Security Research & Defense

Information from Microsoft about vulnerabilities, mitigations and workarounds, active attacks, security research, tools and guidance

Browse by Tags

Related Posts
  • Blog Post: MS10-049: An inside look at CVE-2009-3555, the TLS renegotiation vulnerability

    This issue was identified by security researchers Marsh Ray and Steve Dispensa. The vulnerability exists because certain Transport Layer Security (TLS)/Secure Sockets Layer (SSL) protected protocols assume that data received after a TLS renegotiation is sent by the same client as before the renegotiation...
  • Blog Post: MS10-049: A remote Code Execution vulnerability in SChannel, CVE-2010-2566

    In MS10-049, we are also addressing a second vulnerability, CVE-2010-2566 . This is a vulnerability in schannel.dll which can potentially lead to Remote Code Execution. The vulnerability is present only in Windows XP and Windows Server 2003, and does not affect Windows Vista, Windows Server 2008, Windows...