ssl

Revision Note: V1.0 (December 8, 2015): Advisory published. Summary: Microsoft is aware of an SSL/TLS digital certificate for *.xboxlive.com for which the private keys were inadvertently disclosed. The certificate could be used in attempts to perform man-in-the-middle attacks. It cannot be used...

Revision Note: V1.0 (December 8, 2015): Advisory published. Summary: Microsoft is aware of an SSL/TLS digital certificate for *.xboxlive.com for which the private keys were inadvertently disclosed. The certificate could be used in attempts to perform man-in-the-middle attacks. It cannot be used...

The MSIT pilot project of Windows Server 2008 Terminal Services was so successful that Microsoft IT went on to test the scalability and performance into the production environment. The environment acts as a SSL-based remote access solution and MSIT was able to create a scalable remote access...

Hi, I'm a Linux guy and have been since 1998 - before then I was a maclot. I'm trying to understand (damnit - I can't put a link because I'm new - try searching for [Plan to automatically configure user accounts in Outlook 2010] article on the technet sub domain of MS website) The goal being...

Good evening! June is upon us, and with no shortage of news or updates regarding WindowsForum.com As of the 1st of June: We have worked throughout most of the day to connect with Network Solutions, CloudFlare, ICANN, Google, and a number of other online institutions to resolve a problem that...

Original release date: April 30, 2015 Systems Affected Networked systems Overview Securing end-to-end communications plays an important role in protecting privacy and preventing some forms of man-in-the-middle (MITM) attacks. Recently, researchers described a MITM attack used to inject...

Revision Note: V1.0 (March 16, 2015): Advisory published. Summary: Microsoft is aware of an improperly issued SSL certificate for the domain “live.fi” that could be used in attempts to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. This issue affects all supported...

Ref: http://www.winbeta.org/news/microsoft-confirms-freak-vulnerability-affects-windows-well If you pop onto the site above it will check whether your browser is vulnerable to attack. Apparently the latest Chrome is fine as is IE (version 11.0.9800.0. the one that comes with win 10 build 9926)

Today, we released Link Removed to provide guidance to customers in response to the SSL/TLS issue referred to by researchers as “FREAK” (Factoring attack on RSA-EXPORT Keys). Our investigation continues and we’ll take the necessary steps to protect our customers. MSRC Team Continue reading...

Severity Rating: Important Revision Note: V1.1 (March 5, 2015): Advisory revised to clarify the reason why no workaround exists for systems running Windows Server 2003. See the Advisory FAQ for more information. Summary: Microsoft is aware of a security feature bypass vulnerability in Secure...

Original release date: February 20, 2015 Systems Affected Lenovo consumer PCs that have Superfish VisualDiscovery installed and potentially others. Overview Superfish adware installed on some Lenovo PCs install a non-unique trusted root certification authority (CA) certificate, allowing an...

Today, as part of Update Tuesday, we released nine security bulletins – three rated Critical and six rated Important in severity, to address 56 unique Common Vulnerabilities and Exposures (CVEs) in Microsoft Windows, Microsoft Office, Internet Explorer, and Microsoft Server software. We...

Original release date: November 14, 2014 Systems Affected Microsoft Windows Vista, 7, 8, 8.1, RT, and RT 8.1 Microsoft Server 2003, Server 2008, Server 2008 R2, Server 2012, and Server 2012 R2 Microsoft Windows XP and 2000 may also be affected. Overview A critical vulnerability in...

Today, we released Link Removed to address a vulnerability in Secure Sockets Layer (SSL) 3.0 which could allow information disclosure. This is an industry-wide vulnerability that affects the protocol itself, and is not specific to Microsoft’s implementation of SSL or the Windows operating...

Link Removed

Revision Note: V1.0 (July 10, 2014): Advisory published. Summary: Microsoft is aware of improperly issued SSL certificates that could be used in attempts to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. The SSL certificates were improperly issued by the National...

Severity Rating: Revision Note: V1.0 (November 12, 2013): Advisory published. Summary: Microsoft is announcing a policy change to the Microsoft Root Certificate Program. The new policy will no longer allow root certificate authorities to issue X.509 certificates using the SHA-1 hashing...

This website is not affected by the exploit in any way. Further information: Last night news about a remote OpenSSL bug was disclosed on http://heartbleed.com/ which detailed out an exploit in the OpenSSL system library that handles HTTPS connections on your server. This bug impacts CentOS 6.x...

Hi all, Recently my wife noticed that when using sites such as Amazon and eBay problems occur. On Amazon, when you click view cart, it will not let you and gives an error telling you to enable cookies on your browser. They are enabled and everything is right. I get the same error on Internet...

Revision Note: V1.0 (November 12, 2013): Advisory published. Summary: Microsoft is announcing a policy change to the Microsoft Root Certificate Program. The new policy will no longer allow root certificate authorities to issue X.509 certificates using the SHA-1 hashing algorithm for the purposes...