Security Research & Defense

Information from Microsoft about vulnerabilities, mitigations and workarounds, active attacks, security research, tools and guidance

Browse by Tags

Related Posts
  • Blog Post: MS08-001 (part 3) – The case of the IGMP network critical

    This is the final post in the three-part series covering MS08-001. In this post we’ll look at the IGMP vulnerability (CVE-2007-0069) and why we think successful exploitation for remote code execution is not likely. This vulnerability is around Windows’ handling of the IGMP and MLD protocols. These...
  • Blog Post: MS08-001 (part 2) – The case of the Moderate ICMP mitigations

    This is the second post in the three-part series covering MS08-001 . In this post we’ll look at the ICMP vulnerability (CVE-2007-0066) in more detail. This vulnerability is caused by Windows TCP/IP’s handling of the ICMP protocol, specifically regarding router advertisement messages. This post covers...
  • Blog Post: MS08-001 - The case of the Moderate, Important, and Critical network vulnerabilities

    Security bulletin MS08-001 addresses vulnerabilities described by two separate CVE numbers, as you can see in the bulletin. This post provides an overview of the two issues, the affected platforms and notes on the severity. We’ll be following this post up with two further entries that look at each issue...