MS – SECURITY

4025685 – Guidance related to June 2017 security update release – Version: 1.0 Revision Note: V1.0 (June 13, 2017): Advisory publishedSummary: Microsoft is announcing the availability of additional guidance for critical security updates, that are at heightened risk of exploitation due to past and threatened nation-state attacks and disclosures. Some of the releases are new, and some are for older platforms that we are making publicly available today. Source: 4025685 – Guidance related to June 2017 security update release – Version: 1.0

4021279 – Vulnerabilities in .NET Core, ASP.NET Core Could Allow Elevation of Privilege – Version: 1.0 Revision Note: V1.0 (May 9, 2017): Advisory published.Summary: Microsoft is releasing this security advisory to provide information about vulnerabilities in the public .NET Core and ASP.NET Core. This advisory also provides guidance on what developers can do to update their applications correctly. Source: 4021279 – Vulnerabilities in .NET Core, ASP.NET Core Could Allow Elevation of Privilege – Version: 1.0

4010323 – Deprecation of SHA-1 for SSL/TLS Certificates in Microsoft Edge and Internet Explorer 11 – Version: 1.0 Revision Note: V1.0 (May 9, 2017): Advisory published.Summary: Beginning May 9, 2017, Microsoft released updates to Microsoft Edge and Internet Explorer 11 to block sites that are protected with a SHA-1 certificate from loading and displays an invalid certificate warning. This change will only impact SHA-1 certificates that chain to a Microsoft Trusted Root CA where the end-entity certificate or the issuing intermediate uses SHA-1. Manually-installed enterprise or self-signed SHA-1 certificates will not be impacted, although we recommend that all customers quickly migrate to SHA-2. For more information, please see Windows Enforcement of SHA1 Certificates. Source: 4010323 – Deprecation of SHA-1 for SSL/TLS Certificates in Microsoft Edge and Internet Explorer 11 – Version: 1.0

4022345 – Identifying and correcting failure of Windows Update client to receive updates – Version: 1.0 Severity Rating: CriticalRevision Note: V1.0 (May 9, 2017): Advisory published.Summary: Microsoft is releasing this security advisory to provide information related to an uncommon deployment scenario in which the Windows Update Client may not properly scan for, or download, updates. Source: 4022345 – Identifying and correcting failure of Windows Update client to receive updates – Version: 1.0

4022344 – Security Update for Microsoft Malware Protection Engine – Version: 1.0 Severity Rating: CriticalRevision Note: V1.0 (May 8, 2017): Advisory published.Summary: Microsoft is releasing this security advisory to inform customers that an update to the Microsoft Malware Protection Engine addresses a security vulnerability that was reported to Microsoft. Source: 4022344 – Security Update for Microsoft Malware Protection Engine – Version: 1.0