MS13-018: Hard to let go

MS13-018 addresses a potential denial-of-service condition in the Windows TCP/IP stack. This vulnerability could be leveraged by an attacker in certain circumstances to exhaust a server’s non paged pool, preventing it from making new TCP connections. The vulnerability is as follows: A Windows victim machine has a TCP/IP connection in an ESTABLISHED state to a…

0

MS12-083: Addressing a missing certificate revocation check in IP-HTTPS

MS12-083 is being released to address a Security Feature Bypass, a class of vulnerability for which we do not frequently release security updates. This is the third such instance, with MS12-001 and MS12-032 previously having addressed Security Feature bypasses. The security feature being bypassed in the case of MS12-083 is the revocation check in IP-HTTPS….

0

MS12-074: Addressing a vulnerability in WPAD’s PAC file handling

Today we released MS12-074, addressing a Critical class vulnerability in the .NET Framework that could potentially allow remote code execution with no user interaction. This particular CVE, CVE-2012-4776, could allow an attacker on a local network to host a malicious WPAD PAC file containing script code which could be executed on a victim machine without…

0

Weaknesses in MS-CHAPv2 authentication

MS-CHAP is the Microsoft version of the Challenge-Handshake Authentication Protocol and is described in RFC2759.  A recent presentation by Moxie Marlinspike [1] has revealed a breakthrough which reduces the security of MS-CHAPv2 to a single DES encryption (2^56) regardless of the password length.  Today, we published Security Advisory 2743314 with recommendations to mitigate the effects of…

0

MS12-054: Not all remote, pre-auth vulnerabilities are equally appetizing for worms..

We released security update MS12-054 to address four privately reported issues in Windows networking components failing to properly handle malformed Remote Administration Protocol (RAP) responses. The most severe of these issues, CVE-2012-1851, is a format string vulnerability in the printer spooler service while handling a response message and is a wormable-class vulnerability on Windows XP…

0

CVE-2012-0002: A closer look at MS12-020's critical issue

Security Update MS12-020 addresses two vulnerabilities in Microsoft’s implementation of the Remote Desktop Protocol (RDP). One of the two, CVE-2012-0002, is a Critical, remote code execution vulnerability affecting all versions of Windows. This blog post shares additional information with the following goals: To strongly encourage you to make a special priority of applying this particular…

0

More information about the December 2011 ASP.Net vulnerability

Today, we released Security Advisory 2659883 alerting customers to a newly disclosed denial-of-service vulnerability affecting several vendors’ web application platforms, including Microsoft’s ASP.NET. This blog post will cover the following: Impact of the vulnerability How to know if your configuration is vulnerable to denial-of-service How to detect the vulnerability being exploited at network layer How…

0

Is SSL broken? – More about Security Bulletin MS12-006 (previously known as Security Advisory 2588513)

On January 10th, Microsoft released MS12-006 in response to a new vulnerability discovered in September in SSL 3.0 and TLS 1.0. Here we would like to give further information about the technique used to exploit this vulnerability and workaround options Microsoft has released if you discover a compatibility issue after installing the update. Is SSL…

0

Assessing the risk of the August security updates

Today we released 13 security bulletins. Two have a maximum severity rating of Critical, nine have a maximum severity rating of Important, and two have a maximum severity rating of Moderate. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack vector Max…

0

Vulnerabilities in DNS Server Could Allow Remote Code Execution

Today we released MS11-058 to address two vulnerabilities in the Microsoft DNS Service. One of the two issues, CVE-2011-1966, could potentially allow an attacker who successfully exploited the vulnerability to run arbitrary code on Windows Server 2008 and Windows Server 2008 R2 DNS servers having a particular DNS configuration. We’d like to share more detail…

0