Workarounds

Regarding MS11-004, Addressing an IIS FTP Services Vulnerability

Today we released MS11-004 to address a vulnerability in the Microsoft FTP service an optional component of Internet Information Services (IIS). In this blog, we would like to cover some additional technical details of this vulnerability. First, we want to clarify that the vulnerability lies in the FTP service component of IIS. The FTP service …

Regarding MS11-004, Addressing an IIS FTP Services Vulnerability Read More »

More information about the MHTML Script Injection vulnerability

Today we released Security Advisory 2501696 to alert customers to a publicly disclosed vulnerability in the MHTML protocol handler. This vulnerability could allow attackers to construct malicious links pointing to HTML documents that, when clicked, would render the targeted document and reflected script in the security context of the user and target location. The end …

More information about the MHTML Script Injection vulnerability Read More »

New workaround included in Security Advisory 2488013

We have just updated Security Advisory 2488013 for the publicly-disclosed Internet Explorer CSS vulnerability.  It now reflects the fact that limited attacks attempting to exploit this vulnerability are present in-the-wild. The advisory also includes a new workaround that can help protect your computers until a security update is available.  This workaround is different from the …

New workaround included in Security Advisory 2488013 Read More »

Assessing the risk of public issues currently being tracked by the MSRC

At Microsoft, as at most large software vendors, we are likely to have publicly known issues under investigation at any given time. This is what we do on the Security Research & Defense team. Recently we’ve seen confusion from folks trying to make sense of some of the current public issues. To help clear that …

Assessing the risk of public issues currently being tracked by the MSRC Read More »

New Internet Explorer vulnerability affecting all versions of IE

Today we released Security Advisory 2488013 to notify customers of a new publicly-disclosed vulnerability in Internet Explorer (IE). This vulnerability affects all versions of IE. Exploiting this vulnerability could lead to unauthorized remote code execution inside the iexplore.exe process. Proof-of-concept exploit bypasses ASLR and DEP The Metasploit project recently published an exploit for this vulnerability …

New Internet Explorer vulnerability affecting all versions of IE Read More »

DEP, EMET protect against attacks on the latest Internet Explorer vulnerability

Today we released Security Advisory 2458511 notifying customers of limited attacks leveraging an Internet Explorer vulnerability. The beta version of Internet Explorer 9 is not affected while Internet Explorer 6, 7, and 8 are affected. So far the attacks we have seen only target Internet Explorer versions 6 and 7 on Windows XP.  Attacks would …

DEP, EMET protect against attacks on the latest Internet Explorer vulnerability Read More »

Security Advisory 2416728 – Workaround Update

Hi everyone – We’ve updated Microsoft Security Advisory 2416728 to include a step in the workaround requiring the blocking of requests that specify the application error path on the querystring.  This can be done using URLScan, a free tool for Internet Information Services (IIS) that can selectively block requests based on rules defined by the administrator. …

Security Advisory 2416728 – Workaround Update Read More »

Security Advisory 2416728 Released

Hi everyone, Today we released Security Advisory 2416728 describing a publicly disclosed vulnerability in ASP.NET that affects all versions of the .NET Framework. At this time we are not aware of any attacks using this vulnerability and we encourage customers to review the advisory for mitigations and workarounds. Our Security Research & Defense team has …

Security Advisory 2416728 Released Read More »

An update on the DLL-preloading remote attack vector

Last week, we released Security Advisory 2269637 notifying customers of a publicly disclosed remote attack vector to a class of vulnerabilities affecting applications that load dynamic-link libraries (DLL’s) in an insecure manner. At that time, we also released a tool to help protect systems by disallowing unsafe DLL-loading behavior. Today we wanted to provide an …

An update on the DLL-preloading remote attack vector Read More »

More information about the DLL Preloading remote attack vector

Today we released Security Advisory 2269637 notifying customers of a remote attack vector to a class of vulnerabilities affecting applications that load DLL’s in an insecure manner. The root cause of this issue has been understood by developers for some time. However, last week researchers published a remote attack vector for these issues, whereas in …

More information about the DLL Preloading remote attack vector Read More »