-
Predictions for 2014 and the December 2013 Security Bulletin Webcast, Q&A, and Slide Deck
Today we’re publishing the Link Removed. We answered 17 questions in total, with the majority of questions focusing on the Graphics Component bulletin (MS13-096), Security Advisory 2915720 and Security Advisory 2905247. We also wanted to note a new blog on the Microsoft Security Blog site on...- News
- Thread
- 2014 predictions advisory attendee registration blog bulletin communication cyber threats december 2013 deployment graphics holiday live event microsoft predictions q&a ransomware regulation security trustworthy computing webcast
- Replies: 0
- Forum: Security Alerts
-
MS13-002 - Critical : Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code...
Severity Rating: Critical Revision Note: V1.2 (December 16, 2013): Revised bulletin to announce a detection change to correct an offering issue for Windows RT (2757638). This is a detection change only. There were no changes to the update files. Customers who have successfully installed the...- News
- Thread
- advisory critical internet explorer ms11-003 remote code execution security update vulnerability windows rt xml core services
- Replies: 0
- Forum: Security Alerts
-
Microsoft Releases Security Advisory 2896666
Today we released Security Advisory 2896666 regarding an issue that affects customers using Microsoft Windows Vista and Windows Server 2008, Microsoft Office 2003 through 2010, and all supported versions of Microsoft Lync. We are aware of targeted attacks, largely in the Middle East and South...- News
- Thread
- advisory antivirus caution emet exploit firewall malicious emails metigations office 2003 office 2010 security server 2008 spyware system protection threat analysis tiff codec user awareness user rights vulnerability windows vista
- Replies: 0
- Forum: Security Alerts
-
Omphaloskepsis and the December 2013 Security Update Release
There are times when we get too close to a topic. We familiarize ourselves with every aspect and nuance, but fail to recognize not everyone else has done the same. Whether you consider this myopia, navel-gazing, or human nature, the effect is the same. I recognized this during the recent webcast...- News
- Thread
- advisory asp.net authenticode bulletin cumulative update cve december 2013 deployment execution extended security updates internet explorer microsoft mitigation patch management remote code execution staff update tuesday vulnerability windows
- Replies: 0
- Forum: Security Alerts
-
Microsoft security advisory: Improperly issued digital certificates could allow spoofing
Link Removed- News
- Thread
- advisory digital certificates microsoft security spoofing
- Replies: 0
- Forum: Knowledge Base (KB)
-
Microsoft Security Advisory (2915720): Changes in Windows Authenticode Signature Verification...
Revision Note: V1.0 (December 10, 2013): Advisory published. Summary: Microsoft is announcing the availability of an update for all supported releases of Windows to change how signatures are verified for binaries signed with the Windows Authenticode signature format. The change is included with...- News
- Thread
- advisory authenticode behavior binaries change microsoft non-compliant publication regulatory compliance release release notes revision security security bulletin signature technical update verification windows win_certificate
- Replies: 0
- Forum: Security Alerts
-
Microsoft Security Advisory (2905247): Insecure ASP.NET Site Configuration Could Allow...
Revision Note: V1.0 (December, 10, 2013): Advisory published. Summary: Microsoft is announcing the availability of an update for Microsoft ASP.NET to address a vulnerability in ASP.NET view state that exists when Machine Authentication Code (MAC) validation is disabled through configuration...- News
- Thread
- advisory asp.net certification elevation framework microsoft privilege security update vulnerability
- Replies: 0
- Forum: Security Alerts
-
Microsoft Security Advisory (2915720): Changes in Windows Authenticode Signature Verification...
Revision Note: V1.0 (December 10, 2013): Advisory published. Summary: Microsoft is announcing the availability of an update for all supported releases of Windows to change how signatures are verified for binaries signed with the Windows Authenticode signature format. The change is included with...- News
- Thread
- advisory authenticode binaries bulletin infrastructure microsoft regulatory compliance security signature update verification windows
- Replies: 0
- Forum: Security Alerts
-
Microsoft Security Advisory (2916652): Improperly Issued Digital Certificates Could Allow...
Revision Note: V1.0 (December 9, 2013): Advisory published. Summary: Microsoft is aware of an improperly issued subordinate CA certificate that could be used in attempts to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. The subordinate CA certificate was...- News
- Thread
- advisory certificate digital certificates man-in-the-middle microsoft phishing security spoofing trusted root windows
- Replies: 0
- Forum: Security Alerts
-
Microsoft Security Advisory (2914486): Vulnerability in Microsoft Windows Kernel Could Allow...
Revision Note: V1.0 (November 27, 2013): Advisory published. Summary: Microsoft is investigating new reports of a vulnerability in a kernel component of Windows XP and Windows Server 2003. We are aware of limited, targeted attacks that attempt to exploit this vulnerability. Continue reading...- News
- Thread
- advisory cybersecurity exploitation kernel microsoft patch security vulnerability windows server windows xp
- Replies: 0
- Forum: Security Alerts
-
Microsoft Releases Security Advisory 2914486
Today we released Security Advisory 2914486 regarding a local elevation of privilege (EoP) issue that affects customers using Microsoft Windows XP and Server 2003. Windows Vista and later are not affected by this local EoP issue. A member of the Microsoft Active Protections Program (MAPP) Link...- News
- Thread
- advisory antivirus cybersecurity email security extended security updates firewall guidance local privilege malicious pdf microsoft remote code execution security server 2003 system protection tech support threat landscape update windows xp workaround
- Replies: 0
- Forum: Security Alerts
-
Microsoft Security Advisory (2880823): Deprecation of SHA-1 Hashing Algorithm for Microsoft...
Revision Note: V1.0 (November 12, 2013): Advisory published. Summary: Microsoft is announcing a policy change to the Microsoft Root Certificate Program. The new policy will no longer allow root certificate authorities to issue X.509 certificates using the SHA-1 hashing algorithm for the purposes...- News
- Thread
- advisory algorithms attack certificate code signing digital security hashing man-in-the-middle microsoft phishing policy change revision note root certificate security sha1 spoofing ssl v1.0 x.509
- Replies: 0
- Forum: Security Alerts
-
Microsoft Security Advisory (2862152): Vulnerability in DirectAccess Could Allow Security...
Revision Note: V1.0 (November 12, 2013): Advisory published. Summary: Microsoft is announcing the availability of an update for all supported releases of Windows to address a vulnerability in how DirectAccess authenticates DirectAccess server connections to DirectAccess clients. Continue reading...- News
- Thread
- advisory authentication directaccess microsoft security update vulnerability windows
- Replies: 0
- Forum: Security Alerts
-
Microsoft Security Advisory (2880823): Deprecation of SHA-1 Hashing Algorithm for Microsoft...
Revision Note: V1.0 (November 12, 2013): Advisory published. Summary: Microsoft is announcing a policy change to the Microsoft Root Certificate Program. The new policy will no longer allow root certificate authorities to issue X.509 certificates using the SHA-1 hashing algorithm for the purposes...- News
- Thread
- advisory attack certificate code signing cybersecurity digital certificates hashing man-in-the-middle microsoft phishing policy policy change root certificate security sha1 spoofing ssl vulnerability x.509
- Replies: 0
- Forum: Security Alerts
-
Microsoft Security Advisory (2868725): Update for Disabling RC4 - Version: 1.0
Revision Note: V1.0 (November 12, 2013): Advisory published. Summary: Microsoft is announcing the availability of an update for supported editions of Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, and Windows RT to address known weaknesses in RC4. The update supports the...- News
- Thread
- advisory cipher cryptography microsoft rc4 security update windows 7 windows 8 windows server
- Replies: 0
- Forum: Security Alerts
-
Microsoft Security Advisory (2868725): Update for Disabling RC4 - Version: 1.0
Revision Note: V1.0 (November 12, 2013): Advisory published. Summary: Microsoft is announcing the availability of an update for supported editions of Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, and Windows RT to address known weaknesses in RC4. The update supports the...- News
- Thread
- advisory application cipher cryptography cybersecurity developers microsoft rc4 registry schannel security supported editions update v1.0 version 1.0 weakness windows 7 windows 8 windows server
- Replies: 0
- Forum: Security Alerts
-
Microsoft Security Advisory (2862152): Vulnerability in DirectAccess Could Allow Security...
Revision Note: V1.0 (November 12, 2013): Advisory published. Summary: Microsoft is announcing the availability of an update for all supported releases of Windows to address a vulnerability in how DirectAccess authenticates DirectAccess server connections to DirectAccess clients. Continue reading...- News
- Thread
- 2013 advisory authentication directaccess microsoft november security update vulnerability windows
- Replies: 0
- Forum: Security Alerts
-
Clarification on Security Advisory 2896666 and the ANS for the November 2013 Security Bulletin...
Today, we’re providing advance notification for the release of eight bulletins, three Critical and five Important, for November 2013. The Critical updates address vulnerabilities in Internet Explorer and Microsoft Windows, and the Important updates address issues in Windows and Office. While...- News
- Thread
- advisory bulletin critical deployment gdi+ important internet explorer lync office office 2003 office 2007 office 2010 risk assessment security update vulnerability windows windows server windows vista windows xp
- Replies: 8
- Forum: Security Alerts
-
The October 2013 security updates
This month we release eight bulletins – four Critical and four Important - which address 26 unique CVEs in Microsoft Windows, Internet Explorer, SharePoint, .NET Framework, Office, and Silverlight. For those who need to prioritize their deployment planning, we recommend focusing on MS13-080...- News
- Thread
- advisory bulletin cve deployment exploitability internet explorer md5 microsoft net framework october office remote code execution security sharepoint ssl trustworthy computing update vulnerability webcast windows
- Replies: 0
- Forum: Security Alerts
-
Microsoft Releases Security Advisory 2887505
Today we released Security Advisory 2887505 regarding an issue that affects Internet Explorer. There are only reports of a limited number of targeted attacks specifically directed at Internet Explorer 8 and 9, although the issue could potentially affect all supported versions. This issue could...- News
- Thread
- active scripting activex controls advisory antivirus caution cve-2013-3893 cybersecurity firewall fix internet explorer microsoft mitigation remote code execution response communications security security zone software update threat landscape trusted sites vulnerability
- Replies: 0
- Forum: Security Alerts