Severity Rating: Revision Note: V1.2 (February 11, 2014): Rereleased advisory as a reminder to customers that the dormant changes implemented with MS13-098 will be enabled on June 10, 2014. After this date, Windows will no longer recognize non-complian…
Severity Rating:
Revision Note: V2.1 (January 15, 2015): Advisory revised to announce a detection change in update 2917500. This is a detection change only. Customers who have already successfully updated their systems do not need to take any action.
Summary: Microsoft is aware of an improperly issued subordinate CA certificate that could be used in attempts to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. The subordinate CA certificate was improperly issued by the Directorate General of the Treasury (DG Trésor), subordinate to the Government of France CA (ANSSI), which is a CA present in the Trusted Root Certification Authorities Store. This issue affects all supported releases of Microsoft Windows. Microsoft is not currently aware of attacks related to this issue.
Revision Note: V2.1 (January 15, 2015): Advisory revised to announce a detection change in update 2917500. This is a detection change only. Customers who have already successfully updated their systems do not need to take any action.
Summary: Microsoft is aware of an improperly issued subordinate CA certificate that could be used in attempts to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. The subordinate CA certificate was improperly issued by the Directorate General of the Treasury (DG Trésor), subordinate to the Government of France CA (ANSSI), which is a CA present in the Trusted Root Certification Authorities Store. This issue affects all supported releases of Microsoft Windows. Microsoft is not currently aware of attacks related to this issue.
Severity Rating:
Revision Note: V2.1 (January 15, 2015): Advisory revised to announce a detection change in update 2917500. This is a detection change only. Customers who have already successfully updated their systems do not need to take any action.
Summary: Microsoft is aware of an improperly issued subordinate CA certificate that could be used in attempts to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. The subordinate CA certificate was improperly issued by the Directorate General of the Treasury (DG Trésor), subordinate to the Government of France CA (ANSSI), which is a CA present in the Trusted Root Certification Authorities Store. This issue affects all supported releases of Microsoft Windows. Microsoft is not currently aware of attacks related to this issue.
Severity Rating: Revision Note: V2.0 (January 14, 2014): Advisory updated to reflect publication of security bulletin.Summary: Microsoft has completed the investigation into reports of this vulnerability. We have issued MS14-002 to address the Kernel N…
Revision Note: V2.0 (January 14, 2014): Advisory updated to reflect publication of security bulletin.Summary: Microsoft has completed the investigation into reports of this vulnerability. We have issued MS14-002 to address the Kernel NDProxy Vulnerabil…
Severity Rating: Revision Note: V2.0 (January 14, 2014): Advisory updated to reflect publication of security bulletin.Summary: Microsoft has completed the investigation into reports of this vulnerability. We have issued MS14-002 to address the Kernel N…
Revision Note: V1.0 (December, 10, 2013): Advisory published.
Summary: Microsoft is announcing the availability of an update for Microsoft ASP.NET to address a vulnerability in ASP.NET view state that exists when Machine Authen…
Revision Note: V1.0 (December 10, 2013): Advisory published.
Summary: Microsoft is announcing the availability of an update for all supported releases of Windows to change how signatures are verified for binaries signed with th…
Revision Note: V1.0 (December 10, 2013): Advisory published.
Summary: Microsoft is announcing the availability of an update for Windows 8 and Windows Server 2012 that revokes the digital signatures for nine private, third-party…