Category Archives: Microsoft

Microsoft Security Advisory (2916652): Improperly Issued Digital Certificates Could Allow Spoofing – Version: 2.1

Severity Rating:
Revision Note: V2.1 (January 15, 2015): Advisory revised to announce a detection change in update 2917500. This is a detection change only. Customers who have already successfully updated their systems do not need to take any action.
Summary: Microsoft is aware of an improperly issued subordinate CA certificate that could be used in attempts to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. The subordinate CA certificate was improperly issued by the Directorate General of the Treasury (DG Trésor), subordinate to the Government of France CA (ANSSI), which is a CA present in the Trusted Root Certification Authorities Store. This issue affects all supported releases of Microsoft Windows. Microsoft is not currently aware of attacks related to this issue.

2916652 – Improperly Issued Digital Certificates Could Allow Spoofing – Version: 2.1

Revision Note: V2.1 (January 15, 2015): Advisory revised to announce a detection change in update 2917500. This is a detection change only. Customers who have already successfully updated their systems do not need to take any action.
Summary: Microsoft is aware of an improperly issued subordinate CA certificate that could be used in attempts to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. The subordinate CA certificate was improperly issued by the Directorate General of the Treasury (DG Trésor), subordinate to the Government of France CA (ANSSI), which is a CA present in the Trusted Root Certification Authorities Store. This issue affects all supported releases of Microsoft Windows. Microsoft is not currently aware of attacks related to this issue.

Improperly Issued Digital Certificates Could Allow Spoofing – Version: 2.1

Severity Rating:
Revision Note: V2.1 (January 15, 2015): Advisory revised to announce a detection change in update 2917500. This is a detection change only. Customers who have already successfully updated their systems do not need to take any action.
Summary: Microsoft is aware of an improperly issued subordinate CA certificate that could be used in attempts to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. The subordinate CA certificate was improperly issued by the Directorate General of the Treasury (DG Trésor), subordinate to the Government of France CA (ANSSI), which is a CA present in the Trusted Root Certification Authorities Store. This issue affects all supported releases of Microsoft Windows. Microsoft is not currently aware of attacks related to this issue.

Microsoft Security Advisory (2914486): Vulnerability in Microsoft Windows Kernel Could Allow Elevation of Privilege – Version: 2.0

Severity Rating: Revision Note: V2.0 (January 14, 2014): Advisory updated to reflect publication of security bulletin.Summary: Microsoft has completed the investigation into reports of this vulnerability. We have issued MS14-002 to address the Kernel N…

2914486 – Vulnerability in Microsoft Windows Kernel Could Allow Elevation of Privilege – Version: 2.0

Revision Note: V2.0 (January 14, 2014): Advisory updated to reflect publication of security bulletin.Summary: Microsoft has completed the investigation into reports of this vulnerability. We have issued MS14-002 to address the Kernel NDProxy Vulnerabil…

Vulnerability in Microsoft Windows Kernel Could Allow Elevation of Privilege – Version: 2.0

Severity Rating: Revision Note: V2.0 (January 14, 2014): Advisory updated to reflect publication of security bulletin.Summary: Microsoft has completed the investigation into reports of this vulnerability. We have issued MS14-002 to address the Kernel N…

Microsoft Security Advisory (2905247): Insecure ASP.NET Site Configuration Could Allow Elevation of Privilege – Version: 1.0

Revision Note: V1.0 (December, 10, 2013): Advisory published.
Summary: Microsoft is announcing the availability of an update for Microsoft ASP.NET to address a vulnerability in ASP.NET view state that exists when Machine Authen…

Microsoft Security Advisory (2915720): Changes in Windows Authenticode Signature Verification – Version: 1.0

Revision Note: V1.0 (December 10, 2013): Advisory published.
Summary: Microsoft is announcing the availability of an update for all supported releases of Windows to change how signatures are verified for binaries signed with th…

Microsoft Security Advisory (2871690): Update to Revoke Non-compliant UEFI Modules – Version: 1.0

Revision Note: V1.0 (December 10, 2013): Advisory published.
Summary: Microsoft is announcing the availability of an update for Windows 8 and Windows Server 2012 that revokes the digital signatures for nine private, third-party…