tls

In September 2015, Microsoft announced the end-of-support for the RC4 cipher in Microsoft Edge and Internet Explorer 11 in 2016, as there is consensus across the industry that RC4 is no longer cryptographically secure. Today, we are releasing KB3151631 with the August 9, 2016 cumulative updates...

I created this reg file to disable SSLv2, v3 and TLS 1.0 as well as disabling weak encryption cipher suites.

Revision Note: V1.0 (May 10, 2016): Advisory published. Summary: FalseStart allows the TLS client to send application data before receiving and verifying the server Finished message. This allows an attacker to launch a man-in-the-middle (MiTM) attack to force the TLS client to encrypt the first...

Continue reading...

Revision Note: V1.0 (May 10, 2016): Advisory published. Summary: FalseStart allows the TLS client to send application data before receiving and verifying the server Finished message. This allows an attacker to launch a man-in-the-middle (MiTM) attack to force the TLS client to encrypt the first...

I hope I don't come across as horibly spammy on my third post here but I would like to share some info on a project that I've been working on. I know when it comes to free monitoring solutions we're all basically stuck with Nagios or some sort of Linux based product that is typically ugly and...

Revision Note: V1.0 (January 12, 2016): Advisory published. Summary: Microsoft is announcing the availability of an update to improve interoperability between Schannel-based TLS clients and 3rd-party TLS servers that enable RFC5077-based resumption and that send the NewSessionTicket message in...

Revision Note: V1.0 (December 8, 2015): Advisory published. Summary: Microsoft is aware of an SSL/TLS digital certificate for *.xboxlive.com for which the private keys were inadvertently disclosed. The certificate could be used in attempts to perform man-in-the-middle attacks. It cannot be used...

Revision Note: V1.0 (December 8, 2015): Advisory published. Summary: Microsoft is aware of an SSL/TLS digital certificate for *.xboxlive.com for which the private keys were inadvertently disclosed. The certificate could be used in attempts to perform man-in-the-middle attacks. It cannot be used...

Today, Microsoft is announcing the end-of-support of the RC4 cipher in Microsoft Edge and Internet Explorer 11. Starting in early 2016, the RC4 cipher will be disabled by-default and will not be used during TLS fallback negotiations. There is consensus across the industry that RC4 is no longer...

In February, we Link Removed the first preview of HTTP Strict Transport Security in Internet Explorer 11 in the Windows 10 Insider Preview. The HTTP Strict Transport Security (HSTS) policy protects against variants of man-in-the-middle attacks that can strip TLS out of communications with a...

Good evening! June is upon us, and with no shortage of news or updates regarding WindowsForum.com As of the 1st of June: We have worked throughout most of the day to connect with Network Solutions, CloudFlare, ICANN, Google, and a number of other online institutions to resolve a problem that...

Severity Rating: Important Revision Note: V1.0 (May 12, 2015): Bulletin published. Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure when Secure Channel (Schannel) allows the use of a weak Diffie-Hellman ephemeral...

Original release date: April 30, 2015 Systems Affected Networked systems Overview Securing end-to-end communications plays an important role in protecting privacy and preventing some forms of man-in-the-middle (MITM) attacks. Recently, researchers described a MITM attack used to inject...

Link Removed

Ref: http://www.winbeta.org/news/microsoft-confirms-freak-vulnerability-affects-windows-well If you pop onto the site above it will check whether your browser is vulnerable to attack. Apparently the latest Chrome is fine as is IE (version 11.0.9800.0. the one that comes with win 10 build 9926)

Today, we released Link Removed to provide guidance to customers in response to the SSL/TLS issue referred to by researchers as “FREAK” (Factoring attack on RSA-EXPORT Keys). Our investigation continues and we’ll take the necessary steps to protect our customers. MSRC Team Continue reading...

Severity Rating: Important Revision Note: V1.1 (March 5, 2015): Advisory revised to clarify the reason why no workaround exists for systems running Windows Server 2003. See the Advisory FAQ for more information. Summary: Microsoft is aware of a security feature bypass vulnerability in Secure...

Original release date: November 14, 2014 Systems Affected Microsoft Windows Vista, 7, 8, 8.1, RT, and RT 8.1 Microsoft Server 2003, Server 2008, Server 2008 R2, Server 2012, and Server 2012 R2 Microsoft Windows XP and 2000 may also be affected. Overview A critical vulnerability in...

Original release date: October 17, 2014 Systems Affected All systems and applications utilizing the Secure Socket Layer (SSL) 3.0 with cipher-block chaining (CBC) mode ciphers may be vulnerable. However, the POODLE (Padding Oracle On Downgraded Legacy Encryption) attack demonstrates this...