Revision Note: V2.0 (May 18, 2016): Advisory updated to provide links to the current information regarding the use of the SHA1 hashing algorithm for the purposes of SSL and code signing. For more information, see Windows Enforcement of Authenticode Code Signing and Timestamping.
Summary...
There are times when we get too close to a topic. We familiarize ourselves with every aspect and nuance, but fail to recognize not everyone else has done the same. Whether you consider this myopia, navel-gazing, or human nature, the effect is the same. I recognized this during the recent webcast...
advisory
asp.net
authenticode
bulletin
code execution
cumulative update
cves
december 2013
deployment
internet explorer
it staff
microsoft
mitigation
patch management
remote code execution
security update
severity
update tuesday
vulnerability
windows
Revision Note: V1.0 (December 10, 2013): Advisory published.
Summary: Microsoft is announcing the availability of an update for all supported releases of Windows to change how signatures are verified for binaries signed with the Windows Authenticode signature format. The change is included with...
Revision Note: V1.0 (December 10, 2013): Advisory published.
Summary: Microsoft is announcing the availability of an update for all supported releases of Windows to change how signatures are verified for binaries signed with the Windows Authenticode signature format. The change is included with...
Resolves vulnerabilities in Windows Authenticode Verification that could allow remote code execution. An attacker who successfully exploited either vulnerability could take complete control of an affected system.
Link Removed
Fixes an issue in which a driver that is signed by using a WHQL or Authenticode signature is displayed as an unsigned driver. This issue may occur on a network adaptor or a storage controller in Windows 7 or in Windows Server 2008 R2.
More...
Resolves a security vulnerability that exists in the Windows Authenticode Signature Verification function that is used for portable executable (PE) and CAB file formats. This security vulnerability could allow remote code execution.
More...