Revision Note: V1.1 (August 13, 2013): Added the 2862966 and 2862973 updates to the Available Updates and Release Notes section.
Summary: Microsoft is announcing the availability of updates as part of ongoing efforts to improve cryptography and digital certificate handling in Windows. Microsoft...
Revision Note: V1.0 (June 11, 2013): Advisory published.
Summary: Microsoft is announcing the availability of an update as part of ongoing efforts to improve cryptography and digital certificate handling in Windows. Over the course of months, Microsoft will continue to announce additional...
Revision Note: V1.2 (September 5, 2012): Corrected the common name for the "CN=Microsoft Online Svcs BPOS APAC CA4" certificate issued by Microsoft Services PCA.
Summary: Microsoft is aware of Microsoft certificate authorities that are outside our recommended secure storage practices. Upon a...
Revision Note: V2.0 (December 11, 2012): Added the KB2687627 and KB2687497 updates described in MS12-043, the KB2687501 and KB2687510 updates described in MS12-057, the KB2687508 update described in MS12-059, and the KB2726929 update described in MS12-060 to the list of available rereleases...
Revision Note: V1.0 (June 11, 2013): Advisory published.
Summary: Microsoft is announcing the availability of an update as part of ongoing efforts to improve cryptography and digital certificate handling in Windows. Over the course of months, Microsoft will continue to announce additional...
Today we’re publishing the Link Removed. We fielded three questions during the webcast, with specific questions focusing primarily on Windows Print Spooler (MS13-050), Microsoft Office (MS13-051), and the security advisory addressing digital certificates (SA2854544). There was one...
It was just over one year ago, May 28, 2012, to be exact, that I transitioned from running active MSRC cases and writing bulletins to my current role managing software security incidents. A lot has changed in that year - and I’ve dealt with some interesting issues during my tenure - but...
certificate trust
cryptography
cumulative updates
customer protection
deployment priority
digitalcertificates
internet explorer
june 2013
microsoft office
pki
remote code execution
security
security advisories
software security
trustworthy computing
update management
vulnerabilities
windows 7
windows updates
windows vista
Revision Note: V1.0 (June 11, 2013): Advisory published.
Summary: Microsoft is announcing the availability of an update as part of ongoing efforts to improve cryptography and digital certificate handling in Windows. Over the course of months, Microsoft will continue to announce...
Revision Note: V1.0 (October 9, 2012): Advisory published.
Summary: Microsoft is aware of an issue involving specific digital certificates that were generated by Microsoft without proper timestamp attributes. These digital certificates were later used to sign some Microsoft core...
Before we dive into the July security updates, let’s change up the normal order and take a look at the two Security Advisories we are releasing today. One takes an exciting step into the future, while the other prepares us to take an equally important step away from the past.
Security...
advisories
certificates
code signing
critical updates
deployment
digitalcertificates
gadgets
housekeeping
internet explorer
management
microsoft
pki
remote code execution
risk management
security
updates
vulnerabilities
windows 7
windows store
windows vista
Revision Note: V1.0 (July 10, 2012): Advisory published.
Summary: Microsoft is aware of Microsoft certificate authorities that are outside our recommended secure storage practices. Upon a routine review, we are placing these certificates in the Untrusted Certificate Store, and...
Revision Note: V1.0 (June 3, 2012): Advisory published.
Summary: Microsoft is aware of active attacks using three unauthorized digital certificates derived by a Microsoft Certificate Authority. An unauthorized certificate could be used to spoof content, perform phishing attacks, or...
Revision Note: V1.0 (June 3, 2012): Advisory published.
Summary: Microsoft is aware of active attacks using three unauthorized digital certificates derived by a Microsoft Certificate Authority. An unauthorized certificate could be used to spoof content, perform phishing attacks, or...
Revision Note: V2.0 (November 16, 2011): Revised to announce the rerelease of the KB2641690 update. See the Update FAQ in this advisory for more information. Also, added link to Microsoft Knowledge Base Article 2641690 under Known Issues in the Executive Summary.
Summary: Microsoft is...
advisory
cybertrust
digicert
digitalcertificates
encryption
entrust
internet explorer
knowledge base
known issues
man-in-the-middle
microsoft
phishing
revision note
security
spoofing
update
vulnerability
weak keys
windows
Revision Note: V1.0 (November 10, 2011): Advisory published.
Summary: Microsoft is aware that DigiCert Sdn. Bhd, a Malaysian subordinate certification authority (CA) under Entrust and GTE CyberTrust, has issued 22 certificates with weak 512 bit keys. These weak encryption keys, when...
Revision Note: V5.0 (July 6, 2011): Announced the release of an update for Zune HD devices and moved Zune devices to the Non-Affected Devices table.
Summary: Microsoft is aware of nine fraudulent digital certificates issued by Comodo, a certification authority present in the Trusted...
advisory
certification authority
comodo
cybersecurity
digitalcertificates
fraudulent certificates
internet explorer
kin
microsoft
mobile security
non-affected devices
phishing
risk management
security
spoofing
trusted root
update
web browsers
windows mobile
zune
Revision Note: V3.0 (September 6, 2011): Revised to announce the release of an update that addresses this issue.
Summary: Microsoft is aware of active attacks using at least one fraudulent digital certificate issued by DigiNotar, a certification authority present in the Trusted Root...