May 2017 security update release Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this month’s security updates can be found on the Security Update Guide. MSRC team Source: May 2017 security update release
4022345 – Identifying and correcting failure of Windows Update client to receive updates – Version: 1.0 Severity Rating: CriticalRevision Note: V1.0 (May 9, 2017): Advisory published.Summary: Microsoft is releasing this security advisory to provide information related to an uncommon deployment scenario in which the Windows Update Client may not properly scan for, or download, updates. Source: 4022345 – Identifying and correcting failure of Windows Update client to receive updates – Version: 1.0
4010323 – Deprecation of SHA-1 for SSL/TLS Certificates in Microsoft Edge and Internet Explorer 11 – Version: 1.0 Revision Note: V1.0 (May 9, 2017): Advisory published.Summary: Beginning May 9, 2017, Microsoft released updates to Microsoft Edge and Internet Explorer 11 to block sites that are protected with a SHA-1 certificate from loading and displays an invalid certificate warning. This change will only impact SHA-1 certificates that chain to a Microsoft Trusted Root CA where the end-entity certificate or the issuing intermediate uses SHA-1. Manually-installed enterprise or self-signed SHA-1 certificates will not be impacted, although we recommend that all customers quickly migrate to SHA-2. For more information, please see Windows Enforcement of SHA1 Certificates. Source: 4010323 – Deprecation of SHA-1 for SSL/TLS Certificates in Microsoft Edge and Internet Explorer 11 – Version: 1.0
4021279 – Vulnerabilities in .NET Core, ASP.NET Core Could Allow Elevation of Privilege – Version: 1.0 Revision Note: V1.0 (May 9, 2017): Advisory published.Summary: Microsoft is releasing this security advisory to provide information about vulnerabilities in the public .NET Core and ASP.NET Core. This advisory also provides guidance on what developers can do to update their applications correctly. Source: 4021279 – Vulnerabilities in .NET Core, ASP.NET Core Could Allow Elevation of Privilege – Version: 1.0
USN-3279-1: Apache HTTP Server vulnerabilities Ubuntu Security Notice USN-3279-1 9th May, 2017 apache2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in Apache HTTP Server. Software description apache2 – Apache HTTP server Details It was discovered that the Apache mod_session_crypto module was encryptingdata and cookies using either CBC or ECB modes. A remote attacker couldpossibly use this issue to perform padding oracle attacks. (CVE-2016-0736) Maksim Malyutin discovered that the Apache mod_auth_digest moduleincorrectly handled malicious input. A remote attacker could possibly usethis issue to cause Apache to crash, resulting in a denial of service.(CVE-2016-2161) David Dennerline and Régis Leroy discovered that the Apache HTTP Serverincorrectly handled unusual whitespace when parsing requests, contrary tospecifications. When being used in combination with a proxy or backendserver, [ more… ]
Copyright © 2026 | WordPress Theme by MH Themes
