Security Research & Defense

Information from Microsoft about vulnerabilities, mitigations and workarounds, active attacks, security research, tools and guidance

Browse by Tags

Related Posts
  • Blog Post: Security Advisory 2868725: Recommendation to disable RC4

    In light of recent research into practical attacks on biases in the RC4 stream cipher, Microsoft is recommending that customers enable TLS1.2 in their services and take steps to retire and deprecate RC4 as used in their TLS implementations. Microsoft recommends TLS1.2 with AES-GCM as a more secure alternative...
  • Blog Post: Is SSL broken? – More about Security Bulletin MS12-006 (previously known as Security Advisory 2588513)

    On January 10 th , Microsoft released MS12-006 in response to a new vulnerability discovered in September in SSL 3.0 and TLS 1.0 . Here we would like to give further information about the technique used to exploit this vulnerability and workaround options Microsoft has released if you discover a compatibility...
  • Blog Post: MS10-049: An inside look at CVE-2009-3555, the TLS renegotiation vulnerability

    This issue was identified by security researchers Marsh Ray and Steve Dispensa. The vulnerability exists because certain Transport Layer Security (TLS)/Secure Sockets Layer (SSL) protected protocols assume that data received after a TLS renegotiation is sent by the same client as before the renegotiation...
  • Blog Post: MS10-049: A remote Code Execution vulnerability in SChannel, CVE-2010-2566

    In MS10-049, we are also addressing a second vulnerability, CVE-2010-2566 . This is a vulnerability in schannel.dll which can potentially lead to Remote Code Execution. The vulnerability is present only in Windows XP and Windows Server 2003, and does not affect Windows Vista, Windows Server 2008, Windows...