attacks

  1. News

    Ending support for the RC4 cipher in Microsoft Edge and Internet Explorer 11

    Today, Microsoft is announcing the end-of-support of the RC4 cipher in Microsoft Edge and Internet Explorer 11. Starting in early 2016, the RC4 cipher will be disabled by-default and will not be used during TLS fallback negotiations. There is consensus across the industry that RC4 is no longer...
  2. News

    MS15-055 - Important: Vulnerability in Schannel Could Allow Information Disclosure...

    Severity Rating: Important Revision Note: V1.0 (May 12, 2015): Bulletin published. Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure when Secure Channel (Schannel) allows the use of a weak Diffie-Hellman ephemeral...
  3. News

    3046015 - Vulnerability in Schannel Could Allow Security Feature Bypass - Version: 1.1

    Severity Rating: Important Revision Note: V1.1 (March 5, 2015): Advisory revised to clarify the reason why no workaround exists for systems running Windows Server 2003. See the Advisory FAQ for more information. Summary: Microsoft is aware of a security feature bypass vulnerability in Secure...
  4. News

    TA14-268A: GNU Bourne Again Shell (Bash) ‘Shellshock’ Vulnerability (CVE-2014-6271,...

    Original release date: September 25, 2014 Systems Affected GNU Bash through 4.3. Linux, BSD, and UNIX distributions including but not limited to: CentOS 5 through 7 Debian Mac OS X Red Hat Enterprise Linux 4 through 7 Link Removed 10.04 LTS, 12.04 LTS, and 14.04 LTS Overview A critical...
  5. whoosh

    VIDEO UFO Attacks & Kills 9 Hikers In Russia For Real Pictures

    :shocked: :andwhat:
  6. News

    MS14-044 - Important: Vulnerabilities in SQL Server Could Allow Elevation of Privilege...

    Severity Rating: Important Revision Note: V1.0 (August 12, 2014): Bulletin published. Summary: This security update resolves two privately reported vulnerabilities in Microsoft SQL Server (one in SQL Server Master Data Services and the other in the SQL Server relational database management...
  7. News

    TA14-017A: UDP-based Amplification Attacks

    Original release date: January 17, 2014 | Last revised: March 07, 2014 Systems Affected Certain UDP protocols have been identified as potential attack vectors: DNS NTP SNMPv2 NetBIOS SSDP CharGEN QOTD BitTorrent Kad Quake Network Protocol Steam Protocol Overview A Distributed Reflective...
  8. News

    Security Advisory 2982792 released, Certificate Trust List updated

    Today, we are updating the Certificate Trust List (CTL) for all supported releases of Microsoft Windows to remove the trust of mis-issued third-party digital certificates. These certificates could be used to spoof content and perform phishing or man-in-the-middle attacks against web properties...
  9. News

    Vulnerabilities in Gadgets Could Allow Remote Code Execution - Version: 1.1

    Severity Rating: Revision Note: V1.1 (July 3, 2013): Clarified that disabling Windows Sidebar and Gadgets can help protect customers from potential attacks that leverage Gadgets to execute arbitrary code. This is an informational change only. Summary: Microsoft is announcing the availability of...
  10. News

    Extended Protection for Authentication - Version: 1.14

    Severity Rating: Revision Note: V1.14 (January 8, 2013): Updated the FAQ and Suggested Actions with information about attacks against NTLMv1 (NT LAN Manager version 1) and LAN Manager (LM) network authentication. Microsoft Fix it solutions for Windows XP and Windows Server 2003 are available to...
  11. News

    Fraudulent Digital Certificates Could Allow Spoofing - Version: 1.1

    Severity Rating: Revision Note: V1.1 (January 14, 2013): Corrected the disallowed certificate list effective date to "Monday, December 31, 2012 (or later)" in the FAQ entry, "After applying the update, how can I verify the certificates in the Microsoft Untrusted Certificates Store?" Summary...
  12. News

    Update For Minimum Certificate Key Length - Version: 2.0

    Severity Rating: Revision Note: V2.0 (October 9, 2012): Revised advisory to rerelease the KB2661254 update for Windows XP and to announce that the KB2661254 update for all supported releases of Microsoft Windows is now offered through automatic updating. Customers who previously applied the...
  13. News

    Fraudulent Digital Certificates Could Allow Spoofing - Version: 5.0

    Severity Rating: Revision Note: V5.0 (September 19, 2011): Revised to announce the rerelease of the KB2616676 update. See the Update FAQ in this advisory for more information. Summary: Microsoft is aware of active attacks using at least one fraudulent digital certificate issued by DigiNotar, a...
  14. News

    Microsoft Security Advisory (2719662): Vulnerabilities in Gadgets Could Allow Remote Code...

    Revision Note: V1.1 (July 3, 2013): Clarified that disabling Windows Sidebar and Gadgets can help protect customers from potential attacks that leverage Gadgets to execute arbitrary code. This is an informational change only. Summary: Microsoft is announcing the availability of an automated...
  15. News

    Security and policy surrounding bring your own devices (BYOD)

    As the proliferation of devices continues to capture the imagination of consumers, and has ignited what is referred to as bring your own device (BYOD) revolution, many IT departments across the globe are now facing increased security considerations. While organizations encourage BYOD for cost...
  16. News

    Microsoft Security Advisory (2880823): Deprecation of SHA-1 Hashing Algorithm for Microsoft...

    Revision Note: V1.0 (November 12, 2013): Advisory published. Summary: Microsoft is announcing a policy change to the Microsoft Root Certificate Program. The new policy will no longer allow root certificate authorities to issue X.509 certificates using the SHA-1 hashing algorithm for the purposes...
  17. News

    Microsoft Security Advisory (2880823): Deprecation of SHA-1 Hashing Algorithm for Microsoft...

    Revision Note: V1.0 (November 12, 2013): Advisory published. Summary: Microsoft is announcing a policy change to the Microsoft Root Certificate Program. The new policy will no longer allow root certificate authorities to issue X.509 certificates using the SHA-1 hashing algorithm for the purposes...
  18. News

    Microsoft Security Advisory (2862973): Update for Deprecation of MD5 Hashing Algorithm for...

    Revision Note: V1.0 (August 13, 2013): Advisory published. Summary: Microsoft is announcing the availability of an update for supported editions of Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012 that restricts the use of certificates...
  19. News

    Microsoft Security Advisory (2862973): Update for Deprecation of MD5 Hashing Algorithm for...

    Revision Note: V1.0 (August 13, 2013): Advisory published. Summary: Microsoft is announcing the availability of an update for supported editions of Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012 that restricts the use of certificates...
  20. News

    Microsoft Security Advisory (2264072): Elevation of Privilege Using Windows Service Isolation...

    Revision Note: V1.0 (August 10, 2010): Advisory published. Summary: Microsoft is aware of the potential for attacks that leverage the Windows Service Isolation feature to gain elevation of privilege. This advisory discusses potential attack scenarios and provides suggested actions that can help...
Back
Top