attack

Revision Note: V1.1 (December 31, 2012): Added link to Microsoft Fix it solution, "MSHTML Shim Workaround," that prevents exploitation of this issue. Summary: Microsoft is investigating public reports of a vulnerability in Internet Explorer 6, Internet Explorer 7, and Internet Explorer...

Severity Rating: Important Revision Note: V1.0 (January 8, 2013): Bulletin published. Summary: This security update resolves a privately reported vulnerability in the Open Data (OData) protocol. The vulnerability could allow denial of service if an unauthenticated attacker...

Severity Rating: Important Revision Note: V1.0 (January 8, 2013): Bulletin published. Summary: This security update resolves a privately reported vulnerability in the implementation of SSL and TLS in Microsoft Windows. The vulnerability could allow security feature bypass...

Hello, Today we released Security Advisory 2798897 to notify customers that we are aware of active attacks using a fraudulent digital certificate issued by TURKTRUST Inc. To help protect customers, we have updated the Certificate Trust List (CTL) to remove the trust of the certificates causing...

Revision Note: V1.0 (January 3, 2013): Advisory published. Summary: Microsoft is aware of active attacks using one fraudulent digital certificate issued by TURKTRUST Inc., which is a CA present in the Trusted Root Certification Authorities Store. This fraudulent certificate could be...

Severity Rating: Critical Revision Note: V1.0 (September 21, 2012): Bulletin published. Summary: This security update resolves one publicly disclosed and four privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code...

Revision Note: V1.0 (September 17, 2012): Advisory published. Summary: Microsoft is investigating public reports of a vulnerability in Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, and Internet Explorer 9. Internet Explorer 10 is not affected. Microsoft is aware of...

Revision Note: V1.2 (September 11, 2012): Clarified that applications and services that use RSA keys for cryptography and call into the CertGetCertificateChain function could be impacted by this update. Examples of these applications and services include but are not limited to encrypted email...

Revision Note: V1.0 (August 14, 2012): Advisory published. Summary: Microsoft is announcing the availability of an update to Windows that restricts the use of certificates with RSA keys less than 1024 bits in length. The private keys used in these certificates can be derived and could...

Severity Rating: Critical Revision Note: V1.0 (August 14, 2012): Bulletin published. Summary: This security update resolves a privately reported vulnerability in Windows common controls. The vulnerability could allow remote code execution if a user visits a website...

Describes a scenario in which a BitLocker-protected computer may be vulnerable to Direct Memory Access (DMA) attacks. More...

Severity Rating: Important Revision Note: V1.0 (July 10, 2012): Bulletin published. Summary: This security update resolves one privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a file or directory with...

Severity Rating: Important Revision Note: V1.0 (July 10, 2012): Bulletin published. Summary: This security update resolves a publicly disclosed vulnerability in TLS. The vulnerability could allow information disclosure if an attacker intercepts encrypted web traffic served...

Severity Rating: Important Revision Note: V1.0 (June 12, 2012): Bulletin published. Summary: This security update resolves one privately reported vulnerability and one publicly disclosed vulnerability in Microsoft Windows. The vulnerabilities could allow elevation of...

Syndicated from the United States Security Readiness Team (US-CERT). Link Removed - Invalid URL

Revision Note: V1.0 (June 3, 2012): Advisory published. Summary: Microsoft is aware of active attacks using three unauthorized digital certificates derived by a Microsoft Certificate Authority. An unauthorized certificate could be used to spoof content, perform phishing attacks, or...

Today, as a part of our continuing phased mitigation strategy recently discussed, we have initiated the additional hardening of Windows Update. We’ve also provided more information about the MD5 hash-collision attacks used by the Flame malware in the SRD blog. This information should help...

Hello, At Microsoft, our commitment is to help ensure customer trust in their computing experience. That was the impetus for Trustworthy Computing, and central to that is the priority we place on taking the necessary actions to help protect our customers. Yesterday, we issued Security Advisory...

Revision Note: V1.0 (June 3, 2012): Advisory published. Summary: Microsoft is aware of active attacks using three unauthorized digital certificates derived by a Microsoft Certificate Authority. An unauthorized certificate could be used to spoof content, perform phishing attacks, or...

Severity Rating: Critical Revision Note: V1.2 (May 22, 2012): Added an entry to the Frequently Asked Questions (FAQ) Related to This Security Update section to explain this revision. Summary: This security update resolves three publicly disclosed vulnerabilities and seven...