|
TrendMicroSymantecMicrosoftMicrosoft Security Advisory (2820197): Update Rollup for ActiveX Kill Bits - Version: 1.0 Revision Note: V1.0 (May 14, 2013): Advisory published. Summary: Microsoft is releasing a new set of ActiveX kill bits with this advisory. Microsoft Security Advisory (2847140): Vulnerability in Internet Explorer Could Allow Remote Code Execution - Version: 2.0 Revision Note: V2.0 (May 14, 2013): Advisory updated to reflect publication of security bulletin. Summary: Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS13-038 to address this issue. For more information about this issue, including download links for an available security update, please review MS13-038. The vulnerability addressed is the Internet Explorer Use After Free Vulnerability - CVE-2013-1347. Microsoft Security Advisory (2755801): Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10 - Version: 12.1 Revision Note: V12.1 (May 14, 2013): Revised advisory to show the correct update and KB article numbers for update 2837385 released on May 14, 2013. Summary: Microsoft is aware of vulnerabilities in Adobe Flash Player in Internet Explorer 10 on all supported editions of Windows 8, Windows Server 2012, and Windows RT. Microsoft provides updates that address the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10. Microsoft Security Advisory (2846338): Vulnerability in Microsoft Malware Protection Engine Could Allow Remote Code Execution - Version: 1.0 Revision Note: V1.0 (May 14, 2013): Advisory published. Summary: Microsoft is releasing this security advisory to help ensure customers are aware that an update to the Microsoft Malware Protection Engine also addresses a security vulnerability reported to Microsoft. The update addresses a vulnerability that could allow remote code execution if the Microsoft Malware Protection Engine scans a specially crafted file. An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take complete control of the system. Microsoft Security Advisory (2819682): Security Updates for Microsoft Windows Store Applications - Version: 1.0 Revision Note: V1.0 (March 26, 2013): Announced availability of update 2832006 for Windows Modern Mail. Summary: Microsoft is announcing the availability of security updates for Windows Store applications running on Windows 8, Windows RT, and Windows Server 2012 (Windows Server 2012 Server Core installations are not affected). The updates address vulnerabilities that are detailed in the Knowledge Base articles associated with each update. Microsoft Security Advisory (2794220): Vulnerability in Internet Explorer Could Allow Remote Code Execution - Version: 2.0 Revision Note: V2.0 (January 14, 2013): Advisory updated to reflect publication of security bulletin. Summary: Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS13-008 to address this issue. For more information about this issue, including download links for an available security update, please review MS13-008. The vulnerability addressed is the Internet Explorer Use After Free Vulnerability - CVE-2012-4792. Microsoft Security Advisory (2798897): Fraudulent Digital Certificates Could Allow Spoofing - Version: 1.1 Revision Note: V1.1 (January 14, 2013): Corrected the disallowed certificate list effective date to "Monday, December 31, 2012 (or later)" in the FAQ entry, "After applying the update, how can I verify the certificates in the Microsoft Untrusted Certificates Store?" Summary: Microsoft is aware of active attacks using one fraudulent digital certificate issued by TURKTRUST Inc., which is a CA present in the Trusted Root Certification Authorities Store. This fraudulent certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. This issue affects all supported releases of Microsoft Windows. Microsoft Security Advisory (973811): Extended Protection for Authentication - Version: 1.14 Revision Note: V1.14 (January 8, 2013): Updated the FAQ and Suggested Actions with information about attacks against NTLMv1 (NT LAN Manager version 1) and LAN Manager (LM) network authentication. Microsoft Fix it solutions for Windows XP and Windows Server 2003 are available to help protect against these attacks. Applying these Microsoft Fix it solutions enables NTLMv2 settings required for users to take advantage of Extended Protection for Authentication. Summary: Microsoft is announcing the availability of a new feature, Extended Protection for Authentication, on the Windows platform. This feature enhances the protection and handling of credentials when authenticating network connections using Integrated Windows Authentication (IWA). Microsoft Security Advisory (2749655): Compatibility Issues Affecting Signed Microsoft Binaries - Version: 2.0 Revision Note: V2.0 (December 11, 2012): Added the KB2687627 and KB2687497 updates described in MS12-043, the KB2687501 and KB2687510 updates described in MS12-057, the KB2687508 update described in MS12-059, and the KB2726929 update described in MS12-060 to the list of available rereleases. Summary: Microsoft is aware of an issue involving specific digital certificates that were generated by Microsoft without proper timestamp attributes. These digital certificates were later used to sign some Microsoft core components and software binaries. This could cause compatibility issues between affected binaries and Microsoft Windows. While this is not a security issue, because the digital signature on files produced and signed by Microsoft will expire prematurely, this issue could adversely impact the ability to properly install and uninstall affected Microsoft components and security updates. Microsoft Security Advisory (2269637): Insecure Library Loading Could Allow Remote Code Execution - Version: 18.0
Revision Note: V18.0 November 13, 2012): Added the following Microsoft Security Bulletin to the Updates relating to Insecure Library Loading section: MS12-074, "Vulnerabilities in .NET Framework Could Allow Remote Code Execution." Summary: Microsoft is aware that research has been published detailing a remote attack vector for a class of vulnerabilities that affects how applications load external libraries. |
Twitter Feed
jaysonstreet:
So while I was off the Internet this happened! :-) http://t.co/GAYdOPRu2c
jaysonstreet:
Will be doing a twitter tsunami tonight catching up on the backlog soon...very soon but till then enjoy my next tweet! ;-)
Powered by Twitter Feed
Announcements
Events Calendar
