Skip to main content
MSRC

Attack Surface Reduction

MS14-025: An Update for Group Policy Preferences

Tuesday, May 13, 2014

Today, we released an update to address a vulnerability in Group Policy Preferences (MS14-025). Group Policy Preferences was an addition made to Group Policy to extend its capabilities. Among other things, Group Policy Preferences allows an administrator to configure: Local administrator accounts (name of the account, account password, etc) Configure a service or scheduled task (allowed to specify alternate credentials to run as) Mount network drives when a user logs in (allowed to specify alternate credentials to connect with) Group Policy Preferences are distributed just like normal group policy: An XML file containing the settings is written to the SYSVOL share of the domain controllers, and computers periodically query the SYSVOL share (authenticating to it using their computer account) for updates to the group policy.

MS12-034: Duqu, ten CVE's, and removing keyboard layout file attack surface

Tuesday, May 08, 2012

There are several interesting “stories” to tell about security update MS12-034: Addressing the Duqu vulnerability again? Why so many affected products? Keyboard layout behavior introduced with Windows Vista conditionally applied down-level Addressing the Duqu vulnerability again? Five months ago, we released security update MS11-087 to address CVE-2011-3402, a vulnerability that was being exploited by the Duqu malware to execute arbitrary code when a user opened a malicious Office document.

More information on MS11-087

Tuesday, December 13, 2011

Today, we released MS11-087 addressing an issue in the font parsing subsystem of win32k.sys, CVE-2011-3402. The bulletin received a Critical rating due to a potential browser-based attack vector. We have not seen the browser-based attack vector exploited in the wild. The bulletin includes a workaround to disable this remote code execution attack surface.

More information on the December 2011 ActiveX Kill Bits bulletin (MS11-090)

Tuesday, December 13, 2011

This month we released MS11-090 to address a vulnerability in the Microsoft Time component (CVE-2011-3397), which features the deprecated time behavior that is still supported in IE6. We would like to provide further information about this issue and help explain why a “binary behavior kill bit” is the appropriate course of action.

MS11-053: Vulnerability in the Bluetooth stack could allow remote code execution

Tuesday, July 12, 2011

The single Critical vulnerability in today’s batch of security updates addresses an issue in the Bluetooth stack. Your workstations’ risk to this vulnerability varies, depending on a number of factors. I’d like to use this blog post to outline those risk factors. How can I protect my system? The best way to protect any potentially vulnerable system is to apply the MS11-053 security update.

MS11-056: Vulnerabilities in the Client/Server Runtime Subsystem and Console Host

Tuesday, July 12, 2011

Today we released security update MS11-056 to address vulnerabilities in the Windows Client/Server Runtime Subsystem (CSRSS) and Console Host (conhost.exe). We also closed an internally found elevation of privilege attack vector on Windows 7 and Windows Server 2008 R2, significantly reducing the opportunity for any console issues discovered in the future to result in elevation of privilege on those platforms.

MS11-050: IE9 is better

Tuesday, June 14, 2011

Today, we released MS11-050, a cumulative security update for Internet Explorer to address several vulnerabilities in IE9. The following table lists the CVEs included in MS11-050, and whether each affects IE8 or IE9. CVE Rating IE8 IE9 CVE-2011-1246 Moderate Yes No CVE-2011-1258 Moderate Yes No CVE-2011-1252 Important Yes No CVE-2011-1256 Important Yes No CVE-2011-1255 Critical Yes No CVE-2011-1254 Critical Yes No CVE-2011-1251 Critical Yes No CVE-2011-1250 Critical Yes Yes CVE-2011-1260 Critical Yes Yes CVE-2011-1261 Critical Yes Yes CVE-2011-1262 Critical Yes Yes As shown above, only a minor fraction of vulnerabilities affecting IE8 (and earlier versions of the browser) would still affect IE9.

More information about the MHTML Script Injection vulnerability

Friday, January 28, 2011

Today we released Security Advisory 2501696 to alert customers to a publicly disclosed vulnerability in the MHTML protocol handler. This vulnerability could allow attackers to construct malicious links pointing to HTML documents that, when clicked, would render the targeted document and reflected script in the security context of the user and target location.

MS09-019 (CVE-2009-1532): The "pwn2own" vulnerability

Tuesday, June 09, 2009

IE8 behavior notes MS09-019 contains the fix for the IE8 vulnerability responsibly disclosed by Nils at the CanSecWest pwn2own competition (CVE-2009-1532). Nils exploited this vulnerability on an IE8 build that did allow .NET assemblies to load in the Internet Zone. The final, released build of IE8 does not allow .Net assemblies to load in the Internet Zone.

New vulnerability in quartz.dll Quicktime parsing

Thursday, May 28, 2009

Recently, we found a remote code execution vulnerability in Microsoft’s DirectShow platform (quartz.dll) when processing the QuickTime format. We have released advisory 971778 providing guidance to help protect customers. We’d like to go into more detail in this blog to help you understand: Which configurations are at risk? Why is this a high risk vulnerability?