advisory

Rockwell Automation’s FactoryTalk Optix has a newly publicized vulnerability that demands immediate attention from OT and IT teams: a lack of URI sanitization in the product’s embedded MQTT broker allows remote loading of Mosquitto plugins and can lead to remote code execution (RCE), affecting...

Mitsubishi Electric’s MELSEC iQ‑F family of CPU modules is the subject of a fresh industrial‑control systems advisory describing a remotely exploitable denial‑of‑service condition in the product’s embedded Web server function — an issue that can be triggered by specially crafted HTTP traffic and...

Schneider Electric’s EcoStruxure platform is at the cutting edge of smart energy, building, and infrastructure management, underpinning critical operations at facilities ranging from industrial plants and data centers to commercial buildings. Designed with layered digital intelligence and...

The cybersecurity landscape has never been more volatile, and few recent warnings have reflected this more acutely than the joint Fact Sheet released by the Cybersecurity and Infrastructure Security Agency (CISA) in collaboration with the Federal Bureau of Investigation (FBI), the Department of...

Original release date: July 28, 2021 Summary This Joint Cybersecurity Advisory was coauthored by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), the United Kingdom’s National Cyber Security Centre (NCSC), and the U.S. Federal Bureau...

Original release date: July 19, 2021 Summary This advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9, and MITRE D3FEND™ framework, version 0.9.2-BETA-3. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques...

We couldn’t do BlueHat without the Content Advisory Board, the brain trust reviewing submissions to the CFP. Representing both Microsoft and other parts of security community, the CAB applies their industry and speaker experience to create the BlueHat agenda that’s the right mix of topics and...

Revision Note: V3.0 (January 9, 2018): Microsoft has released an update for all supported editions of Microsoft Excel that allows users to set the functionality of the DDE protocol based on their environment. For more information and to download the update, see ADV170021. Summary: Microsoft is...

Revision Note: V1.0 (August 8, 2017): Advisory published. Summary: Microsoft is releasing this security advisory to provide information regarding security settings for applications developed with the Microsoft Internet Explorer layout engine, also known as the Trident layout engine. This...

Revision Note: V1.0 (December 12, 2017): Advisory published. Summary: Microsoft is releasing this security advisory to provide information regarding security settings for the AD DS (Active Directory Domain Services) account used by Azure AD Connect for directory synchronization. This advisory...

Revision Note: V1.0 (June 27, 2017): Advisory published. Summary: Microsoft is releasing this security advisory to inform customers that a new version of Azure Active Directory (AD) Connect is available that addresses an Important security vulnerability. Continue reading...

Revision Note: V2.0 (March 14, 2017): Advisory rereleased to announce that the changes described in this advisory have been reverted as of November 2016. This is an informational change only. Summary: Microsoft is announcing a policy change to the Microsoft Root Certificate Program. Continue...

Severity Rating: Critical Revision Note: V1.2 (May 12, 2017): Added entries into the affected software table. This is an informational change only. Summary: Microsoft is releasing this security advisory to inform customers that an update to the Microsoft Malware Protection Engine addresses a...

Revision Note: V1.0 (January 27, 2017): Advisory published. Summary: Microsoft is releasing this security advisory to provide information about a vulnerability in the public versions of ASP.NET Core MVC 1.1.0. This advisory also provides guidance on what developers can do to update their...

Revision Note: V1.0 (January 10, 2017): Advisory published. Summary: Microsoft is releasing this security advisory to provide information about a vulnerability in the public version of Identity Model Extensions 5.1.0. This advisory also provides guidance on what developers can do to help ensure...

Revision Note: V1.0 (September 13, 2016): Advisory published. Summary: Microsoft is releasing this security advisory to provide information about a vulnerability in the public versions of ASP.NET Core MVC 1.0.0. This advisory also provides guidance on what developers can do to help ensure that...

Revision Note: V1.0 (September 13, 2016): Advisory published. Summary: Continue reading...

Revision Note: V1.1 (February 10, 2016): Advisory updated to include download information for Microsoft ASP.NET Web Frameworks, and Tools and Microsoft ASP.NET and Web Tools. This is an informational change only. Summary: Microsoft is releasing this security advisory to provide information about...

Revision Note: V1.0 (January 12, 2016): Advisory published. Summary: Microsoft is releasing a new set of ActiveX kill bits with this advisory. These ActiveX kill bits are included in the Internet Explorer cumulative update released on January 12, 2016. Continue reading...

Revision Note: V1.1 (October 13, 2015): Advisory revised to announce that the Default Cipher Suite Prioritization update (3042058), originally released May 12, 2015 via the Microsoft Download Center (DLC) only, is now also available via Microsoft Update (MU) and Windows Server Update Services...