Workarounds

Protection strategies for the Security Advisory 2963983 IE 0day

We’ve received a number of customer inquiries about the workaround steps documented in Security Advisory 2963983 published on Saturday evening. We hope this blog post answers those questions. Steps you can take to stay safe The security advisory lists several options customers can take to stay safe. Those options are (in summary): Deploy the Enhanced …

Protection strategies for the Security Advisory 2963983 IE 0day Read More »

ActiveX Control issue being addressed in Update Tuesday

Late last Friday, November 8, 2013, a vulnerability, CVE-2013-3918, affecting an Internet Explorer ActiveX Control was publically disclosed. We have confirmed that this vulnerability is an issue already scheduled to be addressed in “Bulletin 3”, which will be released as MS13-090, as listed in the November Advanced Notification Service (ANS). The security update will be …

ActiveX Control issue being addressed in Update Tuesday Read More »

CVE-2013-3893: Fix it workaround available

Today, we released a Fix it workaround tool to address a new IE vulnerability that had been actively exploited in extremely limited, targeted attacks.  This Fix it makes a minor modification to mshtml.dll when it is loaded in memory to address the vulnerability. This Fix it workaround tool is linked from Security Advisory 2887505 that describes this …

CVE-2013-3893: Fix it workaround available Read More »

Microsoft “Fix it” available to mitigate Internet Explorer 8 vulnerability

Today, we are making available a “Microsoft Fix it” solution to block attacks leveraging the Internet Explorer 8 (IE8) vulnerability described in Security Advisory 2847140. This code-signed, easily downloadable and install-able Fix it package uses the Windows application compatibility toolkit to make a small change at runtime to mshtml.dll every time IE is loaded. Here …

Microsoft “Fix it” available to mitigate Internet Explorer 8 vulnerability Read More »

Fix it for Security Advisory 2794220 now available

We have updated Security Advisory 2749920 to include the Fix it we discussed in Saturday’s blog post.  This easy, one-click Fix it is available to everyone and prevents the vulnerability from being used for code execution without affecting your ability to browse the Web. Additionally, applying the Fix it does not require a reboot. While …

Fix it for Security Advisory 2794220 now available Read More »

MS12-083: Addressing a missing certificate revocation check in IP-HTTPS

MS12-083 is being released to address a Security Feature Bypass, a class of vulnerability for which we do not frequently release security updates. This is the third such instance, with MS12-001 and MS12-032 previously having addressed Security Feature bypasses. The security feature being bypassed in the case of MS12-083 is the revocation check in IP-HTTPS. …

MS12-083: Addressing a missing certificate revocation check in IP-HTTPS Read More »

MS12-074: Addressing a vulnerability in WPAD’s PAC file handling

Today we released MS12-074, addressing a Critical class vulnerability in the .NET Framework that could potentially allow remote code execution with no user interaction. This particular CVE, CVE-2012-4776, could allow an attacker on a local network to host a malicious WPAD PAC file containing script code which could be executed on a victim machine without …

MS12-074: Addressing a vulnerability in WPAD’s PAC file handling Read More »

Assessing risk for the October 2012 security updates

Today we released seven security bulletins addressing 20 CVEs (7 Microsoft and 13 Oracle CVE’s). Only one of the bulletins is rated Critical. The other six have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack …

Assessing risk for the October 2012 security updates Read More »

Additional information about Internet Explorer and Security Advisory 2757760

We will release a Fix it in the next few days to address an issue in Internet Explorer, as outlined in the Security Advisory 2757760 that we released yesterday.   While we have only seen a few attempts to exploit the issue, impacting an extremely limited number of people, we are taking this proactive step …

Additional information about Internet Explorer and Security Advisory 2757760 Read More »