Sign in
Security Research & Defense
Information from Microsoft about vulnerabilities, mitigations and workarounds, active attacks, security research, tools and guidance
Connect
Postings are provided "AS IS" with no warranties, and confers no rights.
Get alerts when we update our blog!
Tags
.NET Framework
ActiveX
Adobe
ATL
Attack
Attack Surface Reduction
Attack Vector
authentication bypass
AutoPlay
AutoRun
CanSecWest
classid
clsid
COM
Defense-in-depth
DEP
detection
disassembly
dns
EMET
Exploitability
exploitation
FixIt
Font
full-disclosure
gdiplus
GS
HTML
ICMP
IE
IGMP
IIS
Internet Explorer (IE)
ISATAP
kernel
Killbit
malware
Man-in-the-Middle
Microsoft Office
Mitigations
ModSecurity
MS08-001
MS08-067
MS09-032
MS09-034
MS09-035
MS09-056
MS09-061
MS09-062
MS09-063
MS09-064
MS09-065
MS12-043
MSHTML
msmq
msvidctl
MSXML
MSXML5
multicast group
netmon
network
network capture
network protocol
NTLM
Open XML
phoenix bit
PKI
ProbeForRead
ProbeForWrite
protocol handlers
quartz.dll
rating
registry
Risk Asessment
RPC
safe for initialization
safe for scripting
Schannel
Security Bulletin
Security Science
Security Tools
security zones
SharePoint
signing
SMB
spoofing
SQL
SQL Injection
timing attack
TLS
tools
Visual Studio
win32k.sys
Windows Media components
WINS
Workarounds
XBAP
XSS
XSS Filter
Zero-Day Exploit
Browse by Tags
TechNet Blogs
>
Security Research & Defense
>
All Tags
>
schannel
Tagged Content List
Blog Post:
Is SSL broken? – More about Security Bulletin MS12-006 (previously known as Security Advisory 2588513)
swiat
On January 10 th , Microsoft released MS12-006 in response to a new vulnerability discovered in September in SSL 3.0 and TLS 1.0 . Here we would like to give further information about the technique used to exploit this vulnerability and workaround options Microsoft has released if you discover a compatibility...
on
26 Sep 2011
Blog Post:
MS10-049: An inside look at CVE-2009-3555, the TLS renegotiation vulnerability
swiat
This issue was identified by security researchers Marsh Ray and Steve Dispensa. The vulnerability exists because certain Transport Layer Security (TLS)/Secure Sockets Layer (SSL) protected protocols assume that data received after a TLS renegotiation is sent by the same client as before the renegotiation...
on
10 Aug 2010
Blog Post:
MS10-049: A remote Code Execution vulnerability in SChannel, CVE-2010-2566
swiat
In MS10-049, we are also addressing a second vulnerability, CVE-2010-2566 . This is a vulnerability in schannel.dll which can potentially lead to Remote Code Execution. The vulnerability is present only in Windows XP and Windows Server 2003, and does not affect Windows Vista, Windows Server 2008, Windows...
on
10 Aug 2010
Page 1 of 1 (3 items)