No Image

Coming together to address Encapsulated PostScript (EPS) attacks

2017-05-10 KENNETH 0

Coming together to address Encapsulated PostScript (EPS) attacks Today’s security updates include three updates that exemplify how the security ecosystem can come together to help protect consumers and enterprises. We would like to thank FireEye and ESET for working with us. Customers that have the latest security updates installed are protected against the attacks described below. As a best practice to ensure customers have the latest protections, we recommend they upgrade to the most current versions. Through the Microsoft Active Protections Program (MAPP), partners separately alerted us to closely related, targeted attacks. These attacks both used malformed Word documents to ensnare their targets through carefully crafted phishing mails intended for a very select audience. Both attacks were comprised of multiple vulnerabilities including a remote code execution flaw in the Encapsulated PostScript (EPS) filter in Office and a Windows elevation of [ more… ]

No Image

May 2017 security update release

2017-05-10 KENNETH 0

May 2017 security update release Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this month’s security updates can be found on the Security Update Guide. MSRC team   Source: May 2017 security update release

No Image

4022345 – Identifying and correcting failure of Windows Update client to receive updates – Version: 1.0

2017-05-10 KENNETH 0

4022345 – Identifying and correcting failure of Windows Update client to receive updates – Version: 1.0 Severity Rating: CriticalRevision Note: V1.0 (May 9, 2017): Advisory published.Summary: Microsoft is releasing this security advisory to provide information related to an uncommon deployment scenario in which the Windows Update Client may not properly scan for, or download, updates. Source: 4022345 – Identifying and correcting failure of Windows Update client to receive updates – Version: 1.0

No Image

4010323 – Deprecation of SHA-1 for SSL/TLS Certificates in Microsoft Edge and Internet Explorer 11 – Version: 1.0

2017-05-10 KENNETH 0

4010323 – Deprecation of SHA-1 for SSL/TLS Certificates in Microsoft Edge and Internet Explorer 11 – Version: 1.0 Revision Note: V1.0 (May 9, 2017): Advisory published.Summary: Beginning May 9, 2017, Microsoft released updates to Microsoft Edge and Internet Explorer 11 to block sites that are protected with a SHA-1 certificate from loading and displays an invalid certificate warning. This change will only impact SHA-1 certificates that chain to a Microsoft Trusted Root CA where the end-entity certificate or the issuing intermediate uses SHA-1. Manually-installed enterprise or self-signed SHA-1 certificates will not be impacted, although we recommend that all customers quickly migrate to SHA-2. For more information, please see Windows Enforcement of SHA1 Certificates. Source: 4010323 – Deprecation of SHA-1 for SSL/TLS Certificates in Microsoft Edge and Internet Explorer 11 – Version: 1.0

No Image

4021279 – Vulnerabilities in .NET Core, ASP.NET Core Could Allow Elevation of Privilege – Version: 1.0

2017-05-10 KENNETH 0

4021279 – Vulnerabilities in .NET Core, ASP.NET Core Could Allow Elevation of Privilege – Version: 1.0 Revision Note: V1.0 (May 9, 2017): Advisory published.Summary: Microsoft is releasing this security advisory to provide information about vulnerabilities in the public .NET Core and ASP.NET Core. This advisory also provides guidance on what developers can do to update their applications correctly. Source: 4021279 – Vulnerabilities in .NET Core, ASP.NET Core Could Allow Elevation of Privilege – Version: 1.0