Skip to main content
MSRC

Advisory

August 2012 Bulletin Release

Tuesday, August 14, 2012

Security Advisory 2661254 - Update For Minimum Certificate Key Length Before we get into the details of this month’s bulletin release, let’s take a look at an important change on how Windows deals with certificates that have RSA keys of less than 1024 bits in length. We’ve been talking about this subject since June, and today we are announcing the availability of an update to Windows that restricts the use of certificates with RSA keys less than 1024 bits in length with Security Advisory 2661254.

Read More

Security Advisory 2737111 released

Tuesday, July 24, 2012

Hello – Today we published Security Advisory 2737111, which provides mitigations and workarounds that will help protect customers from a known vulnerability in one of Oracle’s Outside In libraries, which were updated earlier this month. Microsoft licenses the libraries from Oracle and uses them in Microsoft Exchange Server 2007, Microsoft Exchange Server 2010, and FAST Search Server 2010 for SharePoint.

Read More

Further insight into Security Advisory 2719615

Wednesday, June 13, 2012

During our regular Update Tuesday bulletin cycle this week, we released Security Advisory 2719615, which provides guidance concerning a remote code execution issue affecting MSXML Code Services. As part of that Advisory, we’ve built a Fix it workaround that blocks the potential attack vector in Internet Explorer. Fix its are a labor-saving mechanism that helps protect customers from a specific issue in advance of a comprehensive security update.

Read More

Microsoft security updates and the Common Vulnerability Reporting Framework

Thursday, May 17, 2012

As a part of the Industry Consortium for Advancement of Security on the Internet (ICASI), Microsoft is pleased to present an initial set of monthly security updates – originally released on May 8 – in the consortium’s newly established Common Vulnerability Reporting Framework (CVRF) format, for your examination and feedback. Today, ICASI released version 1.

Read More

Microsoft releases Security Advisory 2639658

Thursday, November 03, 2011

Hi everyone, Today we released Security Advisory 2639568 to provide customer guidance for the Windows kernel issue related to the Duqu malware. I would like to provide you information on how to protect your system(s), how we are addressing the issue, and insight into our threat landscape monitoring capabilities. The security advisory provides a workaround that can be applied to any Windows system.

Read More

Microsoft releases Security Advisory 2588513

Monday, September 26, 2011

Hello. Today we released Security Advisory 2588513, addressing an information-disclosure issue in SSL (Secure Sockets Layer) 3.0 and TLS (Transport Layer Security) 1.0 to provide guidance for customers. This is an industry-wide issue with limited impact that affects the Internet ecosystem as a whole rather than any specific platform. Our Advisory addresses the issue via the Windows operating system.

Read More

Microsoft Releases Security Advisory 2524375

Wednesday, March 23, 2011

Hello - Today we’re releasing Security Advisory 2524375, to address nine fraudulent digital certificates issued by Comodo Group Inc, a root certificate authority. Comodo has since revoked the digital certificates. This is not a Microsoft security vulnerability; however, one of the certificates potentially affects Windows Live ID users via login.live.com. These certificates may be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against end users.

Read More