ssl

Revision Note: V1.0 (November 12, 2013): Advisory published. Summary: Microsoft is announcing a policy change to the Microsoft Root Certificate Program. The new policy will no longer allow root certificate authorities to issue X.509 certificates using the SHA-1 hashing algorithm for the purposes...

This month we release eight bulletins – four Critical and four Important - which address 26 unique CVEs in Microsoft Windows, Internet Explorer, SharePoint, .NET Framework, Office, and Silverlight. For those who need to prioritize their deployment planning, we recommend focusing on MS13-080...

Revision Note: V2.0 (August 10, 2010): Advisory updated to reflect publication of security bulletin. Summary: Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS10-049 to address this issue. For more information about this issue, including...

Severity Rating: Important Revision Note: V1.2 (July 9, 2013): Bulletin revised to announce a detection change in the Windows Vista packages for the 2785220 update to correct a Windows Update reoffering issue. This is a detection change only. Customers who have already successfully updated their...

Severity Rating: Important Revision Note: V1.2 (July 9, 2013): Bulletin revised to announce a detection change in the Windows Vista packages for the 2785220 update to correct a Windows Update reoffering issue. This is a detection change only. Customers who have already successfully updated their...

Link Removed

I am shocked that doing a search for SSL (secure socket layer) in this forums comes up empty! :( cannot switch to SSL mode: My online sync program (Goodsync) errors when it tries to connect to their...

Severity Rating: Important Revision Note: V1.0 (January 8, 2013): Bulletin published. Summary: This security update resolves a privately reported vulnerability in the implementation of SSL and TLS in Microsoft Windows. The vulnerability could allow security feature bypass...

Revision Note: V1.2 (September 11, 2012): Clarified that applications and services that use RSA keys for cryptography and call into the CertGetCertificateChain function could be impacted by this update. Examples of these applications and services include but are not limited to encrypted email...

Hello there. As we prepare for September’s two security updates, we’d like to remind you about an important change to Windows’ certificate requirements included in Security Advisory 2661254 (Update For Minimum Certificate Key Length). In June, we began communicating this...

Resolves a vulnerability in Secure Channel (SChannel) security package in Windows that could allow denial of service if an affected Internet Information Services (IIS) server hosting an SSL web site received a specially crafted packet message. More...

Severity Rating: Important Revision Note: V1.1 (January 18, 2012): Added MS10-085 as a bulletin replaced by the KB2585542 update for Windows 7 for 32-bit Systems, Windows 7 for x64-based Systems, Windows Server 2008 R2 for x64-based Systems, and Windows Server 2008 R2 for...

Consider the following scenario: You have a Secure Web Services on Devices (WSD) printer which always connects with SSL connection. You are unable to install the printer from Print Management Console (PrintManagement.msc) by using “Search the network... More...

Link Removed due to 404 Error Hello to all of our members and guests alike, Although we strive for 99.999% uptime, and while technically, our service is still working for a majority of visitors around the world, this afternoon required unannounced maintenance. The service level action involves...

Hello. As I previously mentioned in the Advance Notification Service blog post on Thursday, today we are releasing seven security bulletins, one of which is rated Critical in severity, with the remaining six classified as Important. These bulletins will address eight vulnerabilities in Microsoft...

Resolves a vulnerability in SSL/TLS could allow information disclosure More...

Severity Rating: Important Revision Note: V1.0 (January 10, 2012): Bulletin published. Summary: This security update resolves a publicly disclosed vulnerability in SSL 3.0 and TLS 1.0. This vulnerability affects the protocol itself and is not specific to the Windows...

Consider the following scenario: You try to install a Web Services on Devices (WSD)-based device on a computer that is running Windows 7. You are using IPv6 link-local addresses on the computer. You are using SSL certificates to encrypt the... Link Removed

A new Java Script injection that may expose private information even inside SSL encrypted connections seems to be a big concern for many, not the least of which is the Firefox browser development team. Seems like they may even be considering blocking all versions of the Java Plugin in future...

Revision Note: V1.0 (September 26, 2011): Advisory published. Summary: Microsoft is aware of detailed information that has been published describing a new method to exploit a vulnerability in SSL 3.0 and TLS 1.0, affecting the Windows operating system. This vulnerability affects the...