MS10-030: Malicious Mail server vulnerability
Today we released the fix for CVE-2010-0816 in MS10-030. This vulnerability affects Outlook Express, Windows Mail, and Windows Live Mail. We recommend that you install the update as soon as possible,...
View ArticleMS10-049: An inside look at CVE-2009-3555, the TLS renegotiation vulnerability
This issue was identified by security researchers Marsh Ray and Steve Dispensa. The vulnerability exists because certain Transport Layer Security (TLS)/Secure Sockets Layer (SSL) protected protocols...
View ArticleProtecting yourself from attacks that leverage fraudulent DigiNotar digital...
Last week, we released Security Advisory 2607712, notifying customers that fraudulent digital certificates had been issued by certificate authority DigiNotar. We’d like to follow up on that...
View ArticleWeaknesses in MS-CHAPv2 authentication
MS-CHAP is the Microsoft version of the Challenge-Handshake Authentication Protocol and is described in RFC2759. A recent presentation by Moxie Marlinspike [1] has revealed a breakthrough which...
View ArticleEMET 4.0’s Certificate Trust Feature
Three weeks ago, we released a beta version of EMET 4.0 to get feedback on the new EMET features and to get more real-world testing before the official release. We have been amazed and so grateful for...
View Article
