Visual Studio

MS10-041: XML Signature HMAC Truncation Bypass Vulnerability

Today we released MS10-041 addressing an issue in the implementation of the XML signature functionality in the .NET Framework with an Important severity rating.  We’d like to shed more light on that case here.   Am I at risk?   No Microsoft products are subject to this vulnerability.  However, .NET applications that use the System.Security.Cryptography.Xml.SignedXml.CheckSignature(KeyedHashAlgorithm …

MS10-041: XML Signature HMAC Truncation Bypass Vulnerability Read More »

Overview of the out-of-band release

Today we released Security Advisory 973882 and with it, two out-of-band security bulletins. These updates are MS09-034 (an Internet Explorer update) and MS09-035 (a Visual Studio update). At this time for customers who have applied MS09-032 we are not aware of any “in the wild” exploits that leverage the vulnerabilities documented in 973882 and MS09-035. …

Overview of the out-of-band release Read More »

MSVIDCTL (MS09-032) and the ATL vulnerability

Today we have released Security Advisory 973882 that describes vulnerabilities in the Microsoft Active Template Library (ATL), as well as security updates for Internet Explorer (MS09-034) and Visual Studio (MS09-035). The Visual Studio update addresses several vulnerabilities in the public versions of the ATL headers and libraries. The IE update contains two defense in depth …

MSVIDCTL (MS09-032) and the ATL vulnerability Read More »