Article: 2962824 - Update Rollup of Revoked Non-Compliant UEFI Modules - Version: 1.1 - published over 10 years ago.
Content: Revision Note: V1.1 (June 10, 2014): Advisory revised to announce a detection change for the update rollup (updates 2920189 and 2961908). This is a detection change only. There were no changes to the update files. Customers who have already successfully updated their systems do not need to take any action.Summary: With this advisory, Microsoft is revoking th...
https://technet.microsoft.com/en-us/library/security/2962824
Article: 2862973 - Update for Deprecation of MD5 Hashing Algorithm for Microsoft Root Certificate Program - Version: 3.0 - published over 10 years ago.
Content: Revision Note: V3.0 (June 10, 2014): Revised advisory to rerelease the 2862973 update for Windows 8 and Windows Server 2012. This rerelease only applies to systems running Windows Embedded 8 and Windows Server 2012 for Embedded Systems. See the Advisory FAQ for more information.Summary: Microsoft is announcing the availability of an update for supported edit...
https://technet.microsoft.com/en-us/library/security/2862973
Article: 2974294 - Vulnerability in Microsoft Malware Protection Engine Could Allow Denial of Service - Version: 1.0 - published over 10 years ago.
Content: Revision Note: V1.0 (June 17, 2014): Advisory publishedSummary: Microsoft is releasing this security advisory to inform customers that an update to the Microsoft Malware Protection Engine addresses a security vulnerability that was reported to Microsoft. The vulnerability could allow denial of service if the Microsoft Malware Protection Engine scans a specia...
https://technet.microsoft.com/en-us/library/security/2974294
Article: 2982792 - Improperly Issued Digital Certificates Could Allow Spoofing - Version: 2.0 - published over 10 years ago.
Content: Revision Note: V2.0 (July 17, 2014): Advisory revised to announce the availability of update 2982792 for supported editions of Windows Server 2003. For more information, see the Suggested Actions section of this advisory.Summary: Microsoft is aware of improperly issued SSL certificates that could be used in attempts to spoof content, perform phishing attacks...
https://technet.microsoft.com/en-us/library/security/2982792
Article: 2915720 - Changes in Windows Authenticode Signature Verification - Version: 1.4 - published over 10 years ago.
Content: Revision Note: V1.4 (July 29, 2014): Revised advisory to announce that Microsoft no longer plans to enforce the stricter verification behavior as a default functionality on supported releases of Microsoft Windows. It remains available as an opt-in feature. See the Advisory FAQ section for more information.Summary: Microsoft is announcing the availability of ...
https://technet.microsoft.com/en-us/library/security/2915720
Article: 2905247 - Insecure ASP.NET Site Configuration Could Allow Elevation of Privilege - Version: 2.0 - published about 10 years ago.
Content: Revision Note: V2.0 (September 9, 2014): Advisory rereleased to announce the offering of the security update via Microsoft Update, in addition to the Download-Center-only option that was provided when this advisory was originally released.Summary: Microsoft is announcing the availability of an update for Microsoft ASP.NET to address a vulnerability in ASP.NE...
https://technet.microsoft.com/en-us/library/security/2905247
Article: 2977292 - Update for Microsoft EAP Implementation that Enables the Use of TLS - Version: 1.0 - published about 10 years ago.
Content: Revision Note: V1.0 (October 14, 2014): Advisory published.Summary: Microsoft is announcing the availability of an update for supported editions of Windows 7, Windows Server 2008 R2, Windows 8, Windows 8.1, Windows Server 2012, and Windows RT for the Microsoft Extensible Authentication Protocol (EAP) implementation that enables the use of Transport Layer Sec...
https://technet.microsoft.com/en-us/library/security/2977292
Article: 2949927 - Availability of SHA-2 Hashing Algorithm for Windows 7 and Windows Server 2008 R2 - Version: 2.0 - published about 10 years ago.
Content: Revision Note: V2.0 (October 17, 2014): Removed Download Center links for Microsoft security update 2949927. Microsoft recommends that customers experiencing issues uninstall this update. Microsoft is investigating behavior associated with this update, and will update the advisory when more information becomes available.Summary: Microsoft is announcing the a...
https://technet.microsoft.com/en-us/library/security/2949927
Article: 3010060 - Vulnerability in Microsoft OLE Could Allow Remote Code Execution - Version: 2.0 - published about 10 years ago.
Content: Revision Note: V2.0 (November 11, 2014): Advisory updated to reflect publication of security bulletin.Summary: Microsoft has completed the investigation into a public report of a vulnerability. We have issued Microsoft Security Bulletin MS14-064 to address this issue. For more information about this issue, including download links for an available security u...
https://technet.microsoft.com/en-us/library/security/3010060
Article: 3004375 - Update for Windows Command Line Auditing - Version: 1.0 - published almost 10 years ago.
Content: Revision Note: V1.0 (February 10, 2015): Advisory published.Summary: Microsoft is announcing the availability of an update for supported editions of Windows 7, Windows 8, Windows Server 2008R2 and Windows Server 2012 that expands the Audit Process Creation policy to include the command information passed to every process. This is a new feature that provides ...
https://technet.microsoft.com/en-us/library/security/3004375
Article: 3033929 - Availability of SHA-2 Code Signing Support for Windows 7 and Windows Server 2008 R2 - Version: 1.0 - published over 9 years ago.
Content: Revision Note: V1.0 (March 10, 2015): Advisory published.Summary: Microsoft is announcing the reissuance of an update for all supported editions of Windows 7 and Windows Server 2008 R2 to add support for SHA-2 signing and verification functionality. This update supersedes the 2949927 update that was rescinded on October 17, 2014 to address issues that some c...
https://technet.microsoft.com/en-us/library/security/3033929
Article: 3046015 - Vulnerability in Schannel Could Allow Security Feature Bypass - Version: 2.0 - published over 9 years ago.
Content: Severity Rating: ImportantRevision Note: V2.0 (March 10, 2015): Advisory updated to reflect publication of security bulletin.Summary: Microsoft has completed the investigation into a public report of a vulnerability. We have issued Microsoft Security Bulletin MS15-031 to address this issue. For more information about this issue, including download links for ...
https://technet.microsoft.com/en-us/library/security/3046015
Article: 3046310 - Improperly Issued Digital Certificates Could Allow Spoofing - Version: 2.0 - published over 9 years ago.
Content: Revision Note: V2.0 (March 19, 2015): Advisory rereleased to announce that the update for supported editions of Windows Server 2003 is now available. See Knowledge Base Article 3046310 for more information and download links.Summary: Microsoft is aware of an improperly issued SSL certificate for the domain “live.fi” that could be used in attempts to spoof co...
https://technet.microsoft.com/en-us/library/security/3046310
Article: 3050995 - Improperly Issued Digital Certificates Could Allow Spoofing - Version: 2.0 - published over 9 years ago.
Content: Revision Note: V2.0 (March 26, 2015): Advisory rereleased to announce that the update for supported editions of Windows Server 2003 is now available. See Microsoft Knowledge Base Article 3050995 for more information and download links.Summary: Microsoft is aware of improperly issued digital certificates coming from the subordinate CA, MCS Holdings, which cou...
https://technet.microsoft.com/en-us/library/security/3050995
Article: 3009008 - Vulnerability in SSL 3.0 Could Allow Information Disclosure - Version: 3.0 - published over 9 years ago.
Content: Revision Note: V3.0 (April 14, 2015): Revised advisory to announce with the release of security update 3038314 on April 14, 2015 SSL 3.0 is disabled by default in Internet Explorer 11, and to add instructions for how to undo the workarounds.Summary: Microsoft is aware of detailed information that has been published describing a new method to exploit a vulner...
https://technet.microsoft.com/en-us/library/security/3009008
Article: 3045755 - Update to Improve PKU2U Authentication - Version: 1.0 - published over 9 years ago.
Content: Revision Note: V1.0 (April 14, 2015): Advisory published.Summary: Microsoft is announcing the availability of a defense-in-depth update that improves the authentication used by the Public Key Cryptography User-to-User (PKU2U) security support provider (SSP) in Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. The improvement is part of ongoing efforts...
https://technet.microsoft.com/en-us/library/security/3045755
Article: 3062591 - Local Administrator Password Solution (LAPS) Now Available - Version: 1.0 - published over 9 years ago.
Content: Revision Note: V1.0 (May 1, 2015): V1.0 (May 1, 2015): Advisory published.Summary: Microsoft is offering the Local Administrator Password Solution (LAPS) that provides a solution to the issue of using a common local account with an identical password on every computer in a domain. LAPS resolves this issue by setting a different, random password for the commo...
https://technet.microsoft.com/en-us/library/security/3062591
Article: 2962393 - Update for Vulnerability in Juniper Networks Windows In-Box Junos Pulse Client - Version: 2.0 - published over 9 years ago.
Content: Revision Note: V2.0 (June 9, 2015): Added the 3062760 update to the Juniper VPN Client Update section.Summary: Microsoft is announcing the availability of an update for the Juniper Networks Windows In-Box Junos Pulse Client for Windows 8.1 and Windows RT 8.1. The update addresses a vulnerability in the Juniper VPN client by updating the affected Juniper VPN ...
https://technet.microsoft.com/en-us/library/security/2962393
Article: 3074162 - Vulnerability in Microsoft Malicious Software Removal Tool Could Allow Elevation of Privilege - Version: 1.0 - published over 9 years ago.
Content: Severity Rating: ImportantRevision Note: V1.0 (July 14, 2015): Advisory publishedSummary: Microsoft is releasing this security advisory to inform customers that an update to the Microsoft Malicious Software Removal Tool (MSRT) is available that addresses a security vulnerability that was reported to Microsoft. The vulnerability could allow elevation of privi...
https://technet.microsoft.com/en-us/library/security/3074162
Article: 3083992 - Update to Improve AppLocker Publisher Rule Enforcement - Version: 1.0 - published about 9 years ago.
Content: Revision Note: V1.0 (September 8, 2015): Summary: Microsoft is announcing the availability of a defense-in-depth update that improves the enforcement of publisher rules by Windows AppLocker in Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, and Windows Server 2012 R2. The improvement is part of ongoing efforts to bolster the e...
https://technet.microsoft.com/en-us/library/security/3083992
Article: 2960358 - Update for Disabling RC4 in .NET TLS - Version: 2.0 - published about 9 years ago.
Content: Revision Note: V2.0 (October 13, 2015): Advisory revised to broaden the affected software list to include Windows 10 systems that are running .NET Framework 3.5 applications and systems with .NET Framework 4.6 installed that are running .NET Framework 4.5/4.5.1/4.5.2 applications, and to provide customers running these configurations with steps for manually ...
https://technet.microsoft.com/en-us/library/security/2960358
Article: 3097966 - Inadvertently Disclosed Digital Certificates Could Allow Spoofing - Version: 2.0 - published about 9 years ago.
Content: Revision Note: V2.0 (October 13, 2015): Advisory revised to notify customers that an update is available that modifies the Code Integrity component in Windows to extend trust removal for the four digital certificates addressed by this advisory to also preclude kernel-mode code signing.Summary: Microsoft is aware of four digital certificates that were inadver...
https://technet.microsoft.com/en-us/library/security/3097966
Article: 3042058 - Update to Default Cipher Suite Priority Order - Version: 1.1 - published about 9 years ago.
Content: Revision Note: V1.1 (October 13, 2015): Advisory revised to announce that the Default Cipher Suite Prioritization update (3042058), originally released May 12, 2015 via the Microsoft Download Center (DLC) only, is now also available via Microsoft Update (MU) and Windows Server Update Services (WSUS). This is an update offering venue change only. There were n...
https://technet.microsoft.com/en-us/library/security/3042058
Article: 3108638 - Update for Windows Hyper-V to Address CPU Weakness - Version: 1.0 - published about 9 years ago.
Content: Revision Note: V1.0 (November 10, 2015): Advisory published.Summary: Microsoft is announcing the availability of a security update for Windows Hyper-V to protect against a denial of service condition that can be triggered with certain central processing unit (CPU) chipsets. Although the weakness resides in the chipset, Microsoft is issuing this security upda...
https://technet.microsoft.com/en-us/library/security/3108638
Article: 3119884 - Inadvertently Disclosed Digital Certificates Could Allow Spoofing - Version: 1.0 - published almost 9 years ago.
Content: Revision Note: V1.0 (November 30, 2015): Advisory published.Summary: Microsoft is aware of unconstrained digital certificates from Dell Inc. for which the private keys were inadvertently disclosed. One of these unconstrained certificates could be used to issue other certificates, impersonate other domains, or sign code. In addition, these certificates could ...
https://technet.microsoft.com/en-us/library/security/3119884
Article: 3123040 - Inadvertently Disclosed Digital Certificate Could Allow Spoofing - Version: 1.0 - published almost 9 years ago.
Content: Revision Note: V1.0 (December 8, 2015): Advisory published.Summary: Microsoft is aware of an SSL/TLS digital certificate for *.xboxlive.com for which the private keys were inadvertently disclosed. The certificate could be used in attempts to perform man-in-the-middle attacks. It cannot be used to issue other certificates, impersonate other domains, or sign c...
https://technet.microsoft.com/en-us/library/security/3123040
Article: 3057154 - Update to Harden Use of DES Encryption - Version: 1.1 - published almost 9 years ago.
Content: Revision Note: V1.1 (December 8, 2015): Advisory updated to include more information about disabling DES by default in Windows 7 and Windows Server 2008 R2 and later operating systems. The update allows DES to be used between client and server to address scenarios in which DES is still required for application compatibility reasons.Summary: Microsoft is anno...
https://technet.microsoft.com/en-us/library/security/3057154
Article: 2755801 - Update for Vulnerabilities in Adobe Flash Player in Internet Explorer and Microsoft Edge - Version: 53.0 - published almost 9 years ago.
Content: Revision Note: V53.0 (January 5, 2016): Added the 3133431 update to the Current Update section.Summary: Microsoft is announcing the availability of an update for Adobe Flash Player in Internet Explorer on all supported editions of Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, and Windows 10; the update is al...
https://technet.microsoft.com/en-us/library/security/2755801
Article: 3109853 - Update to Improve TLS Session Resumption Interoperability - Version: 1.0 - published almost 9 years ago.
Content: Revision Note: V1.0 (January 12, 2016): Advisory published.Summary: Microsoft is announcing the availability of an update to improve interoperability between Schannel-based TLS clients and 3rd-party TLS servers that enable RFC5077-based resumption and that send the NewSessionTicket message in the abbreviated TLS handshake. The update addresses an issue in sc...
https://technet.microsoft.com/en-us/library/security/3109853
Article: 3118753 - Updates for ActiveX Kill Bits 3118753 - Version: 1.0 - published almost 9 years ago.
Content: Revision Note: V1.0 (January 12, 2016): Advisory published.Summary: Microsoft is releasing a new set of ActiveX kill bits with this advisory. These ActiveX kill bits are included in the Internet Explorer cumulative update released on January 12, 2016.
https://technet.microsoft.com/en-us/library/security/3118753
Article: 2871997 - Update to Improve Credentials Protection and Management - Version: 5.0 - published almost 9 years ago.
Content: Revision Note: V5.0 (February 9, 2016): Rereleased advisory to announce the release of update 3126593 to enable the Restricted Admin mode for Credential Security Support Provider (CredSSP) by default. See Updates Related to this Advisory for details.Summary: Microsoft is announcing the availability of updates for supported editions of Windows 7, Windows Serv...
https://technet.microsoft.com/en-us/library/security/2871997
Article: 3137909 - Vulnerabilities in ASP.NET Templates Could Allow Tampering - Version: 1.1 - published almost 9 years ago.
Content: Revision Note: V1.1 (February 10, 2016): Advisory updated to include download information for Microsoft ASP.NET Web Frameworks, and Tools and Microsoft ASP.NET and Web Tools. This is an informational change only.Summary: Microsoft is releasing this security advisory to provide information about a vulnerability in the public versions of Visual Studio 2013, Vi...
https://technet.microsoft.com/en-us/library/security/3137909
Article: 3152550 - Update to Improve Wireless Mouse Input Filtering - Version: 1.1 - published over 8 years ago.
Content: Revision Note: V1.1 (April 22, 2016): Added FAQs and additional information to clarify that only standalone mouse devices are affected. This is an informational change only.Summary: Microsoft is announcing the availability of an update to improve input filtering for certain Microsoft wireless mouse devices. The update enhances security by filtering out QWERT...
https://technet.microsoft.com/en-us/library/security/3152550
Article: 3155527 - Update to Cipher Suites for FalseStart - Version: 1.0 - published over 8 years ago.
Content: Revision Note: V1.0 (May 10, 2016): Advisory published.Summary: FalseStart allows the TLS client to send application data before receiving and verifying the server Finished message. This allows an attacker to launch a man-in-the-middle (MiTM) attack to force the TLS client to encrypt the first flight of application_data records using the attacker’s chosen ci...
https://technet.microsoft.com/en-us/library/security/3155527
Article: 2880823 - Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program - Version: 2.0 - published over 8 years ago.
Content: Revision Note: V2.0 (May 18, 2016): Advisory updated to provide links to the current information regarding the use of the SHA1 hashing algorithm for the purposes of SSL and code signing. For more information, see Windows Enforcement of Authenticode Code Signing and Timestamping.Summary: Microsoft is announcing a policy change to the Microsoft Root Certificat...
https://technet.microsoft.com/en-us/library/security/2880823
Article: 3179528 - Update for Kernel Mode Disallowlist - Version: 1.0 - published over 8 years ago.
Content: Revision Note: V1.0 (August 9, 2016): Click here to enter text.Summary: Microsoft is disallowlisting some publically released versions of securekernel.exe. This advisory includes a list of hashes for specific operating systems that are on the disallow list
https://technet.microsoft.com/en-us/library/security/3179528
Article: 3181759 - Vulnerabilities in ASP.NET Core View Components Could Allow Elevation of Privilege - Version: 1.0 - published about 8 years ago.
Content: Revision Note: V1.0 (September 13, 2016): Advisory published.Summary: Microsoft is releasing this security advisory to provide information about a vulnerability in the public versions of ASP.NET Core MVC 1.0.0. This advisory also provides guidance on what developers can do to help ensure that their applications are updated correctly.
https://technet.microsoft.com/en-us/library/security/3181759
Article: 3214296 - Vulnerabilities in Identity Model Extensions Token Signing Verification Could Allow Elevation of Privilege - Version: 1.0 - published almost 8 years ago.
Content: Revision Note: V1.0 (January 10, 2017): Advisory published.Summary: Microsoft is releasing this security advisory to provide information about a vulnerability in the public version of Identity Model Extensions 5.1.0. This advisory also provides guidance on what developers can do to help ensure that their apps are updated correctly.
https://technet.microsoft.com/en-us/library/security/3214296
Article: 4010983 - Vulnerability in ASP.NET Core MVC 1.1.0 Could Allow Denial of Service - Version: 1.0 - published almost 8 years ago.
Content: Revision Note: V1.0 (January 27, 2017): Advisory published.Summary: Microsoft is releasing this security advisory to provide information about a vulnerability in the public versions of ASP.NET Core MVC 1.1.0. This advisory also provides guidance on what developers can do to update their applications correctly.
https://technet.microsoft.com/en-us/library/security/4010983
Article: 3123479 - SHA-1 Hashing Algorithm for Microsoft Root Certificate Program - Version: 2.0 - published over 7 years ago.
Content: Revision Note: V2.0 (March 14, 2017): Advisory rereleased to announce that the changes described in this advisory have been reverted as of November 2016. This is an informational change only.Summary: Microsoft is announcing a policy change to the Microsoft Root Certificate Program.
https://technet.microsoft.com/en-us/library/security/3123479
Article: 4010323 - Deprecation of SHA-1 for SSL/TLS Certificates in Microsoft Edge and Internet Explorer 11 - Version: 1.0 - published over 7 years ago.
Content: Revision Note: V1.0 (May 9, 2017): Advisory published.Summary: Beginning May 9, 2017, Microsoft released updates to Microsoft Edge and Internet Explorer 11 to block sites that are protected with a SHA-1 certificate from loading and displays an invalid certificate warning. This change will only impact SHA-1 certificates that chain to a Microsoft Trusted Root ...
https://technet.microsoft.com/en-us/library/security/4010323
Article: 4021279 - Vulnerabilities in .NET Core, ASP.NET Core Could Allow Elevation of Privilege - Version: 1.1 - published over 7 years ago.
Content: Revision Note: V1.1 (May 10, 2017): Advisory revised to include a table of issue CVEs and their descriptions. This is an informational change only.Summary: Microsoft is releasing this security advisory to provide information about vulnerabilities in the public .NET Core and ASP.NET Core. This advisory also provides guidance on what developers can do to updat...
https://technet.microsoft.com/en-us/library/security/4021279
Article: 4022344 - Security Update for Microsoft Malware Protection Engine - Version: 1.2 - published over 7 years ago.
Content: Severity Rating: CriticalRevision Note: V1.2 (May 12, 2017): Added entries into the affected software table. This is an informational change only.Summary: Microsoft is releasing this security advisory to inform customers that an update to the Microsoft Malware Protection Engine addresses a security vulnerability that was reported to Microsoft.
https://technet.microsoft.com/en-us/library/security/4022344
Article: 4022345 - Identifying and correcting failure of Windows Update client to receive updates - Version: 1.3 - published over 7 years ago.
Content: Severity Rating: CriticalRevision Note: V1.3 (May 12, 2017): Updated FAQ to clarify the update that needs to be installed: “the current cumulative update”. This is an informational change only.Summary: Microsoft is releasing this security advisory to provide information related to an uncommon deployment scenario in which the Windows Update Client may not pro...
https://technet.microsoft.com/en-us/library/security/4022345
Article: 4025685 - Guidance related to June 2017 security update release - Version: 1.0 - published over 7 years ago.
Content: Revision Note: V1.0 (June 13, 2017): Advisory publishedSummary: Microsoft is announcing the availability of additional guidance for critical security updates, that are at heightened risk of exploitation due to past and threatened nation-state attacks and disclosures. Some of the releases are new, and some are for older platforms that we are making publicly a...
https://technet.microsoft.com/en-us/library/security/4025685
Article: 4033453 - Vulnerability in Azure AD Connect Could Allow Elevation of Privilege - Version: 1.0 - published over 7 years ago.
Content: Revision Note: V1.0 (June 27, 2017): Advisory published.Summary: Microsoft is releasing this security advisory to inform customers that a new version of Azure Active Directory (AD) Connect is available that addresses an Important security vulnerability.
https://technet.microsoft.com/en-us/library/security/4033453
Article: 4038556 - Guidance for securing applications that host the WebBrowser Control - Version: 1.0 - published over 7 years ago.
Content: Revision Note: V1.0 (August 8, 2017): Advisory published.Summary: Microsoft is releasing this security advisory to provide information regarding security settings for applications developed with the Microsoft Internet Explorer layout engine, also known as the Trident layout engine. This advisory also provides guidance on what developers and individuals can d...
https://technet.microsoft.com/en-us/library/security/4038556
Article: 4056318 - Guidance for securing AD DS account used by Azure AD Connect for directory synchronization - Version: 1.0 - published almost 7 years ago.
Content: Revision Note: V1.0 (December 12, 2017): Advisory published.Summary: Microsoft is releasing this security advisory to provide information regarding security settings for the AD DS (Active Directory Domain Services) account used by Azure AD Connect for directory synchronization. This advisory also provides guidance on what on-premises AD administrators can do...
https://technet.microsoft.com/en-us/library/security/4056318
Article: 4053440 - Securely opening Microsoft Office documents that contain Dynamic Data Exchange (DDE) fields - Version: 3.0 - published almost 7 years ago.
Content: Revision Note: V3.0 (January 9, 2018): Microsoft has released an update for all supported editions of Microsoft Excel that allows users to set the functionality of the DDE protocol based on their environment. For more information and to download the update, see ADV170021.Summary: Microsoft is releasing this security advisory to provide information regarding ...
https://technet.microsoft.com/en-us/library/security/4053440