No Image

3109853 – Update to Improve TLS Session Resumption Interoperability – Version: 1.0

2016-01-12 KENNETH 0

Revision Note: V1.0 (January 12, 2016): Advisory published.Summary: Microsoft is announcing the availability of an update to improve interoperability between Schannel-based TLS clients and 3rd-party TLS servers that enable RFC5077-based resumption and that send the NewSessionTicket message in the abbreviated TLS handshake. The update addresses an issue in schannel.dll that could cause RFC5077 session ticket-based resumption to fail and subsequently cause WinInet-based clients (for example, Internet Explorer and Microsoft Edge) to perform a fallback to a lower TLS protocol version than the one that would have been negotiated otherwise. This improvement is part of ongoing efforts to bolster the effectiveness of encryption in Windows. Source: ms-security

No Image

MS16-002 – Critical: Cumulative Security Update for Microsoft Edge (3124904) – Version: 1.0

2016-01-12 KENNETH 0

Severity Rating: CriticalRevision Note: V1.0 (January 12, 2016): Bulletin published.Summary: This security update resolves vulnerabilities in Microsoft Edge. The vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. Source: ms-security

No Image

MS16-004 – Critical: Security Update for Microsoft Office to Address Remote Code Execution (3124585) – Version: 1.0

2016-01-12 KENNETH 0

Severity Rating: CriticalRevision Note: V1.0 (January 12, 2016): Bulletin published.Summary: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. Source: ms-security

No Image

MS16-003 – Critical: Cumulative Security Update for JScript and VBScript to Address Remote Code Execution (3125540) – Version: 1.0

2016-01-12 KENNETH 0

Severity Rating: CriticalRevision Note: V1.0 (January 12, 2016): Bulletin published.Summary: This security update resolves a vulnerability in the VBScript scripting engine in Microsoft Windows. The vulnerability could allow remote code execution if a user visits a specially crafted website. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Source: ms-security