No Image

RC4 is now deprecated in Microsoft Edge and Internet Explorer 11

2016-08-10 KENNETH 0

RC4 is now deprecated in Microsoft Edge and Internet Explorer 11 In September 2015, Microsoft announced the end-of-support for the RC4 cipher in Microsoft Edge and Internet Explorer 11 in 2016, as there is consensus across the industry that RC4 is no longer cryptographically secure. Today, we are releasing KB3151631 with the August 9, 2016 cumulative updates for Windows and IE, which disables RC4 in Microsoft Edge (Windows 10) and IE11 (Windows 7 and newer). This matches the most recent versions of Google Chrome and Mozilla Firefox. What is RC4? RC4 is a stream cipher that was first described in 1987, and has been widely supported across web browsers and online services. Modern attacks have demonstrated that RC4 can be broken within hours or days. The typical attacks on RC4 exploit biases in the RC4 keystream to recover repeatedly encrypted [ more… ]

No Image

August 2016 security update release

2016-08-10 KENNETH 0

August 2016 security update release Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month’s security updates and advisories can be found in the Security TechNet Library. MSRC team Source: August 2016 security update release

No Image

MS16-102 – Critical: Security Update for Microsoft Windows PDF Library (3182248) – Version: 1.0

2016-08-10 KENNETH 0

MS16-102 – Critical: Security Update for Microsoft Windows PDF Library (3182248) – Version: 1.0 Severity Rating: CriticalRevision Note: V1.0 (August 9, 2016): Bulletin published.Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user views specially crafted PDF content online or opens a specially crafted PDF document. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Source: MS16-102 – Critical: Security Update for Microsoft Windows PDF Library (3182248) – Version: 1.0

No Image

MS16-098 – Important: Security Update for Windows Kernel-Mode Drivers (3178466) – Version: 1.0

2016-08-10 KENNETH 0

MS16-098 – Important: Security Update for Windows Kernel-Mode Drivers (3178466) – Version: 1.0 Severity Rating: ImportantRevision Note: V1.0 (August 9, 2016): Bulletin published. Summary: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system. Source: MS16-098 – Important: Security Update for Windows Kernel-Mode Drivers (3178466) – Version: 1.0

No Image

MS16-101 – Important: Security Update for Windows Authentication Methods (3178465) – Version: 1.0

2016-08-10 KENNETH 0

MS16-101 – Important: Security Update for Windows Authentication Methods (3178465) – Version: 1.0 Severity Rating: ImportantRevision Note: V1.0 (August 9, 2016): Bulletin published.Summary: This security update resolves multiple vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker runs a specially crafted application on a domain-joined system. Source: MS16-101 – Important: Security Update for Windows Authentication Methods (3178465) – Version: 1.0