network protocol

Extended Protection for Authentication

This month, Microsoft is releasing several non-security updates that implement Extended Protection for Authentication as a mechanism to help safeguard authentication credentials on the Windows platform. These new updates are not security bulletins, but non-security updates that allow web clients using the Windows HTTP Services, IIS web servers and applications based on the HTTP Protocol …

Extended Protection for Authentication Read More »

MS09-050: Exploit timeline for the SMB2 RCE vulnerability

This month we are releasing update MS09-050 to address the SMBv2 RCE vulnerability (CVE-2009-3103). Due to the fact that public exploit code exists for this vulnerability, we felt it would be good to summarize the exploit landscape at the time of release, so customers can use this information to prioritize the deployment of the update. …

MS09-050: Exploit timeline for the SMB2 RCE vulnerability Read More »

MS09-048: TCP/IP vulnerabilities

This month we released MS09-048 which addresses three vulnerabilities in the Windows TCP/IP stack. One of the vulnerabilities, CVE-2009-1925, is rated Critical due to the risk of Remote Code Execution (RCE). The other two vulnerabilities are Denial of Service (DoS) issues (due to memory exhaustion) without the risk of RCE. The Exploit Index rating for …

MS09-048: TCP/IP vulnerabilities Read More »

New vulnerability in IIS5 and IIS6

This afternoon, the MSRC posted a security advisory describing a newly-disclosed vulnerability in the IIS FTP service that could potentially grant remote code execution to untrusted users. You can find the advisory here. Vulnerability summary The vulnerability is a stack overflow in the FTP service when listing a long, specially-crafted directory name. To be vulnerable, …

New vulnerability in IIS5 and IIS6 Read More »

MS09-019 (CVE-2009-1140): Benefits of IE Protected Mode, additional Network Protocol Lockdown workaround

Benefits of IE Protected Mode One of the vulnerabilities addressed in MS09-019, CVE-2009-1140, involves navigating to a local file via a UNC path, ex: \\127.0.0.1\c$. This roundabout way of navigating to a file is necessary to execute local content such that it runs in the Internet Explorer Internet zone, where scripting is enabled. As it …

MS09-019 (CVE-2009-1140): Benefits of IE Protected Mode, additional Network Protocol Lockdown workaround Read More »

MS09-026: How a developer can know if their RPC interface is affected

Today we are releasing MS09-026 which fixes a vulnerability in the Microsoft Windows RPC (Remote Procedure Call) NDR20 marshalling engine. This component is responsible for preparing data to be sent over the network and then translating it back to what the server or client application uses. NDR20 is specific to 32-bit applications that use RPC …

MS09-026: How a developer can know if their RPC interface is affected Read More »

MS09-013 and MS09-014: NTLM Credential Reflection Updates for HTTP clients

This month we are taking another step towards blocking NTLM reflection attacks by releasing MS09-014 for Internet Explorer and MS09-013 for Windows. This is the third update related to NTLM credential reflection we have released, and I thought it would be good to go into a bit more detail on why this update was needed, …

MS09-013 and MS09-014: NTLM Credential Reflection Updates for HTTP clients Read More »

MS08-068: SMB credential reflection defense

Today Microsoft released a security update, MS08-068, which addresses an NTLM reflection vulnerability in the SMB protocol. The vulnerability is rated Important on most operating systems, except Vista and Windows Server 2008 where it has a rating of Moderate. This blog post is intended to explain why the issue is less severe on Vista and …

MS08-068: SMB credential reflection defense Read More »

MS08-037 : More entropy for the DNS resolver

We released security bulletin MS08-020 two months ago to improve the DNS transaction ID entropy.  You can read more about the MS08-020 algorithm change in this blog entry.  Increasing the entropy makes it more difficult for attackers to spoof DNS replies.  Today, we released MS08-037 to further increase the difficulty of spoofing DNS transactions.  We …

MS08-037 : More entropy for the DNS resolver Read More »