advisory

Today we released Security Advisory 2887505 regarding an issue that affects Internet Explorer. There are only reports of a limited number of targeted attacks specifically directed at Internet Explorer 8 and 9, although the issue could potentially affect all supported versions. This issue could...

Revision Note: V1.1 (August 13, 2013): Added the 2862966 and 2862973 updates to the Available Updates and Release Notes section. Summary: Microsoft is announcing the availability of updates as part of ongoing efforts to improve cryptography and digital certificate handling in Windows. Microsoft...

Revision Note: V1.0 (August 13, 2013): Advisory published. Summary: Microsoft is announcing the availability of an update for supported editions of Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012 that restricts the use of certificates...

Revision Note: V1.0 (August 13, 2013): Advisory published. Summary: Microsoft is announcing the availability of an update for supported editions of Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012 that restricts the use of certificates...

Revision Note: V1.0 (August 13, 2013): Advisory published. Summary: Microsoft is announcing the availability of updates as part of ongoing efforts to improve Network-level Authentication in the Remote Desktop Protocol. Microsoft will continue to announce additional updates via this advisory, all...

Revision Note: V1.0 (August 10, 2010): Advisory published. Summary: Microsoft is aware of the potential for attacks that leverage the Windows Service Isolation feature to gain elevation of privilege. This advisory discusses potential attack scenarios and provides suggested actions that can help...

Revision Note: V2.0 (August 10, 2010): Advisory updated to reflect publication of security bulletin. Summary: Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS10-049 to address this issue. For more information about this issue, including...

Revision Note: V2.0 (June 30, 2011): Announced that the Office File Validation Add-in described in Microsoft Knowledge Base Article 2501584 is available through the Microsoft Update service. Summary: Microsoft is announcing the availability of the Office File Validation feature for supported...

Revision Note: V2.0 (December 29, 2011): Advisory updated to reflect publication of security bulletin. Summary: Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS11-100 to address this issue. For more information about this issue, including...

Revision Note: V2.0 (December 13, 2011): Advisory updated to reflect publication of security bulletins. Summary: Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS11-087 to address this issue. For more information about this issue, including...

Revision Note: V1.0 (August 9, 2011): Advisory published. Summary: Microsoft is releasing a new set of ActiveX kill bits with this advisory. Continue reading...

Revision Note: V1.0 (June 11, 2013): Advisory published. Summary: Microsoft is announcing the availability of an update as part of ongoing efforts to improve cryptography and digital certificate handling in Windows. Over the course of months, Microsoft will continue to announce additional...

Revision Note: V1.1 (July 3, 2013): Clarified that disabling Windows Sidebar and Gadgets can help protect customers from potential attacks that leverage Gadgets to execute arbitrary code. This is an informational change only. Summary: Microsoft is announcing the availability of an automated...

Revision Note: V1.0 (May 8, 2012): Advisory published. Summary: Microsoft is releasing a new set of ActiveX kill bits with this advisory. Continue reading...

Revision Note: V1.0 (March 13, 2012): Advisory published. Summary: Microsoft is releasing a new set of ActiveX kill bits with this advisory. Continue reading...

Revision Note: V1.2 (September 5, 2012): Corrected the common name for the "CN=Microsoft Online Svcs BPOS APAC CA4" certificate issued by Microsoft Services PCA. Summary: Microsoft is aware of Microsoft certificate authorities that are outside our recommended secure storage practices. Upon a...

Revision Note: V1.0 (September 11, 2012): Advisory published. Summary: Microsoft is releasing a new set of ActiveX kill bits with this advisory. Continue reading...

Revision Note: V2.0 (December 11, 2012): Added the KB2687627 and KB2687497 updates described in MS12-043, the KB2687501 and KB2687510 updates described in MS12-057, the KB2687508 update described in MS12-059, and the KB2726929 update described in MS12-060 to the list of available rereleases...

Revision Note: V2.0 (October 9, 2012): Revised advisory to rerelease the KB2661254 update for Windows XP and to announce that the KB2661254 update for all supported releases of Microsoft Windows is now offered through automatic updating. Customers who previously applied the KB2661254 update do...

Revision Note: V1.0 (May 14, 2013): Advisory published. Summary: Microsoft is releasing a new set of ActiveX kill bits with this advisory. Continue reading...