Today we released two bulletins to address vulnerabilities in SMB. MS10-006 addresses two vulnerabilities in the SMBv1 client implementation, and MS10-012addresses four vulnerabilities in the SMB server implementation. In this blog entry, we want to he…
This morning, we released 13 security bulletins. Five have maximum severity rating of Critical, seven Important, and one Moderate. One security bulletin (MS10-015, ntvdm.dll) has exploit code already published, but we are not aware of any active attack…
Security Advisory 977377: Vulnerability in TLS Could Allow Spoofing
In August of 2009, researchers at PhoneFactor discovered a vulnerability in the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. As the issue is present in the …
Today we are releasing MS10-007 to address a URL validation issue generally applicable to the ShellExecute API.
How would a malicious user leverage this vulnerability?
This issue involves how ShellExecute handles strings that appear to be legitimate UR…
