Tag Search: security alerts
Posted on Tuesday October 13, 2015 | security alerts
Revision Note: V2.0 (October 13, 2015): Advisory revised to broaden the affected software list to include Windows 10 systems that are running .NET Framework 3.5 applications and systems with .NET Framework 4.6 installed that are running .NET Framework 4.5/4.5.1/4.5.2 applications, and to provide customers running these configurations with steps for manually disabling RC4 in TLS. See the Affected Software and Suggested Actions sections of this advisory for more information.
Summary: On May 13, 2014, Microsoft announced the availability of an update for Microsoft .NET Framework that disables RC4 in Transport Layer Security (TLS) through the modification of the system registry. Use of RC4 in TLS could allow an attacker to perform man-in-the-middle attacks and recover plaintext from encrypted sessions.
Posted on Tuesday October 13, 2015 | security alerts
Revision Note: V1.1 (October 13, 2015): Advisory revised to announce that the Default Cipher Suite Prioritization update (3042058), originally released May 12, 2015 via the Microsoft Download Center (DLC) only, is now also available via Microsoft Update (MU) and Windows Server Update Services (WSUS). This is an update offering venue change only. There were no changes to the update files. Customers who have already successfully installed the update do not need to take any action.
Summary: On May 12, 2015, Microsoft announced the availability of an update to cryptographic cipher suite prioritization in Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, and Windows Server 2012 R2. The update added additional cipher suites to the default list on affected systems and improved cipher suite priority ordering. The improvements were in keeping with ongoing efforts to bolster the effectiveness of encryption in Windows operating systems.
Posted on Tuesday September 08, 2015 | security alerts
Revision Note: V1.0 (September 8, 2015):
Summary: Microsoft is announcing the availability of a defense-in-depth update that improves the enforcement of publisher rules by Windows AppLocker in Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, and Windows Server 2012 R2. The improvement is part of ongoing efforts to bolster the effectiveness of security controls in Windows.
Posted on Tuesday July 14, 2015 | security alerts
Severity Rating: Important
Revision Note: V1.0 (July 14, 2015): Advisory published
Summary: Microsoft is releasing this security advisory to inform customers that an update to the Microsoft Malicious Software Removal Tool (MSRT) is available that addresses a security vulnerability that was reported to Microsoft. The vulnerability could allow elevation of privilege if an attacker logs on to a target system and places a specially crafted dynamic link library (.dll) file in a local directory. An authenticated attacker who successfully exploited the vulnerability could elevate privileges on a target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.
Posted on Tuesday June 09, 2015 | security alerts
Revision Note: V2.0 (June 9, 2015): Added the 3062760 update to the Juniper VPN Client Update section.
Summary: Microsoft is announcing the availability of an update for the Juniper Networks Windows In-Box Junos Pulse Client for Windows 8.1 and Windows RT 8.1. The update addresses a vulnerability in the Juniper VPN client by updating the affected Juniper VPN client libraries contained in affected versions of Microsoft Windows.
Posted on Friday May 01, 2015 | security alerts
Revision Note: V1.0 (May 1, 2015): V1.0 (May 1, 2015): Advisory published.
Summary: Microsoft is offering the Local Administrator Password Solution (LAPS) that provides a solution to the issue of using a common local account with an identical password on every computer in a domain. LAPS resolves this issue by setting a different, random password for the common local administrator account on every computer in the domain. Domain administrators using the solution can determine which users, such as helpdesk administrators, are authorized to read passwords.
Phone: +1-989-776-2080
Toll Free: +1-855-674-2968
Email: info (at) netservicesgroup dot com
DUNS 155892800
SPIN 143027933
100% Michigan
NSG is owned & operated, offering enterprise-level IT service & support, right in your own back yard.