2982792 - Improperly Issued Digital Certificates Could Allow Spoofing - Version: 2.0

Posted on Thursday July 17, 2014

Revision Note: V2.0 (July 17, 2014): Advisory revised to announce the availability of update 2982792 for supported editions of Windows Server 2003. For more information, see the Suggested Actions section of this advisory.
Summary: Microsoft is aware of improperly issued SSL certificates that could be used in attempts to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. The SSL certificates were improperly issued by the National Informatics Centre (NIC), which operates subordinate CAs under root CAs operated by the Government of India Controller of Certifying Authorities (CCA), which are CAs present in the Trusted Root Certification Authorities Store. This issue affects all supported releases of Microsoft Windows. Microsoft is not currently aware of attacks related to this issue.

 

2974294 - Vulnerability in Microsoft Malware Protection Engine Could Allow Denial of Service - Version: 1.0

Posted on Tuesday June 17, 2014

Revision Note: V1.0 (June 17, 2014): Advisory published
Summary: Microsoft is releasing this security advisory to inform customers that an update to the Microsoft Malware Protection Engine addresses a security vulnerability that was reported to Microsoft. The vulnerability could allow denial of service if the Microsoft Malware Protection Engine scans a specially crafted file. An attacker who successfully exploited this vulnerability could prevent the Microsoft Malware Protection Engine from monitoring affected systems until the specially crafted file is manually removed and the service is restarted.

 

2962824 - Update Rollup of Revoked Non-Compliant UEFI Modules - Version: 1.1

Posted on Tuesday June 10, 2014

Revision Note: V1.1 (June 10, 2014): Advisory revised to announce a detection change for the update rollup (updates 2920189 and 2961908). This is a detection change only. There were no changes to the update files. Customers who have already successfully updated their systems do not need to take any action.
Summary: With this advisory, Microsoft is revoking the digital signature for four private, third-party UEFI (Unified Extensible Firmware Interface) modules that could be loaded during UEFI Secure Boot.

 

2862973 - Update for Deprecation of MD5 Hashing Algorithm for Microsoft Root Certificate Program - Version: 3.0

Posted on Tuesday June 10, 2014

Revision Note: V3.0 (June 10, 2014): Revised advisory to rerelease the 2862973 update for Windows 8 and Windows Server 2012. This rerelease only applies to systems running Windows Embedded 8 and Windows Server 2012 for Embedded Systems. See the Advisory FAQ for more information.
Summary: Microsoft is announcing the availability of an update for supported editions of Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, and Windows RT that restricts the use of certificates with MD5 hashes. This restriction is limited to certificates issued under roots in the Microsoft root certificate program. Usage of MD5 hash algorithm in certificates could allow an attacker to spoof content, perform phishing attacks, or perform man-in-the-middle attacks.

 

Page:   1...346347348349350

Celebrating 35+ Years

Off-Site Cloud Backups

Contact Us

Support Ends for Windows 10 22H2, Windows Server 2012 R2, Exchange 2013, Office 2016