link: http://blogs.technet.com/swi/about.aspx …

3

MS07-063 – The case of the insecure signature

MS07-063 addresses a weakness in the SMBv2 message signing algorithm. SMB signing is a feature enabled by default on domain controllers to prevent man-in-the-middle attacks. As you can imagine, if an attacker on your local subnet can tamper with the SMB network traffic between your domain controller and domain-joined clients, they can cause all kind…

2

MS07-065 – The case of the significant suffix

MS07-065 fixed a vulnerability in the Message Queueing service. On Windows 2000, a remote anonymous attacker could use this vulnerability to run code as local system on unpatched machines. Windows XP added defense-in-depth hardening to disallow remote access for this service that does not need to be exposed remotely. So on Windows XP, the attacker…

1

MS12-034: Duqu, ten CVE’s, and removing keyboard layout file attack surface

There are several interesting “stories” to tell about security update MS12-034: Addressing the Duqu vulnerability again? Why so many affected products? Keyboard layout behavior introduced with Windows Vista conditionally applied down-level Addressing the Duqu vulnerability again? Five months ago, we released security update MS11-087 to address CVE-2011-3402, a vulnerability that was being exploited by the…

0

Introducing EMET v3

We are pleased to announce the release of a new version of our Enhanced Mitigation Experience Toolkit (EMET) – EMET 3.0. EMET it is a free utility that helps prevent vulnerabilities in software from being successfully exploited for code execution. It does so by opt-ing in software to the latest security mitigation technologies. The result is…

0

Microsoft certification authority signing certificates added to the Untrusted Certificate Store

Today, we released Security Advisory 2718704, notifying customers that unauthorized digital certificates have been found that chain up to a Microsoft sub-certification authority issued under the Microsoft Root Authority. With this blog post, we’d like to dig into more technical aspects of this situation, potential risks to your enterprise, and actions you can take to…

0

Flame malware collision attack explained

Since our last MSRC blog post, we’ve received questions on the nature of the cryptographic attack we saw in the complex, targeted malware known as Flame. This blog summarizes what our research revealed and why we made the decision to release Security Advisory 2718704 on Sunday night PDT. In short, by default the attacker’s certificate would…

0

Assessing risk for the June 2012 security updates

Today we released seven security bulletins. Three have a maximum severity rating of Critical and the other four have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack vector Max Bulletin Severity Max Exploit-ability Index Likely…

0

Assessing risk for the July 2012 security updates

Today we released nine security bulletins addressing 16 CVE’s. Three of the bulletins have a maximum severity rating of Critical and the other six have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack vector Max…

0