advisory

Today, we are updating the Certificate Trust List (CTL) for all supported releases of Microsoft Windows to remove the trust of mis-issued third-party digital certificates. These certificates could be used to spoof content and perform phishing or man-in-the-middle attacks against web properties...

Link Removed

Today, we released Security Advisory 2974294 to inform global customers about an update for the Microsoft Malware Protection Engine. This update addresses a privately disclosed issue and fixes a vulnerability that could allow a denial of service if the Microsoft Malware Protection Engine scans a...

Today we provide advance notification for the release of seven Bulletins, two rated Critical and five rated Important in severity. These Updates are for Microsoft Word, Microsoft Office and Internet Explorer. The Update for Internet Explorer addresses Link Removed, which we have not seen used in...

Revision Note: V1.0 (May 13, 2014): Advisory published. Summary: Microsoft is announcing the availability of an update for Microsoft .NET Framework that disables RC4 in Transport Layer Security (TLS) through the modification of the system registry. Use of RC4 in TLS could allow an attacker to...

Revision Note: V1.0 (May 13, 2014): Advisory published. Summary: With this advisory, Microsoft is revoking the digital signature for four private, third-party UEFI (Unified Extensible Firmware Interface) modules that could be loaded during UEFI Secure Boot. Continue reading...

At approximately 10 a.m. PDT, we will release an out-of-band security update to address the issue affecting Internet Explorer (IE) that was first discussed in Security Advisory 2963983. This update is fully tested and ready for release for all affected versions of the browser. The majority of...

Severity Rating: Revision Note: V22.0 (April 8, 2014): Added the 2942844 update to the Current Update section. Summary: Microsoft is announcing the availability of an update for Adobe Flash Player in Internet Explorer on all supported editions of Windows 8, Windows Server 2012, Windows RT...

Severity Rating: Revision Note: V1.1 (February 28, 2014): Advisory revised to announce a detection change in the 2862152 update for Windows 8.1 for 32-bit Systems, Windows 8.1 for x64-based Systems, Windows Server 2012 R2, and Windows RT 8.1. This is a detection change only. There were no...

Severity Rating: Revision Note: V2.0 (February 27, 2014): Revised advisory to rerelease update 2871690. The rereleased update addresses an issue where specific third-party BIOS versions did not properly validate the signature of the original update. Customers who have already successfully...

Severity Rating: Revision Note: V2.0 (December 10, 2013): Advisory updated to reflect publication of security bulletin. Summary: Microsoft has completed the investigation into a private report of this vulnerability. We have issued MS13-096 to address the Microsoft Graphics Component Memory...

Severity Rating: Revision Note: V1.0 (November 12, 2013): Advisory published. Summary: Microsoft is announcing the availability of an update for supported editions of Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, and Windows RT to address known weaknesses in RC4. The update...

Severity Rating: Revision Note: V2.0 (October 9, 2012): Revised advisory to rerelease the KB2661254 update for Windows XP and to announce that the KB2661254 update for all supported releases of Microsoft Windows is now offered through automatic updating. Customers who previously applied the...

Severity Rating: Revision Note: V1.0 (May 8, 2012): Advisory published. Summary: Microsoft is releasing a new set of ActiveX kill bits with this advisory. Continue reading...

Severity Rating: Revision Note: V2.0 (July 10, 2012): Advisory updated to reflect publication of security bulletin. Summary: Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS12-043 to address this issue. For more information about this...

Severity Rating: Revision Note: V2.0 (December 13, 2011): Advisory updated to reflect publication of security bulletins. Summary: Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS11-087 to address this issue. For more information about this...

Severity Rating: Revision Note: V1.0 (December, 10, 2013): Advisory published. Summary: Microsoft is announcing the availability of an update for Microsoft ASP.NET to address a vulnerability in ASP.NET view state that exists when Machine Authentication Code (MAC) validation is disabled through...

Today we released Security Advisory 2953095 to notify customers of a vulnerability in Microsoft Word. At this time, we are aware of limited, targeted attacks directed at Microsoft Word 2010. An attacker could cause remote code execution if someone was convinced to open a specially crafted Rich...

Today we provide advance notification for the release of five bulletins for March 2014, two rated Critical and thee rated Important in severity. These updates address issues in Microsoft Windows, Internet Explorer and Silverlight. The update provided in MS14-012 fully addresses the issue first...

Today, we released Security Advisory 2934088 regarding an issue that impacts Internet Explorer 9 and 10. Internet Explorer 6, 7, 8 and 11 are not affected. At this time, we are only aware of limited, targeted attacks against Internet Explorer 10. This issue allows remote code execution if users...