advisory

  1. News

    Microsoft Security Advisory (2719662): Vulnerabilities in Gadgets Could Allow Remote Code...

    Revision Note: V1.1 (July 3, 2013): Clarified that disabling Windows Sidebar and Gadgets can help protect customers from potential attacks that leverage Gadgets to execute arbitrary code. This is an informational change only. Summary: Microsoft is announcing the availability of an automated...
  2. News

    Predictions for 2014 and the December 2013 Security Bulletin Webcast, Q&A, and Slide Deck

    Today we’re publishing the Link Removed. We answered 17 questions in total, with the majority of questions focusing on the Graphics Component bulletin (MS13-096), Security Advisory 2915720 and Security Advisory 2905247. We also wanted to note a new blog on the Microsoft Security Blog site on...
  3. News

    MS13-002 - Critical : Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code...

    Severity Rating: Critical Revision Note: V1.2 (December 16, 2013): Revised bulletin to announce a detection change to correct an offering issue for Windows RT (2757638). This is a detection change only. There were no changes to the update files. Customers who have successfully installed the...
  4. News

    Microsoft Releases Security Advisory 2896666

    Today we released Security Advisory 2896666 regarding an issue that affects customers using Microsoft Windows Vista and Windows Server 2008, Microsoft Office 2003 through 2010, and all supported versions of Microsoft Lync. We are aware of targeted attacks, largely in the Middle East and South...
  5. News

    Omphaloskepsis and the December 2013 Security Update Release

    There are times when we get too close to a topic. We familiarize ourselves with every aspect and nuance, but fail to recognize not everyone else has done the same. Whether you consider this myopia, navel-gazing, or human nature, the effect is the same. I recognized this during the recent webcast...
  6. News

    Microsoft security advisory: Improperly issued digital certificates could allow spoofing

    Link Removed
  7. News

    Microsoft Security Advisory (2915720): Changes in Windows Authenticode Signature Verification...

    Revision Note: V1.0 (December 10, 2013): Advisory published. Summary: Microsoft is announcing the availability of an update for all supported releases of Windows to change how signatures are verified for binaries signed with the Windows Authenticode signature format. The change is included with...
  8. News

    Microsoft Security Advisory (2905247): Insecure ASP.NET Site Configuration Could Allow...

    Revision Note: V1.0 (December, 10, 2013): Advisory published. Summary: Microsoft is announcing the availability of an update for Microsoft ASP.NET to address a vulnerability in ASP.NET view state that exists when Machine Authentication Code (MAC) validation is disabled through configuration...
  9. News

    Microsoft Security Advisory (2915720): Changes in Windows Authenticode Signature Verification...

    Revision Note: V1.0 (December 10, 2013): Advisory published. Summary: Microsoft is announcing the availability of an update for all supported releases of Windows to change how signatures are verified for binaries signed with the Windows Authenticode signature format. The change is included with...
  10. News

    Microsoft Security Advisory (2916652): Improperly Issued Digital Certificates Could Allow...

    Revision Note: V1.0 (December 9, 2013): Advisory published. Summary: Microsoft is aware of an improperly issued subordinate CA certificate that could be used in attempts to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. The subordinate CA certificate was...
  11. News

    Microsoft Security Advisory (2914486): Vulnerability in Microsoft Windows Kernel Could Allow...

    Revision Note: V1.0 (November 27, 2013): Advisory published. Summary: Microsoft is investigating new reports of a vulnerability in a kernel component of Windows XP and Windows Server 2003. We are aware of limited, targeted attacks that attempt to exploit this vulnerability. Continue reading...
  12. News

    Microsoft Releases Security Advisory 2914486

    Today we released Security Advisory 2914486 regarding a local elevation of privilege (EoP) issue that affects customers using Microsoft Windows XP and Server 2003. Windows Vista and later are not affected by this local EoP issue. A member of the Microsoft Active Protections Program (MAPP) Link...
  13. News

    Microsoft Security Advisory (2880823): Deprecation of SHA-1 Hashing Algorithm for Microsoft...

    Revision Note: V1.0 (November 12, 2013): Advisory published. Summary: Microsoft is announcing a policy change to the Microsoft Root Certificate Program. The new policy will no longer allow root certificate authorities to issue X.509 certificates using the SHA-1 hashing algorithm for the purposes...
  14. News

    Microsoft Security Advisory (2862152): Vulnerability in DirectAccess Could Allow Security...

    Revision Note: V1.0 (November 12, 2013): Advisory published. Summary: Microsoft is announcing the availability of an update for all supported releases of Windows to address a vulnerability in how DirectAccess authenticates DirectAccess server connections to DirectAccess clients. Continue reading...
  15. News

    Microsoft Security Advisory (2880823): Deprecation of SHA-1 Hashing Algorithm for Microsoft...

    Revision Note: V1.0 (November 12, 2013): Advisory published. Summary: Microsoft is announcing a policy change to the Microsoft Root Certificate Program. The new policy will no longer allow root certificate authorities to issue X.509 certificates using the SHA-1 hashing algorithm for the purposes...
  16. News

    Microsoft Security Advisory (2868725): Update for Disabling RC4 - Version: 1.0

    Revision Note: V1.0 (November 12, 2013): Advisory published. Summary: Microsoft is announcing the availability of an update for supported editions of Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, and Windows RT to address known weaknesses in RC4. The update supports the...
  17. News

    Microsoft Security Advisory (2868725): Update for Disabling RC4 - Version: 1.0

    Revision Note: V1.0 (November 12, 2013): Advisory published. Summary: Microsoft is announcing the availability of an update for supported editions of Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, and Windows RT to address known weaknesses in RC4. The update supports the...
  18. News

    Microsoft Security Advisory (2862152): Vulnerability in DirectAccess Could Allow Security...

    Revision Note: V1.0 (November 12, 2013): Advisory published. Summary: Microsoft is announcing the availability of an update for all supported releases of Windows to address a vulnerability in how DirectAccess authenticates DirectAccess server connections to DirectAccess clients. Continue reading...
  19. News

    Clarification on Security Advisory 2896666 and the ANS for the November 2013 Security Bulletin...

    Today, we’re providing advance notification for the release of eight bulletins, three Critical and five Important, for November 2013. The Critical updates address vulnerabilities in Internet Explorer and Microsoft Windows, and the Important updates address issues in Windows and Office. While...
  20. News

    The October 2013 security updates

    This month we release eight bulletins – four Critical and four Important - which address 26 unique CVEs in Microsoft Windows, Internet Explorer, SharePoint, .NET Framework, Office, and Silverlight. For those who need to prioritize their deployment planning, we recommend focusing on MS13-080...
Back
Top