FixIt

Fix it tool available to block Internet Explorer attacks leveraging CVE-2014-0322

Today, we released Security Advisory 2934088 to provide guidance to customers concerned about a new vulnerability found in Internet Explorer versions 9 and 10. This vulnerability has been exploited in limited, targeted attacks against Internet Explorer 10 users browsing to www.vfw.org and www.gifas.asso.fr. We will cover the following topics in this blog post: Platforms affected …

Fix it tool available to block Internet Explorer attacks leveraging CVE-2014-0322 Read More »

CVE-2013-3906: a graphics vulnerability exploited through Word documents

Recently we become aware of a vulnerability of a Microsoft graphics component that is actively exploited in targeted attacks using crafted Word documents sent by email. Today we are releasing Security Advisory 2896666 which includes a proactive Fix it workaround for blocking this attack while we are working on the final update. In this blog, …

CVE-2013-3906: a graphics vulnerability exploited through Word documents Read More »

MS13-080 addresses two vulnerabilities under limited, targeted attacks

Today we released MS13-080 which addresses nine CVEs in Internet Explorer. This bulletin fixes multiple security issues, including two critical vulnerabilities that haven been actively exploited in limited targeted attacks, which we will discuss in details in this blog entry. CVE-2013-3893: the final patch after Fix it workaround Previously, Microsoft released Security Advisory 2887505 and …

MS13-080 addresses two vulnerabilities under limited, targeted attacks Read More »

Microsoft “Fix it” available for Internet Explorer 6, 7, and 8

This past weekend we have alerted you about a vulnerability present in Internet Explorer 6, 7, and 8 which has already been used in limited targeted attacks. Later versions of Internet Explorer (9 and 10) are not affected by this issue. As always, we recommend upgrading to the latest available. For those who are constrained to older …

Microsoft “Fix it” available for Internet Explorer 6, 7, and 8 Read More »

More information on Security Advisory 2757760’s Fix It

Today, we revised Security Advisory 2757760 with two new pieces of information: A Fix It solution is available to address the vulnerability via an app-compat shim The comprehensive security update will be released out-of-band on Friday. In this blog post, we’d like to explain more about the vulnerability and explain how the Fix It solution …

More information on Security Advisory 2757760’s Fix It Read More »

MSXML – 5 steps to stay protected

Today Microsoft provided nine bulletin updates, as described in July’s Security Bulletin Summary. This post is going to focus on the first of the issues described in the above summary – Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution. Step 1 – Be informed MS12-043 describes the security update that resolves a publicly …

MSXML – 5 steps to stay protected Read More »

MSXML: Fix it before fixing it

Yesterday, Microsoft has released Security Advisory 2719615, associated to a vulnerability in Microsoft XML Core Services. We want to share more details about the issue and explain the additional workarounds available to help you protect your computers. Information about the vulnerability A vulnerability exists in Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 that …

MSXML: Fix it before fixing it Read More »