Revision Note: V1.1 (July 3, 2013): Clarified that disabling Windows Sidebar and Gadgets can help protect customers from potential attacks that leverage Gadgets to execute arbitrary code. This is an informational change only.
Summary: Microsoft is announcing the availability of an automated...
advisory
arbitrary code
attacks
automated solution
fix it
gadgets
informational
microsoft
protection
remote code
security
update
vulnerabilities
windows 7
windows sidebar
windows vista
Today we’re publishing the Link Removed. We answered 17 questions in total, with the majority of questions focusing on the Graphics Component bulletin (MS13-096), Security Advisory 2915720 and Security Advisory 2905247.
We also wanted to note a new blog on the Microsoft Security Blog site on...
Severity Rating: Critical
Revision Note: V1.2 (December 16, 2013): Revised bulletin to announce a detection change to correct an offering issue for Windows RT (2757638). This is a detection change only. There were no changes to the update files. Customers who have successfully installed the...
Today we released Security Advisory 2896666 regarding an issue that affects customers using Microsoft Windows Vista and Windows Server 2008, Microsoft Office 2003 through 2010, and all supported versions of Microsoft Lync. We are aware of targeted attacks, largely in the Middle East and South...
advisory
anti-spyware
anti-virus
caution
computer protection
emet
exploit
firewall
malicious email
metigations
office 2003
office 2010
security
server 2008
threat monitoring
tiff codec
user awareness
user rights
vulnerability
windows vista
There are times when we get too close to a topic. We familiarize ourselves with every aspect and nuance, but fail to recognize not everyone else has done the same. Whether you consider this myopia, navel-gazing, or human nature, the effect is the same. I recognized this during the recent webcast...
advisory
asp.net
authenticode
bulletin
code execution
cumulative update
cves
december 2013
deployment
internet explorer
it staff
microsoft
mitigation
patch management
remote code execution
security update
severity
update tuesday
vulnerability
windows
Revision Note: V1.0 (December 10, 2013): Advisory published.
Summary: Microsoft is announcing the availability of an update for all supported releases of Windows to change how signatures are verified for binaries signed with the Windows Authenticode signature format. The change is included with...
Revision Note: V1.0 (December, 10, 2013): Advisory published.
Summary: Microsoft is announcing the availability of an update for Microsoft ASP.NET to address a vulnerability in ASP.NET view state that exists when Machine Authentication Code (MAC) validation is disabled through configuration...
Revision Note: V1.0 (December 10, 2013): Advisory published.
Summary: Microsoft is announcing the availability of an update for all supported releases of Windows to change how signatures are verified for binaries signed with the Windows Authenticode signature format. The change is included with...
Revision Note: V1.0 (December 9, 2013): Advisory published.
Summary: Microsoft is aware of an improperly issued subordinate CA certificate that could be used in attempts to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. The subordinate CA certificate was...
Revision Note: V1.0 (November 27, 2013): Advisory published.
Summary: Microsoft is investigating new reports of a vulnerability in a kernel component of Windows XP and Windows Server 2003. We are aware of limited, targeted attacks that attempt to exploit this vulnerability.
Continue reading...
Today we released Security Advisory 2914486 regarding a local elevation of privilege (EoP) issue that affects customers using Microsoft Windows XP and Server 2003. Windows Vista and later are not affected by this local EoP issue. A member of the Microsoft Active Protections Program (MAPP) Link...
advisory
anti-virus
cybersecurity
email safety
firewalls
local privilege
malicious pdf
microsoft
protect your computer
remote code execution
security
security update
server 2003
tech support
threat landscape
updates
user guidance
windows xp
workarounds
Revision Note: V1.0 (November 12, 2013): Advisory published.
Summary: Microsoft is announcing a policy change to the Microsoft Root Certificate Program. The new policy will no longer allow root certificate authorities to issue X.509 certificates using the SHA-1 hashing algorithm for the purposes...
Revision Note: V1.0 (November 12, 2013): Advisory published.
Summary: Microsoft is announcing the availability of an update for all supported releases of Windows to address a vulnerability in how DirectAccess authenticates DirectAccess server connections to DirectAccess clients.
Continue reading...
Revision Note: V1.0 (November 12, 2013): Advisory published.
Summary: Microsoft is announcing a policy change to the Microsoft Root Certificate Program. The new policy will no longer allow root certificate authorities to issue X.509 certificates using the SHA-1 hashing algorithm for the purposes...
Revision Note: V1.0 (November 12, 2013): Advisory published.
Summary: Microsoft is announcing the availability of an update for supported editions of Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, and Windows RT to address known weaknesses in RC4. The update supports the...
Revision Note: V1.0 (November 12, 2013): Advisory published.
Summary: Microsoft is announcing the availability of an update for supported editions of Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, and Windows RT to address known weaknesses in RC4. The update supports the...
advisory
applications
cipher
cryptography
cybersecurity
developers
microsoft
rc4
registry
schannel
security
supported editions
update
v1.0
version 1.0
weaknesses
windows 7
windows 8
windows server
Revision Note: V1.0 (November 12, 2013): Advisory published.
Summary: Microsoft is announcing the availability of an update for all supported releases of Windows to address a vulnerability in how DirectAccess authenticates DirectAccess server connections to DirectAccess clients.
Continue reading...
Today, we’re providing advance notification for the release of eight bulletins, three Critical and five Important, for November 2013. The Critical updates address vulnerabilities in Internet Explorer and Microsoft Windows, and the Important updates address issues in Windows and Office.
While...
advisory
bulletin
critical
deployment
gdi+
important
internet explorer
lync
office
office 2003
office 2007
office 2010
risk analysis
security
updates
vulnerabilities
windows
windows server
windows vista
windows xp
This month we release eight bulletins – four Critical and four Important - which address 26 unique CVEs in Microsoft Windows, Internet Explorer, SharePoint, .NET Framework, Office, and Silverlight. For those who need to prioritize their deployment planning, we recommend focusing on MS13-080...
.net framework
advisory
bulletins
cve
deployment
exploitability
internet explorer
md5
microsoft
october
office
remote code execution
security
sharepoint
ssl
trustworthy computing
updates
vulnerabilities
webcast
windows