MS – SECURITY

Revision Note: V1.0 (February 9, 2016): Advisory published.Summary: Microsoft is releasing this security advisory to provide information about a vulnerability in the public versions of Visual Studio 2013, Visual Studio 2015, ASP.NET MVC5, and ASP.NET MVC6. This advisory also provides guidance on what developers can do to help ensure that the controls and components that they have built are not subject to the vulnerability. Source: ms-security

Severity Rating: ImportantRevision Note: V1.0 (February 9, 2016): Bulletin published.Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker uses the Microsoft Web Distributed Authoring and Versioning (WebDAV) client to improperly validate input. Source: ms-security

Severity Rating: ImportantRevision Note: V1.0 (February 9, 2016): Bulletin published.Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could cause denial of service on a Network Policy Server (NPS) if an attacker sends specially crafted username strings to the NPS, which could prevent RADIUS authentication on the NPS. Source: ms-security

Severity Rating: CriticalRevision Note: V1.0 (February 9, 2016): Bulletin published.Summary: This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if Microsoft Windows PDF Library improperly handles application programming interface (API) calls, which could allow an attacker to run arbitrary code on the user’s system. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. However, an attacker would have no way to force users to download or open a malicious PDF document. Source: ms-security

Revision Note: V5.0 (February 9, 2016): Rereleased advisory to announce the release of update 3126593 to enable the Restricted Admin mode for Credential Security Support Provider (CredSSP) by default. See Updates Related to this Advisory for details.Summary: Microsoft is announcing the availability of updates for supported editions of Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1 that improve credential protection and domain authentication controls to reduce credential theft. Source: ms-security