attack

Original release date: January 24, 2019 Summary The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), is aware of a global Domain Name System (DNS) infrastructure hijacking campaign. Using compromised...

Original release date: May 21, 2018 Systems Affected CPU hardware implementations Overview On May 21, 2018, new variants—known as 3A and 4—of the side-channel central processing unit (CPU) hardware vulnerability were Link Removed. These variants can allow an attacker to obtain access to...

Original release date: June 12, 2017 | Last revised: July 27, 2017 Systems Affected Industrial Control Systems Overview The National Cybersecurity and Communications Integration Center (NCCIC) is aware of public reports from ESET and Dragos outlining a new, highly capable Industrial...

In a recent post, we outlined the layered strategy that the Microsoft Edge security team employs to protect you from vulnerabilities that could be used to compromise your device or personal data. In particular, we showed how Microsoft Edge is leveraging technologies like Code Integrity Guard...

Severity Rating: Important Revision Note: V1.0 (March 14, 2017): Bulletin published. Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow an Information Disclosure if Windows DirectShow opens specially crafted media content that is hosted on...

Severity Rating: Critical Revision Note: V1.0 (December 13, 2016): Bulletin published. Summary: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet...

Original release date: October 14, 2016 Systems Affected Internet of Things (IoT)—an emerging network of devices (e.g., printers, routers, video cameras, smart TVs) that connect to one another via the Internet, often automatically sending and receiving data Overview Recently, IoT devices...

Severity Rating: Important Revision Note: V1.0 (June 14, 2016): Bulletin published. Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application...

Original release date: May 23, 2016 Systems Affected Windows, OS X, Linux systems, and web browsers with WPAD enabled Overview Web Proxy Auto-Discovery (WPAD) Domain Name System (DNS) queries that are intended for resolution on private or enterprise DNS servers have been observed reaching...

Severity Rating: Important Revision Note: V1.0 (May 10, 2016): Bulletin published. Summary: This security update resolves a vulnerability in Microsoft .NET Framework. The vulnerability could cause information disclosure if an attacker injects unencrypted data into the target secure channel and...

Severity Rating: Important Revision Note: V1.0 (January 12, 2016): Bulletin published. Summary: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted...

Severity Rating: Critical Revision Note: V1.0 (January 12, 2016): Bulletin published. Summary: This security update resolves vulnerabilities in Microsoft Edge. The vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who...

Severity Rating: Important Revision Note: V1.0 (November 10, 2015): Bulletin published. Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow spoofing if an attacker performs a man-in-the-middle (MiTM) attack between a client and a legitimate...

Severity Rating: Important Revision Note: V1.0 (August 11, 2015): Bulletin published. Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker engineered a cross-site scripting (XSS) scenario by inserting a...

Severity Rating: Important Revision Note: V1.0 (August 11, 2015): Bulletin published. Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure if an attacker forces an encrypted Secure Socket Layer (SSL) 2.0 session with a...

Severity Rating: Important Revision Note: V1.0 (August 11, 2015): Bulletin published. Summary: This security update resolves a vulnerability in Microsoft System Center Operations Manager. The vulnerability could allow elevation of privilege if a user visits an affected website by way of a...

Severity Rating: Important Revision Note: V1.0 (August 11, 2015): Bulletin published. Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends a specially crafted sequence of packets to a targeted system...

Severity Rating: Important Revision Note: V1.0 (July 14, 2015): Bulletin published. Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability, which exists in Windows Remote Procedure Call (RPC) authentication, could allow elevation of privilege if an...

Severity Rating: Important Revision Note: V1.0 (July 14, 2015): Bulletin published. Summary: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow Remote Code Execution if an attacker first places a specially crafted dynamic link library (DLL) file...

Severity Rating: Important Revision Note: V1.0 (July 14, 2015): Bulletin published. Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability, which exists in Windows Remote Procedure Call (RPC) authentication, could allow elevation of privilege if an...