Navigation section
advisory
-
3174644 - Updated Support for Diffie-Hellman Key Exchange - Version: 1.0
Revision Note: V1.0 (September 13, 2016): Advisory published. Summary: Continue reading...- News
- Thread
- advisory diffie-hellman key exchange microsoft published revision note security update september 2016 technet version 1.0
- Replies: 0
- Forum: Security Alerts
-
3155527 - Update to Cipher Suites for FalseStart - Version: 1.0
Revision Note: V1.0 (May 10, 2016): Advisory published. Summary: FalseStart allows the TLS client to send application data before receiving and verifying the server Finished message. This allows an attacker to launch a man-in-the-middle (MiTM) attack to force the TLS client to encrypt the first...- News
- Thread
- advisory application data attacker cipher suites ciphers client downgrade attack encryption falsestart man-in-the-middle microsoft mitm network security revision note security tls transport layer security update version 1.0
- Replies: 0
- Forum: Security Alerts
-
3155527 - Update to Cipher Suites for FalseStart - Version: 1.0
Revision Note: V1.0 (May 10, 2016): Advisory published. Summary: FalseStart allows the TLS client to send application data before receiving and verifying the server Finished message. This allows an attacker to launch a man-in-the-middle (MiTM) attack to force the TLS client to encrypt the first...- News
- Thread
- advisory application data cipher suites client downgrade attacks encryption falsestart microsoft mitm network security protocol records revision note security server technet tls update version 1.0
- Replies: 0
- Forum: Security Alerts
-
3137909 - Vulnerabilities in ASP.NET Templates Could Allow Tampering - Version: 1.1
Revision Note: V1.1 (February 10, 2016): Advisory updated to include download information for Microsoft ASP.NET Web Frameworks, and Tools and Microsoft ASP.NET and Web Tools. This is an informational change only. Summary: Microsoft is releasing this security advisory to provide information about...- News
- Thread
- 2016 advisory asp.net components development february guidance information microsoft mvc5 mvc6 public versions revision security tampering tools update visual studio vulnerabilities web frameworks
- Replies: 0
- Forum: Security Alerts
-
3123479 - Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program -...
Revision Note: V1.0 (January 12, 2016): Advisory published. Summary: Microsoft is announcing a policy change to the Microsoft Root Certificate Program. The new policy no longer allows root certificate authorities to issue X.509 certificates using the SHA-1 hashing algorithm for the purposes of...- News
- Thread
- 2016 advisory attacks code signing deprecation digital certificates man-in-the-middle microsoft phishing policy change revision note root certificate security sha-1 spoofing ssl technet v1.0 x.509
- Replies: 0
- Forum: Security Alerts
-
3118753 - Updates for ActiveX Kill Bits 3118753 - Version: 1.0
Revision Note: V1.0 (January 12, 2016): Advisory published. Summary: Microsoft is releasing a new set of ActiveX kill bits with this advisory. These ActiveX kill bits are included in the Internet Explorer cumulative update released on January 12, 2016. Continue reading...- News
- Thread
- activex advisory browser security content advisory cumulative update internet explorer january 2016 kill bits microsoft patch management revision note security security advisory software update tech news update version 1.0 vulnerability web browsing
- Replies: 0
- Forum: Security Alerts
-
3118753 - Updates for ActiveX Kill Bits 3118753 - Version: 1.0
Revision Note: V1.0 (January 12, 2016): Advisory published. Summary: Microsoft is releasing a new set of ActiveX kill bits with this advisory. These ActiveX kill bits are included in the Internet Explorer cumulative update released on January 12, 2016. Continue reading...- News
- Thread
- activex advisory cumulative internet explorer january 2016 kill bits microsoft revision note security update version 1.0 web security windows
- Replies: 0
- Forum: Security Alerts
-
3123479 - Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program -...
Revision Note: V1.0 (January 12, 2016): Advisory published. Summary: Microsoft is announcing a policy change to the Microsoft Root Certificate Program. The new policy no longer allows root certificate authorities to issue X.509 certificates using the SHA-1 hashing algorithm for the purposes of...- News
- Thread
- 2016 advisory attacks code signing content spoofing deprecation digital certificates hashing algorithm man-in-the-middle microsoft phishing policy change revision note root certificate security sha-1 ssl x.509
- Replies: 0
- Forum: Security Alerts
-
3123040 - Inadvertently Disclosed Digital Certificate Could Allow Spoofing - Version: 1.0
Revision Note: V1.0 (December 8, 2015): Advisory published. Summary: Microsoft is aware of an SSL/TLS digital certificate for *.xboxlive.com for which the private keys were inadvertently disclosed. The certificate could be used in attempts to perform man-in-the-middle attacks. It cannot be used...- News
- Thread
- advisory certificate cybersecurity digital certificate man-in-the-middle microsoft private keys security security advisory spoofing ssl supported releases technet tls update v1.0 vulnerability windows xbox live
- Replies: 0
- Forum: Security Alerts
-
3123040 - Inadvertently Disclosed Digital Certificate Could Allow Spoofing - Version: 1.0
Revision Note: V1.0 (December 8, 2015): Advisory published. Summary: Microsoft is aware of an SSL/TLS digital certificate for *.xboxlive.com for which the private keys were inadvertently disclosed. The certificate could be used in attempts to perform man-in-the-middle attacks. It cannot be used...- News
- Thread
- 2015 advisory certificate cybersecurity digital certificate man-in-the-middle microsoft private keys revision note security spoofing ssl support technet tls update v1.0 vulnerability windows xbox live
- Replies: 0
- Forum: Security Alerts
-
3119884 - Inadvertently Disclosed Digital Certificates Could Allow Spoofing - Version: 1.0
Revision Note: V1.0 (November 30, 2015): Advisory published. Summary: Microsoft is aware of unconstrained digital certificates from Dell Inc. for which the private keys were inadvertently disclosed. One of these unconstrained certificates could be used to issue other certificates, impersonate...- News
- Thread
- advisory attack prevention content spoofing cybersecurity dell inc digital certificates domain impersonation man-in-the-middle microsoft phishing private keys revision note security software vulnerability spoofing supported releases tech news v1.0 windows
- Replies: 0
- Forum: Security Alerts
-
3119884 - Inadvertently Disclosed Digital Certificates Could Allow Spoofing - Version: 1.0
Revision Note: V1.0 (November 30, 2015): Advisory published. Summary: Microsoft is aware of unconstrained digital certificates from Dell Inc. for which the private keys were inadvertently disclosed. One of these unconstrained certificates could be used to issue other certificates, impersonate...- News
- Thread
- 2015 advisory attack awareness content spoofing cybersecurity dell digital certificates impersonation man-in-the-middle microsoft phishing private keys revision security spoofing supported releases v1.0 vulnerability windows
- Replies: 0
- Forum: Security Alerts
-
3108638 - Update for Windows Hyper-V to Address CPU Weakness - Version: 1.0
Revision Note: V1.0 (November 10, 2015): Advisory published. Summary: Microsoft is announcing the availability of a security update for Windows Hyper-V to protect against a denial of service condition that can be triggered with certain central processing unit (CPU) chipsets. Although the...- News
- Thread
- 2015 advisory chipset cpu denial of service exploitation hyper-v kernel mode microsoft patch security system update technology update version 1.0 virtualization weakness windows
- Replies: 0
- Forum: Security Alerts
-
Microsoft security advisory: Update to improve AppLocker certificate handling: September 8,...
Link Removed- News
- Thread
- advisory applocker certificate handling microsoft security september update
- Replies: 0
- Forum: Knowledge Base (KB)
-
3074162 - Vulnerability in Microsoft Malicious Software Removal Tool Could Allow Elevation...
Severity Rating: Important Revision Note: V1.0 (July 14, 2015): Advisory published Summary: Microsoft is releasing this security advisory to inform customers that an update to the Microsoft Malicious Software Removal Tool (MSRT) is available that addresses a security vulnerability that was...- News
- Thread
- 2015 administrative rights advisory attack cybersecurity dll elevation of privilege exploit malicious software removal tool microsoft msrt privileges revision note risk security system security technet update vulnerability
- Replies: 0
- Forum: Security Alerts
-
June 2015 Updates
Today, as part of Update Tuesday, we released 8 security bulletins. We encourage customers to apply all of these updates. For more information about this month’s security updates, including the detailed view of the Exploitability Index (XI), visit the Microsoft Bulletin Summary webpage. If you...- News
- Thread
- advisory bulletins cybersecurity exploitability index insecurity it security june 2015 malware microsoft monthly update msrc patch security software update system patch technet threat updates vulnerability windows update
- Replies: 0
- Forum: Security Alerts
-
3042058 - Update to Default Cipher Suite Priority Order - Version: 1.0
Revision Note: V1.0 (May 12, 2015): Advisory published. Summary: Microsoft is announcing the availability of an update to cryptographic cipher suite prioritization in Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, and Windows Server 2012 R2. The update adds...- News
- Thread
- advisory cipher cipher suites cryptography default encryption improvements microsoft os update priority security server 2008 server 2012 server 2012 r2 system update update version 1.0 windows 7 windows 8 windows 8.1
- Replies: 0
- Forum: Security Alerts
-
May 2015 Updates
Today, as part of Update Tuesday, we released 13 security bulletins. We encourage customers to apply all of these updates. For more information about this month’s security updates, including a detailed view of the Exploitability Index (XI), visit the Microsoft Bulletin Summary webpage. If you...- News
- Thread
- advisory bulletins customer advisory cybersecurity exploitability index follow information may updates microsoft msrc networking patch security technet threats twitter update tuesday updates vulnerabilities windows
- Replies: 0
- Forum: Security Alerts
-
Microsoft security advisory: Update to default cipher suite priority order: May 12, 2015
Link Removed- News
- Thread
- 2015 advisory cipher may microsoft order priority security suite update
- Replies: 0
- Forum: Knowledge Base (KB)
-
3042058 - Update to Default Cipher Suite Priority Order - Version: 1.0
Revision Note: V1.0 (May 12, 2015): Advisory published. Summary: Microsoft is announcing the availability of an update to cryptographic cipher suite prioritization in Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, and Windows Server 2012 R2. The update adds...- News
- Thread
- advisory cipher cryptography default encryption improvements prioritization security suite update windows 7 windows 8 windows 8.1 windows server
- Replies: 0
- Forum: Security Alerts