Microsoft Security Advisory (973811): Extended Protection for Authentication - 3/9/2010
Revision Note: V1.3 (March 9, 2010): Updated the FAQ to announce the rerelease of the update that enables Internet Information Services to opt in to Extended Protection for Authentication. For more information, see Known issues in Microsoft Knowledge Base Article 973917. Advisory Summary:Microsoft is announcing the availability of a new feature, Extended Protection for Authentication, on the Wi...
Microsoft Security Advisory (981374): Vulnerability in Internet Explorer Could Allow Remote Code Execution - 3/9/2010
Revision Note: V1.0 (March 9, 2010): Advisory published. Advisory Summary:Microsoft is investigating new, public reports of a vulnerability in Internet Explorer 6 and Internet Explorer 7. Our investigation has shown that the latest version of the browser, Internet Explorer 8, is not affected. The main impact of the vulnerability is remote code execution. This advisory contains information about...
Microsoft Security Advisory (981169): Vulnerability in VBScript Could Allow Remote Code Execution - 3/1/2010
Revision Note: V1.0 (March 1, 2010): Advisory published. Advisory Summary:Microsoft is investigating new public reports of a possible vulnerability in VBScript that is exposed on supported versions of Microsoft Windows 2000, Windows XP, and Windows Server 2003 through the use of Internet Explorer. Our investigation has shown that the vulnerability cannot be exploited on Windows 7, Windows Serve...
Microsoft Security Advisory (980088): Vulnerability in Internet Explorer Could Allow Information Disclosure - 2/10/2010
Revision Note: V1.1 (February 10, 2010): Specified the mitigation offered by Protected Mode. Also clarified an FAQ and workaround pertaining to Protected Mode. Advisory Summary:Microsoft is investigating new public reports of a vulnerability in Internet Explorer. This advisory contains information about which versions of Internet Explorer are vulnerable as well as workarounds and mitigations fo...
Microsoft Security Advisory (977377): Vulnerability in TLS/SSL Could Allow Spoofing - 2/9/2010
Revision Note: V1.0 (February 9, 2010): Advisory published. Advisory Summary:Microsoft is investigating public reports of a vulnerability in the Transport Layer Security (TLS) and Secure Sockets Layer(SSL)protocols. At this time, Microsoft is not aware of any attacks attempting to exploit the reported vulnerability.
Microsoft Security Advisory (979682): Vulnerability in Windows Kernel Could Allow Elevation of Privilege - 2/9/2010
Revision Note: V2.0 (February 9, 2010): Advisory updated to reflect publication of security bulletin. Advisory Summary:Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS10-015 to address this issue. For more information about this issue, including download links for an available security update, please review MS10-015. The vulnerability addre...
Microsoft Security Advisory (980088): Vulnerability in Internet Explorer Could Allow Information Disclosure - 2/3/2010
Revision Note: V1.0 (February 3, 2010): Advisory published. Advisory Summary:Microsoft is investigating new public reports of a vulnerability in Internet Explorer. This advisory contains information about which versions of Internet Explorer are vulnerable as well as workarounds and mitigations for this issue.
Microsoft Security Advisory (979682): Vulnerability in Windows Kernel Could Allow Elevation of Privilege - 1/22/2010
Revision Note: V1.1 (January 22, 2010): Added links to Microsoft Knowledge Base Article 979682 in the Issue References table and Additional Suggestion Actions section. Added a link to Microsoft Knowledge Base Article 979682 to provide an automated Microsoft Fix it solution for the workaround, Disable the NTVDM subsystem. Advisory Summary:Security Advisory
Microsoft Security Advisory (979352): Vulnerability in Internet Explorer Could Allow Remote Code Execution - 1/21/2010
Revision Note: V2.0 (January 21, 2010): Advisory updated to reflect publication of security bulletin Advisory Summary:Microsoft has completed the investigation the public reports of this vulnerability. We have issued MS10-002 to address this issue. For more information about this issue, including download links for an available security update, please review MS10-002. The vulnerability addresse...
Microsoft Security Advisory (979352): Vulnerability in Internet Explorer Could Allow Remote Code Execution - 1/20/2010
Revision Note: V1.2 (January 20, 2010): Revised Executive Summary to reflect the changing nature of attacks attempting to exploit the vulnerability. Clarified information in the Mitigating Factors section for Data Execution Prevention (DEP) and Microsoft Outlook, Outlook Express, and Windows Mail. Clarified several Frequently Asked Questions to provide further details about the vulnerability an...
Microsoft Security Advisory (979682): Vulnerability in Windows Kernel Could Allow Elevation of Privilege - 1/20/2010
Revision Note: V1.0 (January 20, 2010): Advisory published. Advisory Summary:Security Advisory
Microsoft Security Advisory (979352): Vulnerability in Internet Explorer Could Allow Remote Code Execution - 1/15/2010
Revision Note: V1.1 (January 15, 2010): Revised Executive Summary to reflect investigation of limited targeted attacks. Added Data Execution Protection (DEP) information to Mitigating Factors section. Updated "How does configuring the Internet zone security setting to High protect me from this vulnerability?" in the Frequently Asked Questions section. Advisory Summary:Microsoft is investigating...
Microsoft Security Advisory (979352): Vulnerability in Internet Explorer Could Allow Remote Code Execution - 1/14/2010
Revision Note: Advisory published. Advisory Summary:Microsoft is investigating a report of a publicly exploited vulnerability in Internet Explorer. This advisory contains information about which versions of Internet Explorer are vulnerable as well as workarounds and mitigations for this issue.
Microsoft Security Advisory (979267): Vulnerabilities in Adobe Flash Player 6 Provided in Windows XP Could Allow Remote Code Execution - 1/12/2010
Revision Note: V1.0 (January 12, 2010): Advisory published. Advisory Summary:Security Advisory
Microsoft Security Advisory (954157): Security Enhancements for the Indeo Codec - 12/8/2009
Revision Note: V1.0 (December 8, 2009): Advisory published. Advisory Summary:Microsoft is announcing the availability of an update that provides security mitigations to the Indeo codec on supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003.
Microsoft Security Advisory (973811): Extended Protection for Authentication - 12/8/2009
Revision Note: V1.2 (December 8, 2009): Updated the FAQ with information about three non-security updates relating to Windows HTTP Services, HTTP Protocol Stack, and Internet Information Services. Advisory Summary:Microsoft is announcing the availability of a new feature, Extended Protection for Authentication, on the Windows platform. This feature enhances the protection and handling of creden...
Microsoft Security Advisory (974926): Credential Relaying Attacks on Integrated Windows Authentication - 12/8/2009
Revision Note: V1.0 (December 8, 2009): Advisory published. Advisory Summary:This advisory addresses the potential for attacks that affect the handling of credentials using Integrated Windows Authentication (IWA), and the mechanisms Microsoft has made available for customers to help protect against these attacks.
Microsoft Security Advisory (977981): Vulnerability in Internet Explorer Could Allow Remote Code Execution - 12/8/2009
Revision Note: V2.0 (December 8, 2009): Advisory updated to reflect publication of security bulletin. Advisory Summary:Microsoft has completed investigating public reports of this vulnerability. We have issued Microsoft Security Bulletin MS09-072 to address this issue. For more information about this issue, including download links for an available security update, please review MS09-072. The v...
Microsoft Security Advisory (977981): Vulnerability in Internet Explorer Could Allow Remote Code Execution - 11/25/2009
Revision Note: V1.1 (November 25, 2009): Corrected the CVE reference, added a mitigating factor concerning Web-based attacks, and clarified the workaround involving DEP. Advisory Summary:Microsoft is investigating new public reports of a vulnerability in Internet Explorer. This advisory contains information about which versions of Internet Explorer are vulnerable as well as workarounds and miti...
Microsoft Security Advisory (977981): Vulnerability in Internet Explorer Could Allow Remote Code Execution - 11/23/2009
Revision Note: Advisory published. Advisory Summary:Microsoft is investigating new public reports of a vulnerability in Internet Explorer. This advisory contains information about which versions of Internet Explorer are vulnerable as well as workarounds and mitigations for this issue.
