Microsoft Security Response Center Blog Alerts

Revision Note: V1.0 (August 8, 2017): Advisory published.
Summary: Microsoft is releasing this security advisory to provide information regarding security settings for applications developed with the Microsoft Internet Explorer layout engine, also known as the Trident layout engine. This advisory also provides guidance on what developers and individuals can do to ensure that their applications hosting the WebBrowser Control are properly secured.

Revision Note: V1.0 (June 27, 2017): Advisory published.
Summary: Microsoft is releasing this security advisory to inform customers that a new version of Azure Active Directory (AD) Connect is available that addresses an Important security vulnerability.

Revision Note: V1.0 (June 13, 2017): Advisory published
Summary: Microsoft is announcing the availability of additional guidance for critical security updates, that are at heightened risk of exploitation due to past and threatened nation-state attacks and disclosures. Some of the releases are new, and some are for older platforms that we are making publicly available today.

Severity Rating: Critical
Revision Note: V1.3 (May 12, 2017): Updated FAQ to clarify the update that needs to be installed: “the current cumulative update”. This is an informational change only.
Summary: Microsoft is releasing this security advisory to provide information related to an uncommon deployment scenario in which the Windows Update Client may not properly scan for, or download, updates.

Severity Rating: Critical

Revision Note: V1.2 (May 12, 2017): Added entries into the affected software table. This is an informational change only.

Summary: Microsoft is releasing this security advisory to inform customers that an update to the Microsoft Malware Protection Engine addresses a security vulnerability that was reported to Microsoft.

Revision Note: V1.1 (May 10, 2017): Advisory revised to include a table of issue CVEs and their descriptions. This is an informational change only.
Summary: Microsoft is releasing this security advisory to provide information about vulnerabilities in the public .NET Core and ASP.NET Core. This advisory also provides guidance on what developers can do to update their applications correctly.

Revision Note: V1.0 (May 9, 2017): Advisory published.
Summary: Beginning May 9, 2017, Microsoft released updates to Microsoft Edge and Internet Explorer 11 to block sites that are protected with a SHA-1 certificate from loading and displays an invalid certificate warning. This change will only impact SHA-1 certificates that chain to a Microsoft Trusted Root CA where the end-entity certificate or the issuing intermediate uses SHA-1. Manually-installed enterprise or self-signed SHA-1 certificates will not be impacted, although we recommend that all customers quickly migrate to SHA-2. For more information, please see Windows Enforcement of SHA1 Certificates.

Revision Note: V2.0 (March 14, 2017): Advisory rereleased to announce that the changes described in this advisory have been reverted as of November 2016. This is an informational change only.
Summary: Microsoft is announcing a policy change to the Microsoft Root Certificate Program.

Revision Note: V1.0 (January 27, 2017): Advisory published.
Summary: Microsoft is releasing this security advisory to provide information about a vulnerability in the public versions of ASP.NET Core MVC 1.1.0. This advisory also provides guidance on what developers can do to update their applications correctly.

Revision Note: V1.0 (January 10, 2017): Advisory published.
Summary: Microsoft is releasing this security advisory to provide information about a vulnerability in the public version of Identity Model Extensions 5.1.0. This advisory also provides guidance on what developers can do to help ensure that their apps are updated correctly.