Wednesday, December 13, 2017

Microsoft Security Advisory (2916652): Improperly Issued Digital Certificates Could Allow Spoofing...

Revision Note: V2.1 (January 15, 2015): Advisory revised to announce a detection change in update 2917500.

This is a detection change only. Customers who have already successfully updated their systems do not need to take any action. Summary: Microsoft is aware of an improperly issued subordinate CA certificate that could be used in attempts to spoof content, perform phishing attacks, or perform man-in-the-middle attacks.

The subordinate CA certificate was improperly issued by the Directorate General of the Treasury (DG Trésor), subordinate to the Government of France CA (ANSSI), which is a CA present in the Trusted Root Certification Authorities Store.

This issue affects all supported releases of Microsoft Windows. Microsoft is not currently aware of attacks related to this issue.

Microsoft Security Advisory (2846338): Vulnerability in Microsoft Malware Protection Engine Could...

Revision Note: V1.0 (May 14, 2013): Advisory published. Summary: Microsoft is releasing this security advisory to help ensure customers are aware that an update to the Microsoft Malware Protection Engine also addresses a securi...

Microsoft Security Advisory (2905247): Insecure ASP.NET Site Configuration Could Allow Elevation...

Revision Note: V1.0 (December, 10, 2013): Advisory published. Summary: Microsoft is announcing the availability of an update for Microsoft ASP.NET to address a vulnerability in ASP.NET view state that exists when Machine Authen...

Microsoft Security Advisory (2896666): Vulnerability in Microsoft Graphics Component Could Allow...

Revision Note: V2.0 (December 10, 2013): Advisory updated to reflect publication of security bulletin. Summary: Microsoft has completed the investigation into a private report of this vulnerability. We have issued MS13-096 to a...

Microsoft Security Advisory (2914486): Vulnerability in Microsoft Windows Kernel Could Allow...

Revision Note: V2.0 (January 14, 2014): Advisory updated to reflect publication of security bulletin. Summary: Microsoft has completed the investigation into reports of this vulnerability. We have issued MS14-002 to address the...

Microsoft Security Advisory (2880823): Deprecation of SHA-1 Hashing Algorithm for Microsoft...

Revision Note: V1.0 (November 12, 2013): Advisory published. Summary: Microsoft is announcing a policy change to the Microsoft Root Certificate Program.

The new policy will no longer allow root certificate authorities to issue ...

Microsoft Security Advisory (2868725): Update for Disabling RC4 – Version: 1.0

Revision Note: V1.0 (November 12, 2013): Advisory published. Summary: Microsoft is announcing the availability of an update for supported editions of Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, and Window...

Microsoft Security Advisory (2861855): Updates to Improve Remote Desktop Protocol Network-level...

Revision Note: V1.0 (August 13, 2013): Advisory published. Summary: Microsoft is announcing the availability of updates as part of ongoing efforts to improve Network-level Authentication in the Remote Desktop Protocol. Microsof...

Microsoft Security Advisory (2854544): Updates to Improve Cryptography and Digital Certificate...

Revision Note: V1.3 (November 12, 2013): Added the 2868725 update to the Available Updates and Release Notes section. Summary: Microsoft is announcing the availability of updates as part of ongoing efforts to improve cryptograp...

Microsoft Security Advisory (2953095): Vulnerability in Microsoft Word Could Allow Remote...

Revision Note: V2.0 (April 8, 2014): Advisory updated to reflect publication of security bulletin. Summary: Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS14-017 to addres...

Microsoft Security Advisory (2847140): Vulnerability in Internet Explorer Could Allow Remote...

Revision Note: V2.0 (May 14, 2013): Advisory updated to reflect publication of security bulletin. Summary: Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS13-038 to address...