[월:] 2015년 10월

No Image

MS15-107 – Important: Cumulative Security Update for Microsoft Edge (3096448) – Version: 1.1

2015-10-16 KENNETH 0

Severity Rating: ImportantRevision Note: V1.1 (October 16, 2015): Bulletin revised to announce a detection change in the 3097617 cumulative update for Windows 10. This is a detection change only. Customers who have already successfully updated their systems do not need to take any action.Summary: This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow information disclosure if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. Source: ms-security

No Image

October 2015 Security Update Release Summary

2015-10-14 KENNETH 0

Today we released security updates to provide protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month’s security updates and advisories can be found in the Security TechNet Library.  MSRC Team Source: ms-msrc

No Image

October 2015 Security Update Release Summary

2015-10-13 KENNETH 0

October 2015 Security Update Release Summary Today we released security updates to provide protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month’s security updates and advisories can be found in the Security TechNet Library.  MSRC Team Source: October 2015 Security Update Release Summary

No Image

MS15-046 – Important: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3057181) – Version: 4.0

2015-10-13 KENNETH 0

Severity Rating: ImportantRevision Note: V4.0 (October 13, 2015): Revised bulletin to announce the availability of a new update (3085544) for Microsoft Office 2007 that addresses issues with the previously-released update (2965282). Customers running Microsoft Office 2007 are encouraged to install update 3085544 at the earliest opportunity to be fully protected from the vulnerability discussed in this bulletin. Customers running other Microsoft Office software do not need to take any action. See Microsoft Knowledge Base Article 3085544 for more information and download links.Summary: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on [ more… ]

No Image

3097966 – Inadvertently Disclosed Digital Certificates Could Allow Spoofing – Version: 2.0

2015-10-13 KENNETH 0

Revision Note: V2.0 (October 13, 2015): Advisory revised to notify customers that an update is available that modifies the Code Integrity component in Windows to extend trust removal for the four digital certificates addressed by this advisory to also preclude kernel-mode code signing.Summary: Microsoft is aware of four digital certificates that were inadvertently disclosed by D-Link Corporation that could be used in attempts to spoof content. The disclosed end-entity certificates cannot be used to issue other certificates or impersonate other domains, but could be used to sign code. This issue affects all supported releases of Microsoft Windows. Source: ms-security