advisory

Today, as part of Update Tuesday, we released 13 security bulletins. We encourage customers to apply all of these updates. For more information about this month’s security updates, including a detailed view of the Exploitability Index (XI), visit the Microsoft Bulletin Summary webpage. If you...

Link Removed

Revision Note: V1.0 (May 12, 2015): Advisory published. Summary: Microsoft is announcing the availability of an update to cryptographic cipher suite prioritization in Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, and Windows Server 2012 R2. The update adds...

Link Removed

Revision Note: V1.0 (May 1, 2015): V1.0 (May 1, 2015): Advisory published. Summary: Microsoft is offering the Local Administrator Password Solution (LAPS) that provides a solution to the issue of using a common local account with an identical password on every computer in a domain. LAPS resolves...

Today, as part of Update Tuesday, we released 11 security bulletins. We encourage customers to apply all of these updates. For more information about this month’s security updates, including the detailed view of the Exploitability Index (XI), visit the Microsoft Bulletin Summary webpage. If you...

Revision Note: V1.0 (March 24, 2015): Advisory published. Summary: Microsoft is aware of improperly issued digital certificates coming from the subordinate CA, MCS Holdings, which could be used in attempts to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. The...

Revision Note: V1.0 (March 16, 2015): Advisory published. Summary: Microsoft is aware of an improperly issued SSL certificate for the domain “live.fi” that could be used in attempts to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. This issue affects all supported...

Revision Note: V1.0 (March 16, 2015): Advisory published. Summary: Microsoft is aware of an improperly issued SSL certificate for the domain “live.fi” that could be used in attempts to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. This issue affects all supported...

Revision Note: V1.0 (March 10, 2015): Advisory published. Summary: Microsoft is announcing the reissuance of an update for all supported editions of Windows 7 and Windows Server 2008 R2 to add support for SHA-2 signing and verification functionality. This update supersedes the 2949927 update...

Today, we released Link Removed to provide guidance to customers in response to the SSL/TLS issue referred to by researchers as “FREAK” (Factoring attack on RSA-EXPORT Keys). Our investigation continues and we’ll take the necessary steps to protect our customers. MSRC Team Continue reading...

Severity Rating: Important Revision Note: V1.1 (March 5, 2015): Advisory revised to clarify the reason why no workaround exists for systems running Windows Server 2003. See the Advisory FAQ for more information. Summary: Microsoft is aware of a security feature bypass vulnerability in Secure...

Link Removed

Today, as part of Update Tuesday, we released nine security bulletins – three rated Critical and six rated Important in severity, to address 56 unique Common Vulnerabilities and Exposures (CVEs) in Microsoft Windows, Microsoft Office, Internet Explorer, and Microsoft Server software. We...

For years our customers have been in the trenches against cyberattacks in an increasingly complex digital landscape. We’ve been there with you, as have others. And we aren’t going anywhere. Forces often seek to undermine and disrupt technology and people, attempting to weaken the very devices...

Today, we released Security Advisory 3010060 to provide additional protections regarding limited, targeted attacks directed at Microsoft Windows customers. A cyberattacker could cause remote code execution if someone is tricked into opening a maliciously-crafted PowerPoint document that contains...

Revision Note: V1.0 (October 21, 2014): Advisory published. Summary: Microsoft is aware of a vulnerability affecting all supported releases of Microsoft Windows, excluding Windows Server 2003. The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft...

Microsoft have withdrawn a recently released security patch for Windows 7 due to issues: Ref: https://technet.microsoft.com/en-us/library/security/2949927

Revision Note: V1.0 (October 14, 2014): Advisory published. Summary: Microsoft is announcing the availability of an update for all supported editions of Windows 7 and Windows Server 2008 R2 to add support for SHA-2 signing and verification functionality. Windows 8, Windows 8.1, Windows Server...

Today, we released Link Removed to address a vulnerability in Secure Sockets Layer (SSL) 3.0 which could allow information disclosure. This is an industry-wide vulnerability that affects the protocol itself, and is not specific to Microsoft’s implementation of SSL or the Windows operating...