Today, Microsoft is announcing the end-of-support of the RC4 cipher in Microsoft Edge and Internet Explorer 11. Starting in early 2016, the RC4 cipher will be disabled by-default and will not be used during TLS fallback negotiations.
There is consensus across the industry that RC4 is no longer...
attacks
cipher
cryptography
edge
encryption
end of support
fallback
industry consensus
internet explorer
microsoft
rc4
security
security advisory
support
tls
user advice
web browsers
windows 10
windows 7
windows 8.1
Severity Rating: Important
Revision Note: V1.0 (May 12, 2015): Bulletin published.
Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure when Secure Channel (Schannel) allows the use of a weak Diffie-Hellman ephemeral...
attacks
bit length
bulletin
configuration
dhe
diffie-hellman
encryption
information disclosure
key exchange
microsoft
minimum key length
revision note
schannel
security
server
severity rating
tls
update
vulnerability
windows
Severity Rating: Important
Revision Note: V1.1 (March 5, 2015): Advisory revised to clarify the reason why no workaround exists for systems running Windows Server 2003. See the Advisory FAQ for more information.
Summary: Microsoft is aware of a security feature bypass vulnerability in Secure...
Original release date: September 25, 2014
Systems Affected
GNU Bash through 4.3.
Linux, BSD, and UNIX distributions including but not limited to:
CentOS 5 through 7
Debian
Mac OS X
Red Hat Enterprise Linux 4 through 7
Link Removed 10.04 LTS, 12.04 LTS, and 14.04 LTS
Overview
A critical...
apache
arbitrary code
attacks
bash
command execution
cve-2014-6271
debian
environment variables
impact
linux
mac os x
openssh
patch
red hat
remote execution
security
shellshock
solution
unix
vulnerability
Severity Rating: Important
Revision Note: V1.0 (August 12, 2014): Bulletin published.
Summary: This security update resolves two privately reported vulnerabilities in Microsoft SQL Server (one in SQL Server Master Data Services and the other in the SQL Server relational database management...
attacks
bulletin
client-side
crafted websites
data services
database
email security
internet explorer
malware
management system
microsoft
phishing
privilege escalation
revision note
security
sql server
update
user actions
vulnerabilities
web security
Original release date: January 17, 2014 | Last revised: March 07, 2014
Systems Affected
Certain UDP protocols have been identified as potential attack vectors:
DNS
NTP
SNMPv2
NetBIOS
SSDP
CharGEN
QOTD
BitTorrent
Kad
Quake Network Protocol
Steam Protocol
Overview
A Distributed Reflective...
Today, we are updating the Certificate Trust List (CTL) for all supported releases of Microsoft Windows to remove the trust of mis-issued third-party digital certificates. These certificates could be used to spoof content and perform phishing or man-in-the-middle attacks against web properties...
Severity Rating:
Revision Note: V1.1 (July 3, 2013): Clarified that disabling Windows Sidebar and Gadgets can help protect customers from potential attacks that leverage Gadgets to execute arbitrary code. This is an informational change only.
Summary: Microsoft is announcing the availability of...
Severity Rating:
Revision Note: V1.14 (January 8, 2013): Updated the FAQ and Suggested Actions with information about attacks against NTLMv1 (NT LAN Manager version 1) and LAN Manager (LM) network authentication. Microsoft Fix it solutions for Windows XP and Windows Server 2003 are available to...
attacks
authentication
credentials
extended protection
faq
fix it
iwa
lan manager
microsoft
microsoft solutions
network
ntlm
protection
security
suggested actions
updates
v2 settings
version 1.14
windows server
windows xp
Severity Rating:
Revision Note: V1.1 (January 14, 2013): Corrected the disallowed certificate list effective date to "Monday, December 31, 2012 (or later)" in the FAQ entry, "After applying the update, how can I verify the certificates in the Microsoft Untrusted Certificates Store?"
Summary...
Severity Rating:
Revision Note: V2.0 (October 9, 2012): Revised advisory to rerelease the KB2661254 update for Windows XP and to announce that the KB2661254 update for all supported releases of Microsoft Windows is now offered through automatic updating. Customers who previously applied the...
Severity Rating:
Revision Note: V5.0 (September 19, 2011): Revised to announce the rerelease of the KB2616676 update. See the Update FAQ in this advisory for more information.
Summary: Microsoft is aware of active attacks using at least one fraudulent digital certificate issued by DigiNotar, a...
Revision Note: V1.1 (July 3, 2013): Clarified that disabling Windows Sidebar and Gadgets can help protect customers from potential attacks that leverage Gadgets to execute arbitrary code. This is an informational change only.
Summary: Microsoft is announcing the availability of an automated...
advisory
arbitrary code
attacks
automated solution
fix it
gadgets
informational
microsoft
protection
remote code
security
update
vulnerabilities
windows 7
windows sidebar
windows vista
As the proliferation of devices continues to capture the imagination of consumers, and has ignited what is referred to as bring your own device (BYOD) revolution, many IT departments across the globe are now facing increased security considerations. While organizations encourage BYOD for cost...
activesync
attacks
authentication
byod
certificates
cost savings
cybersecurity
device management
encryption
exchange
it departments
malware
policy
productivity
security
security features
third party
trustworthy computing
user education
windows phone
Revision Note: V1.0 (November 12, 2013): Advisory published.
Summary: Microsoft is announcing a policy change to the Microsoft Root Certificate Program. The new policy will no longer allow root certificate authorities to issue X.509 certificates using the SHA-1 hashing algorithm for the purposes...
Revision Note: V1.0 (November 12, 2013): Advisory published.
Summary: Microsoft is announcing a policy change to the Microsoft Root Certificate Program. The new policy will no longer allow root certificate authorities to issue X.509 certificates using the SHA-1 hashing algorithm for the purposes...
Revision Note: V1.0 (August 13, 2013): Advisory published.
Summary: Microsoft is announcing the availability of an update for supported editions of Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012 that restricts the use of certificates...
advisory
attacks
certificate
deprecation
hashing
information
man-in-the-middle
md5
microsoft
phishing
root certificate
safety
security
technology
update
vulnerability
windows 7
windows 8
windows server
windows vista
Revision Note: V1.0 (August 13, 2013): Advisory published.
Summary: Microsoft is announcing the availability of an update for supported editions of Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012 that restricts the use of certificates...
advisory
attacks
certificate
cybersecurity
encryption
hashing
man-in-the-middle
md5
microsoft
phishing
protocol
root certificates
security
threat
update
vulnerability
windows 7
windows 8
windows server
windows vista
Revision Note: V1.0 (August 10, 2010): Advisory published.
Summary: Microsoft is aware of the potential for attacks that leverage the Windows Service Isolation feature to gain elevation of privilege. This advisory discusses potential attack scenarios and provides suggested actions that can help...