Tag Search: security alerts
Posted on Friday January 27, 2017 | security alerts
Revision Note: V1.0 (January 27, 2017): Advisory published.
Summary: Microsoft is releasing this security advisory to provide information about a vulnerability in the public versions of ASP.NET Core MVC 1.1.0. This advisory also provides guidance on what developers can do to update their applications correctly.
Posted on Tuesday January 10, 2017 | security alerts
Revision Note: V1.0 (January 10, 2017): Advisory published.
Summary: Microsoft is releasing this security advisory to provide information about a vulnerability in the public version of Identity Model Extensions 5.1.0. This advisory also provides guidance on what developers can do to help ensure that their apps are updated correctly.
Posted on Tuesday September 13, 2016 | security alerts
Revision Note: V1.0 (September 13, 2016): Advisory published.
Summary: Microsoft is releasing this security advisory to provide information about a vulnerability in the public versions of ASP.NET Core MVC 1.0.0. This advisory also provides guidance on what developers can do to help ensure that their applications are updated correctly.
Posted on Tuesday September 13, 2016 | security alerts
Revision Note: V1.0 (September 13, 2016): Advisory published. Summary:
Posted on Tuesday August 09, 2016 | security alerts
Revision Note: V1.0 (August 9, 2016): Click here to enter text. Summary: Microsoft is blacklisting some publically released versions of securekernel.exe. This advisory includes a list of hashes for specific operating systems that are on the blacklist
Posted on Wednesday May 18, 2016 | security alerts
Revision Note: V2.0 (May 18, 2016): Advisory updated to provide links to the current information regarding the use of the SHA1 hashing algorithm for the purposes of SSL and code signing. For more information, see Windows Enforcement of Authenticode Code Signing and Timestamping.
Summary: Microsoft is announcing a policy change to the Microsoft Root Certificate Program. The new policy will no longer allow root certificate authorities to issue X.509 certificates using the SHA-1 hashing algorithm for the purposes of SSL and code signing after January 1, 2016. Using the SHA-1 hashing algorithm in digital certificates could allow an attacker to spoof content, perform phishing attacks, or perform man-in-the-middle attacks.