advisory

  1. CERT warns against using several Netgear routers until a security fix is issued

    Netgear has published a security advisory noting that a handful of popular router models made by Netgear are affected by a serious security vulnerability that could allow remote hackers to take control. "Netgear has recently become aware of the security issue #582384 that allows unauthenticated...
    • kemical
    • Thread
    • advisory beta firmware command injection cve-2016-582384 firmware hackers netgear nighthawk patch r6250 r6400 r6700 r7000 r8000 remote access router security temporary solution vulnerability
    • Replies: 5
    • Forum: Windows Security

  2. Microsoft security advisory: Update for disabling RC4

    Continue reading...
    • News
    • Thread
    • advisory best practices cryptography cybersecurity encryption guidelines information microsoft network security patch rc4 safety security support tech news tech updates update vulnerability windows
    • Replies: 0
    • Forum: Knowledge Base (KB)

  3. Microsoft security advisory: Updated support for Diffie-Hellman Key Exchange

    Continue reading...
    • News
    • Thread
    • advisory diffie-hellman key exchange microsoft security support
    • Replies: 0
    • Forum: Knowledge Base (KB)

  4. 3174644 - Updated Support for Diffie-Hellman Key Exchange - Version: 1.0

    Revision Note: V1.0 (September 13, 2016): Advisory published. Summary: Continue reading...
    • News
    • Thread
    • advisory diffie-hellman extended security updates key exchange microsoft published revision note september technet version 1.0
    • Replies: 0
    • Forum: Security Alerts

  5. 3155527 - Update to Cipher Suites for FalseStart - Version: 1.0

    Revision Note: V1.0 (May 10, 2016): Advisory published. Summary: FalseStart allows the TLS client to send application data before receiving and verifying the server Finished message. This allows an attacker to launch a man-in-the-middle (MiTM) attack to force the TLS client to encrypt the first...
    • News
    • Thread
    • advisory application data attacker cipher cipher suites client downgrade attack encryption falsestart man-in-the-middle microsoft mitm network security revision note security tls transport layer security update version 1.0
    • Replies: 0
    • Forum: Security Alerts

  6. 3155527 - Update to Cipher Suites for FalseStart - Version: 1.0

    Revision Note: V1.0 (May 10, 2016): Advisory published. Summary: FalseStart allows the TLS client to send application data before receiving and verifying the server Finished message. This allows an attacker to launch a man-in-the-middle (MiTM) attack to force the TLS client to encrypt the first...
    • News
    • Thread
    • advisory application data cipher suites client downgrade attack encryption falsestart microsoft mitm network security protocol record revision note security server technet tls update version 1.0
    • Replies: 0
    • Forum: Security Alerts

  7. 3137909 - Vulnerabilities in ASP.NET Templates Could Allow Tampering - Version: 1.1

    Revision Note: V1.1 (February 10, 2016): Advisory updated to include download information for Microsoft ASP.NET Web Frameworks, and Tools and Microsoft ASP.NET and Web Tools. This is an informational change only. Summary: Microsoft is releasing this security advisory to provide information about...
    • News
    • Thread
    • 2016 advisory asp.net components development february guidance information microsoft mvc5 mvc6 public versions revision security tampering tools update visual studio vulnerabilities web frameworks
    • Replies: 0
    • Forum: Security Alerts

  8. 3123479 - Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program -...

    Revision Note: V1.0 (January 12, 2016): Advisory published. Summary: Microsoft is announcing a policy change to the Microsoft Root Certificate Program. The new policy no longer allows root certificate authorities to issue X.509 certificates using the SHA-1 hashing algorithm for the purposes of...
    • News
    • Thread
    • 2016 advisory attack certificate code signing deprecation digital certificates man-in-the-middle microsoft phishing policy change revision note root certificate security sha1 spoofing ssl technet v1.0 x.509
    • Replies: 0
    • Forum: Security Alerts

  9. 3118753 - Updates for ActiveX Kill Bits 3118753 - Version: 1.0

    Revision Note: V1.0 (January 12, 2016): Advisory published. Summary: Microsoft is releasing a new set of ActiveX kill bits with this advisory. These ActiveX kill bits are included in the Internet Explorer cumulative update released on January 12, 2016. Continue reading...
    • News
    • Thread
    • 2016 activex advisory browser security content advisory cumulative update internet explorer kill bits microsoft patch management revision note security security advisory software update tech news update version 1.0 vulnerability web browsing
    • Replies: 0
    • Forum: Security Alerts

  10. 3118753 - Updates for ActiveX Kill Bits 3118753 - Version: 1.0

    Revision Note: V1.0 (January 12, 2016): Advisory published. Summary: Microsoft is releasing a new set of ActiveX kill bits with this advisory. These ActiveX kill bits are included in the Internet Explorer cumulative update released on January 12, 2016. Continue reading...
    • News
    • Thread
    • 2016 activex advisory cumulative internet explorer kill bits microsoft revision note security update version 1.0 web security windows
    • Replies: 0
    • Forum: Security Alerts

  11. 3123479 - Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program -...

    Revision Note: V1.0 (January 12, 2016): Advisory published. Summary: Microsoft is announcing a policy change to the Microsoft Root Certificate Program. The new policy no longer allows root certificate authorities to issue X.509 certificates using the SHA-1 hashing algorithm for the purposes of...
    • News
    • Thread
    • 2016 advisory attack certificate code signing content spoofing deprecation digital certificates hashing man-in-the-middle microsoft phishing policy change revision note root certificate security sha1 ssl x.509
    • Replies: 0
    • Forum: Security Alerts

  12. 3123040 - Inadvertently Disclosed Digital Certificate Could Allow Spoofing - Version: 1.0

    Revision Note: V1.0 (December 8, 2015): Advisory published. Summary: Microsoft is aware of an SSL/TLS digital certificate for *.xboxlive.com for which the private keys were inadvertently disclosed. The certificate could be used in attempts to perform man-in-the-middle attacks. It cannot be used...
    • News
    • Thread
    • advisory certificate cybersecurity digital certificates man-in-the-middle microsoft private keys security security advisory spoofing ssl supported releases technet tls update v1.0 vulnerability windows xbox live
    • Replies: 0
    • Forum: Security Alerts

  13. 3123040 - Inadvertently Disclosed Digital Certificate Could Allow Spoofing - Version: 1.0

    Revision Note: V1.0 (December 8, 2015): Advisory published. Summary: Microsoft is aware of an SSL/TLS digital certificate for *.xboxlive.com for which the private keys were inadvertently disclosed. The certificate could be used in attempts to perform man-in-the-middle attacks. It cannot be used...
    • News
    • Thread
    • 2015 advisory certificate cybersecurity digital certificates man-in-the-middle microsoft private keys revision note security spoofing ssl support technet tls update v1.0 vulnerability windows xbox live
    • Replies: 0
    • Forum: Security Alerts

  14. 3119884 - Inadvertently Disclosed Digital Certificates Could Allow Spoofing - Version: 1.0

    Revision Note: V1.0 (November 30, 2015): Advisory published. Summary: Microsoft is aware of unconstrained digital certificates from Dell Inc. for which the private keys were inadvertently disclosed. One of these unconstrained certificates could be used to issue other certificates, impersonate...
    • News
    • Thread
    • advisory attack prevention content spoofing cybersecurity dell digital certificates domain impersonation man-in-the-middle microsoft phishing private keys revision note security spoofing supported releases tech news v1.0 vulnerability windows
    • Replies: 0
    • Forum: Security Alerts

  15. 3119884 - Inadvertently Disclosed Digital Certificates Could Allow Spoofing - Version: 1.0

    Revision Note: V1.0 (November 30, 2015): Advisory published. Summary: Microsoft is aware of unconstrained digital certificates from Dell Inc. for which the private keys were inadvertently disclosed. One of these unconstrained certificates could be used to issue other certificates, impersonate...
    • News
    • Thread
    • 2015 advisory attack awareness content spoofing cybersecurity dell digital certificates impersonation man-in-the-middle microsoft phishing private keys revision security spoofing supported releases v1.0 vulnerability windows
    • Replies: 0
    • Forum: Security Alerts

  16. 3108638 - Update for Windows Hyper-V to Address CPU Weakness - Version: 1.0

    Revision Note: V1.0 (November 10, 2015): Advisory published. Summary: Microsoft is announcing the availability of a security update for Windows Hyper-V to protect against a denial of service condition that can be triggered with certain central processing unit (CPU) chipsets. Although the...
    • News
    • Thread
    • 2015 advisory chipset cpu denial of service exploitation hyper-v kernel-mode microsoft operating system patch security system update technology update version 1.0 virtualization weakness windows
    • Replies: 0
    • Forum: Security Alerts

  17. Microsoft security advisory: Update to improve AppLocker certificate handling: September 8,...

    Link Removed
    • News
    • Thread
    • advisory applocker certificate handling microsoft security september update
    • Replies: 0
    • Forum: Knowledge Base (KB)

  18. 3074162 - Vulnerability in Microsoft Malicious Software Removal Tool Could Allow Elevation...

    Severity Rating: Important Revision Note: V1.0 (July 14, 2015): Advisory published Summary: Microsoft is releasing this security advisory to inform customers that an update to the Microsoft Malicious Software Removal Tool (MSRT) is available that addresses a security vulnerability that was...
    • News
    • Thread
    • 2015 admin rights advisory attack cybersecurity dll elevation of privilege exploit malicious software removal tool microsoft msrt privilege revision note risk security technet update vulnerability
    • Replies: 0
    • Forum: Security Alerts

  19. June 2015 Updates

    Today, as part of Update Tuesday, we released 8 security bulletins. We encourage customers to apply all of these updates. For more information about this month’s security updates, including the detailed view of the Exploitability Index (XI), visit the Microsoft Bulletin Summary webpage. If you...
    • News
    • Thread
    • 2015 advisory bulletin cybersecurity exploitability insecurity malware microsoft monthly update msrc patch security software update system patch technet threats update vulnerability windows update
    • Replies: 0
    • Forum: Security Alerts

  20. 3042058 - Update to Default Cipher Suite Priority Order - Version: 1.0

    Revision Note: V1.0 (May 12, 2015): Advisory published. Summary: Microsoft is announcing the availability of an update to cryptographic cipher suite prioritization in Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, and Windows Server 2012 R2. The update adds...
    • News
    • Thread
    • advisory cipher cipher suites cryptography default encryption improvements microsoft os upgrade priority security server 2008 server 2012 system update update version 1.0 windows 7 windows 8 windows 8.1
    • Replies: 0
    • Forum: Security Alerts