Original release date: November 19, 2014
Systems Affected
Microsoft Windows Vista, 7, 8, and 8.1
Microsoft Server 2003, Server 2008, Server 2008 R2, Server 2012, and Server 2012 R2
Overview
A remote escalation of privilege vulnerability exists in implementations of Kerberos Key Distribution...
administrator
attack
bulletin
cve
defense
domain controller
domain user
escalation
impact
kerberos
microsoft
privilege escalation
remote access
research
security
service tickets
systems affected
update
vulnerability
windows
Today, as part of Update Tuesday, we released 14 security updates – four rated Critical, nine rated Important, and two rated Moderate, to address 33 Common Vulnerabilities and Exposures (CVEs) in Microsoft Windows, Internet Explorer (IE), Office, .NET Framework, Internet Information Services...
adfs
critical
cve
deployment
encryption
exploit index
iis
important
internet explorer
microsoft
moderate
net framework
november 2014
office
rdp
security
security advisory
updates
vulnerabilities
windows
Severity Rating: Important
Revision Note: V1.0 (October 14, 2014): Bulletin published.
Summary: This security update resolves a publicly disclosed vulnerability in ASP.NET MVC. The vulnerability could allow security feature bypass if an attacker convinces a user to click a specially crafted link...
asp.net
compromised sites
content exploit
cve
cybersecurity
email threat
feature bypass
internet safety
link exploitation
malware
microsoft
patch
security
security flaw
update
user awareness
user interaction
vulnerability
web attack
web browser
Today, as a part of our regular Update Tuesday process, we released four security bulletins – one rated Critical and three rated Important in severity – to address 42 Common Vulnerabilities & Exposures (CVEs) in Microsoft Windows, Internet Explorer, .NET Framework, and Lync Server. We encourage...
activex controls
advisories
credential protection
critical update
cve
deployment
exploit index
group policy
important updates
internet explorer
microsoft
remote code execution
security bulletin
security updates
september 2014
trustworthy computing
update tuesday
webcast
windows 7
windows server
Severity Rating: Critical
Revision Note: V1.0 (August 12, 2014): Bulletin published.
Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file that...
Many around the globe have been following the 2014 FIFA World Cup Brazil™ closely. Regardless of which country you are supporting, many folks have been impressed by the defensive display put on by keeper Tim Howard in a loss against Belgium. It was a great performance highlighting a strong...
As security professionals, we are trained to think in worst-case scenarios. We run through the land of the theoretical, chasing “what if” scenarios as though they are lightning bugs to be gathered and stashed in a glass jar. Most of time, this type of thinking is absolutely the correct thing...
best practices
bulletin
critical updates
customer impact
cve
cybersecurity
flash player
internet explorer
legacy support
microsoft
protection mode
remote code execution
research
risk assessment
security
smartscreen
theoretical thinking
updates
vulnerabilities
web standards
T. S. Elliot once said, “What we call the beginning is often the end. And to make an end is to make a beginning. The end is where we start from.” So as we put one season to bed, let’s start another by looking at the April security updates. Today, we release four bulletins to address 11 CVEs in...
adobe flash
april 2014
bulletin
cumulative update
cve
exploit index
guidance
internet explorer
microsoft knowledge base
microsoft office
microsoft word
office 2003
remote code execution
security
security advisory
support end
updates
vulnerabilities
webcast
windows xp
This month we release five bulletins to address 23 unique CVEs in Microsoft Windows, Internet Explorer and Silverlight. If you need to prioritize, the update for Internet Explorer addresses the issue first described in Security Advisory 2934088, so it should be at the top of your list. While...
In addition to today being the security update release, February 11 is officially Link Removed for 2014. This year, we’re asking folks to Do 1 Thing to stay safer online. While you may expect my “Do 1 Thing” recommendation would be to apply security updates, I’m guessing that for readers of this...
critical updates
cve
cybersecurity
digital safety
direct2d
emet
forefront protection
important updates
internet explorer
malware prevention
microsoft
remote code execution
safer internet day
security updates
techsoup
update deployment
vbscript
web security
windows
windows defender
In January, there are those who like to make predictions about the upcoming year. I am not one of those people. Instead, I like to quote Niels Bohr who said, “Prediction is very difficult, especially if it’s about the future.” However, I can say without a doubt that change is afoot in 2014.
In...
adobe flash
applications
authentication
bulletin
cve
developers
january 2014
kernel
md5
microsoft
privilege
security
server
software
support
technology
update
vulnerabilities
webcast
windows xp
If you haven't had a chance to see the movie Gravity, I highly recommend you take the time to check it out. The plot moves a bit slowly at times, but director Alfonso Cuaron's work portrayal of zero gravity is worth the ticket price alone. Add in stellar acting and you end up with an epic movie...
activex
authenticity
certificates
cryptography
cumulative
cve
deployment
digital signatures
directaccess
emet
internet explorer
microsoft
rc4
remote code execution
security
sha1
sha2
updates
vulnerabilities
windows
If you haven't had a chance to see the movie Gravity, I highly recommend you take the time to check it out. The plot moves a bit slowly at times, but director Alfonso Cuaron's work portrayal of zero gravity is worth the ticket price alone. Add in stellar acting and you end up with an epic movie...
This month we release eight bulletins – four Critical and four Important - which address 26 unique CVEs in Microsoft Windows, Internet Explorer, SharePoint, .NET Framework, Office, and Silverlight. For those who need to prioritize their deployment planning, we recommend focusing on MS13-080...
.net framework
advisory
bulletins
cve
deployment
exploitability
internet explorer
md5
microsoft
october
office
remote code execution
security
sharepoint
ssl
trustworthy computing
updates
vulnerabilities
webcast
windows
Revision Note: V2.0 (August 10, 2010): Advisory updated to reflect publication of security bulletin.
Summary: Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS10-049 to address this issue. For more information about this issue, including...
Original release date: January 10, 2013 | Last revised: February 06, 2013
Systems Affected
Any system using Oracle Java 7 (1.7, 1.7.0) including
Java Platform Standard Edition 7 (Java SE 7)
Java SE Development Kit (JDK 7)
Java SE Runtime Environment (JRE 7)
OpenJDK 7 and 7u
IcedTea...
Severity Rating: Important
Revision Note: V1.0 (February 12, 2013) Bulletin published.
Summary: This security update resolves three privately reported vulnerabilities in all supported releases of Microsoft Windows. The vulnerabilities could allow elevation of privilege if...
Today, we’re providing advance notification for six bulletins to help protect customers against 19 CVEs. The four Critical-rated updates will address 13 vulnerabilities in Microsoft Windows, Internet Explorer and the .NET Framework. One bulletin rated Important will address four...
advance notification
bulletin
critical
cve
deployment
important
internet explorer
microsoft
microsoft trustworthy computing
moderate
msrc
net framework
november
office
patch management
security
testing
update
vulnerabilities
windows
Resolves vulnerabilities in Microsoft Windows that could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that exploits the vulnerability. An attacker must have valid logon credentials...
More...