Latest Microsoft Security Advisories

2982792 - Improperly Issued Digital Certificates Could Allow Spoofing - Version: 2.0

Thu, 07/17/2014 - 01:00
Revision Note: V2.0 (July 17, 2014): Advisory revised to announce the availability of update 2982792 for supported editions of Windows Server 2003. For more information, see the Suggested Actions section of this advisory.
Summary: Microsoft is aware of improperly issued SSL certificates that could be used in attempts to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. The SSL certificates were improperly issued by the National Informatics Centre (NIC), which operates subordinate CAs under root CAs operated by the Government of India Controller of Certifying Authorities (CCA), which are CAs present in the Trusted Root Certification Authorities Store. This issue affects all supported releases of Microsoft Windows. Microsoft is not currently aware of attacks related to this issue.

2755801 - Update for Vulnerabilities in Adobe Flash Player in Internet Explorer - Version: 26.0

Tue, 07/08/2014 - 01:00
Revision Note: V26.0 (July 8, 2014): Added the 2974008 update to the Current Update section.
Summary: Microsoft is announcing the availability of an update for Adobe Flash Player in Internet Explorer on all supported editions of Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10 and Internet Explorer 11.

2871997 - Update to Improve Credentials Protection and Management - Version: 2.0

Tue, 07/08/2014 - 01:00
Revision Note: V2.0 (July 8, 2014): Rereleased advisory to announce the release of updates 2973351 and 2919355 to provide further control over the Restricted Admin settings. Depending on the software installed on their system, customers should apply either 2973351 or 2919355 immediately. See Updates Related to this Advisory and Advisory FAQ for details.
Summary: Microsoft is announcing the availability of updates for supported editions of Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1 that improve credential protection and domain authentication controls to reduce credential theft.

2960358 - Update for Disabling RC4 in .NET TLS - Version: 1.2

Tue, 07/08/2014 - 01:00
Revision Note: V1.2 (July 8, 2014): Advisory revised to announce a Microsoft Update Catalog detection change for the updates requiring installation of the 2868725 prerequisite update. This is a detection change only. Customers who have already successfully updated their systems do not need to take any action.
Summary: Microsoft is announcing the availability of an update for Microsoft .NET Framework that disables RC4 in Transport Layer Security (TLS) through the modification of the system registry. Use of RC4 in TLS could allow an attacker to perform man-in-the-middle attacks and recover plaintext from encrypted sessions.