Skip to main content
MSRC

Spoofing

MS13-098: Update to enhance the security of Authenticode

Tuesday, December 10, 2013

Today we released MS13-098, a security update that strengthens the Authenticode code-signing technology against attempts to modify a signed binary without invalidating the signature. This update addresses a specific instance of malicious binary modification that could allow a modified binary to pass the Authenticode signature check. More importantly, it also introduces further hardening to consider a binary “unsigned” if any modification has been made in a certain portion of the binary.

Read More

An update on the DLL-preloading remote attack vector

Tuesday, August 31, 2010

Last week, we released Security Advisory 2269637 notifying customers of a publicly disclosed remote attack vector to a class of vulnerabilities affecting applications that load dynamic-link libraries (DLL’s) in an insecure manner. At that time, we also released a tool to help protect systems by disallowing unsafe DLL-loading behavior. Today we wanted to provide an update by answering several questions we have received from customers and addressing common misperceptions about the risk posed by this class of vulnerability.

Read More

Assessing the risk of the schannel.dll vulnerability (MS09-007)

Tuesday, March 10, 2009

MS09-007 resolves an issue in which an attacker may be able to log onto an SSL protected server which is configured to use certificate based client authentication with only the public key component of a certificate, not the associated private key. Only a subset of customers who log into SSL protected servers are at risk but it is a little tricky to explain who might be affected due to the unique nature of this vulnerability.

Read More

MS08-037 : More entropy for the DNS resolver

Tuesday, July 08, 2008

We released security bulletin MS08-020 two months ago to improve the DNS transaction ID entropy. You can read more about the MS08-020 algorithm change in this blog entry. Increasing the entropy makes it more difficult for attackers to spoof DNS replies. Today, we released MS08-037 to further increase the difficulty of spoofing DNS transactions.

Read More

MS08-020 : How predictable is the DNS transaction ID?

Wednesday, April 09, 2008

Today we released MS08-020 to address a weakness in the Transaction ID (TXID) generation algorithm in the DNS client resolver. The TXID is a 16-bit entity that is primarily used as a synchronization mechanism between DNS servers/clients; in fact, you can think of it as an Initial Sequence Number (ISN) for DNS query/response exchanges.

Read More