security advisory

Severity Rating: Important Revision Note: V1.0 (April 14, 2015): Bulletin published. Summary: This security update resolves a vulnerability in Microsoft Windows. An attacker who successfully exploited the vulnerability could leverage a known invalid task to cause Task Scheduler to run a...

Today, as part of Update Tuesday, we released 14 security bulletins to address vulnerabilities in Microsoft Windows, Microsoft Office, Microsoft Exchange, and Internet Explorer. We encourage customers to apply all of these updates. For more information about this month’s security updates...

Today, as part of Update Tuesday, we released seven security updates – three rated Critical and four rated Important in severity, to address 24 unique Common Vulnerabilities and Exposures (CVEs) in Microsoft Windows, Internet Explorer (IE), Office and Exchange. We encourage you to apply all of...

Today, as part of Update Tuesday, we released 14 security updates – four rated Critical, nine rated Important, and two rated Moderate, to address 33 Common Vulnerabilities and Exposures (CVEs) in Microsoft Windows, Internet Explorer (IE), Office, .NET Framework, Internet Information Services...

Revision Note: V1.0 (October 14, 2014): Advisory published Summary: Microsoft is aware of detailed information that has been published describing a new method to exploit a vulnerability in SSL 3.0, affecting the Windows operating system. This vulnerability affects the protocol itself and is not...

Revision Note: V1.0 (July 10, 2014): Advisory published. Summary: Microsoft is aware of improperly issued SSL certificates that could be used in attempts to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. The SSL certificates were improperly issued by the National...

Microsoft has released a Security Update to address a critical vulnerability in all versions of Internet Explorer, on Windows XP, Vista, 7 and 8. It is available via Windows Update...

Severity Rating: Revision Note: V2.0 (February 11, 2014): Revised advisory to announce that the 2862973 update for all affected releases of Microsoft Windows is now offered through automatic updating. Customers who previously applied the 2862973 update do not need to take any action. Summary...

Severity Rating: Revision Note: V1.0 (August 4, 2013): Advisory published. Summary: Microsoft is aware of a public report that describes a known weakness in the Wi-Fi authentication protocol known as PEAP-MS-CHAPv2 (Protected Extensible Authentication Protocol with Microsoft Challenge Handshake...

Severity Rating: Revision Note: V1.1 (June 13, 2012): Advisory revised to notify customers that Windows Mobile 6.x, Windows Phone 7, and Windows Phone 7.5 devices are not affected by the issue. Summary: Microsoft is aware of active attacks using three unauthorized digital certificates derived...

T. S. Elliot once said, “What we call the beginning is often the end. And to make an end is to make a beginning. The end is where we start from.” So as we put one season to bed, let’s start another by looking at the April security updates. Today, we release four bulletins to address 11 CVEs in...

Today we released Security Advisory 2896666 regarding an issue that affects customers using Microsoft Windows Vista and Windows Server 2008, Microsoft Office 2003 through 2010, and all supported versions of Microsoft Lync. We are aware of targeted attacks, largely in the Middle East and South...

We are committed to adapting our policies as the world evolves and with the new Windows Store, we evaluated how to best release security updates for Windows Store apps. Our goal is to have a quick, transparent and painless security update process. With this in mind, we will deliver high quality...

Original release date: November 13, 2012 | Last revised: January 24, 2013 Systems Affected Microsoft Windows Microsoft Office Microsoft .NET Framework Internet Explorer Overview Select Microsoft software products contain multiple vulnerabilities. Microsoft has released...

At the end of each year, some folks take a moment to jot down predictions about what the coming year has in store. I, on the other hand, do not do predictions. I am neither prognosticator, seer, fortune teller, prophet, clairvoyant, soothsayer, nor medium; although I have been accused of being a...

As previously mentioned in the Advance Notification blog on Thursday, today we’re releasing seven bulletins, one Critical-class and six Important-class bulletins. Before we discuss those releases, let’s take a closer look at the Security Advisories we also released today. Security...

Microsoft has released a Security Update to address a vulnerability in Internet Explorer 7, 8 and 9 on Windows XP, Vista and 7 Microsoft Security Advisory: Vulnerability in Internet Explorer could allow remote code execution Microsoft Security Advisory (2757760): Vulnerability in Internet...

Hello there. As we prepare for September’s two security updates, we’d like to remind you about an important change to Windows’ certificate requirements included in Security Advisory 2661254 (Update For Minimum Certificate Key Length). In June, we began communicating this...

Security Advisory 2661254 - Update For Minimum Certificate Key Length Before we get into the details of this month’s bulletin release, let’s take a look at an important change on how Windows deals with certificates that have RSA keys of less than 1024 bits in length. We’ve been...

Hello. As I previously mentioned in the Advance Notification Service blog post on Thursday, today we are releasing seven security bulletins, one of which is rated Critical in severity, with the remaining six classified as Important. These bulletins will address eight vulnerabilities in Microsoft...