attack

Original release date: January 17, 2014 | Last revised: February 09, 2014 Systems Affected Certain UDP protocols have been identified as potential attack vectors: DNS NTP SNMPv2 NetBIOS SSDP CharGEN QOTD BitTorrent Kad Quake Network Protocol Steam Protocol Overview A Distributed...

Revision Note: V1.1 (July 3, 2013): Clarified that disabling Windows Sidebar and Gadgets can help protect customers from potential attacks that leverage Gadgets to execute arbitrary code. This is an informational change only. Summary: Microsoft is announcing the availability of an automated...

Severity Rating: Important Revision Note: V1.0 (January 14, 2014): Bulletin published. Summary: This security update resolves a publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to a system and runs a specially...

Original release date: January 13, 2014 | Last revised: January 14, 2014 Systems Affected NTP servers Overview A Network Time Protocol (NTP) Amplification attack is an emerging form of Distributed Denial of Service (DDoS) that relies on the use of publically accessible NTP servers to...

Severity Rating: Important Revision Note: V1.1 (December 16, 2013): Revised bulletin to announce a detection change to correct an offering issue for Windows RT (2829361) and Windows RT (2830290). This is a detection change only. There were no changes to the update files. Customers who have...

Severity Rating: Important Revision Note: V1.0 (December 10, 2013): Bulletin published. Summary: This security update resolves a privately reported vulnerability in Windows. The vulnerability could allow elevation of privilege if an attacker sends a specially crafted LPC port message to any LPC...

As the proliferation of devices continues to capture the imagination of consumers, and has ignited what is referred to as bring your own device (BYOD) revolution, many IT departments across the globe are now facing increased security considerations. While organizations encourage BYOD for cost...

Revision Note: V1.0 (November 12, 2013): Advisory published. Summary: Microsoft is announcing a policy change to the Microsoft Root Certificate Program. The new policy will no longer allow root certificate authorities to issue X.509 certificates using the SHA-1 hashing algorithm for the purposes...

Revision Note: V1.0 (November 12, 2013): Advisory published. Summary: Microsoft is announcing a policy change to the Microsoft Root Certificate Program. The new policy will no longer allow root certificate authorities to issue X.509 certificates using the SHA-1 hashing algorithm for the purposes...

Severity Rating: Critical Revision Note: V1.2 (October 8, 2013): Bulletin revised to announce that the 2884101 update is available via Windows Update. Summary: This security update resolves one publicly disclosed vulnerability and nine privately reported vulnerabilities in Internet Explorer. The...

Severity Rating: Important Revision Note: V1.2 (October 8, 2013): Bulletin revised to announce a detection change in the 2781197 package. This is a detection change only. Customers who have already successfully updated their systems do not need to take any action. Summary: This security update...

Severity Rating: Important Revision Note: V1.0 (October 8, 2013): Bulletin published. Summary: This security update resolves a privately reported vulnerability in Microsoft Silverlight. The vulnerability could allow information disclosure if an attacker hosts a website that contains a specially...

Severity Rating: Important Revision Note: V1.0 (October 8, 2013): Bulletin published. Summary: This security update resolves two privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Office file with an...

Severity Rating: Important Revision Note: V1.0 (September 10, 2013): Bulletin published. Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker convinces an authenticated user to execute...

Severity Rating: Important Revision Note: V1.0 (August 13, 2013): Bulletin published. Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow a denial of service if the attacker sends a specially crafted ICMP packet to the...

Severity Rating: Critical Revision Note: V1.0 (August 13, 2013): Bulletin published. Summary: This security update resolves a privately reported vulnerability in the Unicode Scripts Processor included in Microsoft Windows. The vulnerability could allow remote code execution if a user viewed a...

Revision Note: V1.0 (August 13, 2013): Advisory published. Summary: Microsoft is announcing the availability of an update for supported editions of Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012 that restricts the use of certificates...

Revision Note: V1.0 (August 13, 2013): Advisory published. Summary: Microsoft is announcing the availability of an update for supported editions of Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012 that restricts the use of certificates...

Revision Note: V1.0 (August 10, 2010): Advisory published. Summary: Microsoft is aware of the potential for attacks that leverage the Windows Service Isolation feature to gain elevation of privilege. This advisory discusses potential attack scenarios and provides suggested actions that can help...

Severity Rating: Critical Revision Note: V2.1 (July 9, 2013): Bulletin revised to announce a detection change that excludes Windows 7 language packs from the 2485376 update for Windows XP Professional x64 Edition Service Pack 2. This is a detection change only. Customers who have already...