Latest Microsoft Security Advisories

2905247 - Insecure ASP.NET Site Configuration Could Allow Elevation of Privilege - Version: 2.0

Tue, 09/09/2014 - 01:00
Revision Note: V2.0 (September 9, 2014): Advisory rereleased to announce the offering of the security update via Microsoft Update, in addition to the Download-Center-only option that was provided when this advisory was originally released.
Summary: Microsoft is announcing the availability of an update for Microsoft ASP.NET to address a vulnerability in ASP.NET view state that exists when Machine Authentication Code (MAC) validation is disabled through configuration settings. The vulnerability could allow elevation of privilege and affects all supported versions of Microsoft .NET Framework except .NET Framework 3.0 Service Pack 2 and Microsoft .NET Framework 3.5 Service Pack 1.

2755801 - Update for Vulnerabilities in Adobe Flash Player in Internet Explorer - Version: 28.0

Tue, 09/09/2014 - 01:00
Revision Note: V28.0 (September 9, 2014): Added the 2987114 update to the Current Update section.
Summary: Microsoft is announcing the availability of an update for Adobe Flash Player in Internet Explorer on all supported editions of Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10 and Internet Explorer 11.

2871997 - Update to Improve Credentials Protection and Management - Version: 3.0

Tue, 09/09/2014 - 01:00
Revision Note: V3.0 (September 9, 2014): Rereleased advisory to announce the release of update 2982378 to provide additional protection for users’ credentials when logging into a Windows 7 or Windows Server 2008 R2 system. See Updates Related to this Advisory for details.
Summary: Microsoft is announcing the availability of updates for supported editions of Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1 that improve credential protection and domain authentication controls to reduce credential theft.