Security Research & Defense

Information from Microsoft about vulnerabilities, mitigations and workarounds, active attacks, security research, tools and guidance

Browse by Tags

Related Posts
  • Blog Post: MS12-083: Addressing a missing certificate revocation check in IP-HTTPS

    MS12-083 is being released to address a Security Feature Bypass, a class of vulnerability for which we do not frequently release security updates. This is the third such instance, with MS12-001 and MS12-032 previously having addressed Security Feature bypasses. The security feature being bypassed in...
  • Blog Post: More information about the IIS authentication bypass

    Security Advisory 971492 provides official guidance about the new IIS authentication bypass vulnerability. We’d like to go into more detail in this blog to help you understand: Am I at risk? If so, what could happen? How can I protect myself? Which IIS configurations are at risk? Only...
  • Blog Post: Answers to the IIS WebDAV authentication bypass questions

    We have heard several questions from customers about the WebDAV authentication bypass issue on IIS. We wanted to post common questions and answers here to help anyone else who might have the same question. Question: Is Sharepoint vulnerable to the authentication bypass? Answer: No , Sharepoint...