2915720 - Changes in Windows Authenticode Signature Verification - Version: 1.4

Posted on Tuesday July 29, 2014  |  security alerts

Revision Note: V1.4 (July 29, 2014): Revised advisory to announce that Microsoft no longer plans to enforce the stricter verification behavior as a default functionality on supported releases of Microsoft Windows. It remains available as an opt-in feature. See the Advisory FAQ section for more information.
Summary: Microsoft is announcing the availability of an update for all supported releases of Microsoft Windows to change how signatures are verified for binaries signed with the Windows Authenticode signature format. The change is included with Security Bulletin MS13-098, but will only be enabled on an opt-in basis. When enabled, the new default behavior for Windows Authenticode signature verification will no longer allow extraneous information in the WIN_CERTIFICATE structure, and Windows will no longer recognize non-compliant binaries as signed.

 

2982792 - Improperly Issued Digital Certificates Could Allow Spoofing - Version: 2.0

Posted on Thursday July 17, 2014  |  security alerts

Revision Note: V2.0 (July 17, 2014): Advisory revised to announce the availability of update 2982792 for supported editions of Windows Server 2003. For more information, see the Suggested Actions section of this advisory.
Summary: Microsoft is aware of improperly issued SSL certificates that could be used in attempts to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. The SSL certificates were improperly issued by the National Informatics Centre (NIC), which operates subordinate CAs under root CAs operated by the Government of India Controller of Certifying Authorities (CCA), which are CAs present in the Trusted Root Certification Authorities Store. This issue affects all supported releases of Microsoft Windows. Microsoft is not currently aware of attacks related to this issue.

 

2974294 - Vulnerability in Microsoft Malware Protection Engine Could Allow Denial of Service - Version: 1.0

Posted on Tuesday June 17, 2014  |  security alerts

Revision Note: V1.0 (June 17, 2014): Advisory published
Summary: Microsoft is releasing this security advisory to inform customers that an update to the Microsoft Malware Protection Engine addresses a security vulnerability that was reported to Microsoft. The vulnerability could allow denial of service if the Microsoft Malware Protection Engine scans a specially crafted file. An attacker who successfully exploited this vulnerability could prevent the Microsoft Malware Protection Engine from monitoring affected systems until the specially crafted file is manually removed and the service is restarted.

 

2962824 - Update Rollup of Revoked Non-Compliant UEFI Modules - Version: 1.1

Posted on Tuesday June 10, 2014  |  security alerts

Revision Note: V1.1 (June 10, 2014): Advisory revised to announce a detection change for the update rollup (updates 2920189 and 2961908). This is a detection change only. There were no changes to the update files. Customers who have already successfully updated their systems do not need to take any action.
Summary: With this advisory, Microsoft is revoking the digital signature for four private, third-party UEFI (Unified Extensible Firmware Interface) modules that could be loaded during UEFI Secure Boot.

 

2862973 - Update for Deprecation of MD5 Hashing Algorithm for Microsoft Root Certificate Program - Version: 3.0

Posted on Tuesday June 10, 2014  |  security alerts

Revision Note: V3.0 (June 10, 2014): Revised advisory to rerelease the 2862973 update for Windows 8 and Windows Server 2012. This rerelease only applies to systems running Windows Embedded 8 and Windows Server 2012 for Embedded Systems. See the Advisory FAQ for more information.
Summary: Microsoft is announcing the availability of an update for supported editions of Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, and Windows RT that restricts the use of certificates with MD5 hashes. This restriction is limited to certificates issued under roots in the Microsoft root certificate program. Usage of MD5 hash algorithm in certificates could allow an attacker to spoof content, perform phishing attacks, or perform man-in-the-middle attacks.

 

Page:   1...150151152153154

Celebrating 30 Years

Managed Internet Connections

Contact Us

Comodo SSL