Skip to main content

Latest Microsoft Security Advisories

2755801 - Update for Vulnerabilities in Adobe Flash Player in Internet Explorer - Version: 45.0

Wed, 07/29/2015 - 01:00
Revision Note: V45.0 (July 29, 2015): Added the 3074683 update for Windows 10 systems to the Current Update section.
Summary: Microsoft is announcing the availability of an update for Adobe Flash Player in Internet Explorer on all supported editions of Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10 and Internet Explorer 11.

3057154 - Update to Harden Use of DES Encryption - Version: 1.0

Tue, 07/14/2015 - 01:00
Revision Note: V1.0 (July 14, 2015):
Summary: Microsoft is announcing the availability of an update to harden scenarios in which Data Encryption Standard (DES) encryption keys are used with accounts. Microsoft disabled DES by default starting in Windows 7 and Windows Server 2008 R2. However, this update provides enhanced user protection in environments where DES is still enabled for application compatibility reasons. The improvement is part of ongoing efforts to bolster the effectiveness of encryption in Windows.

3074162 - Vulnerability in Microsoft Malicious Software Removal Tool Could Allow Elevation of Privilege - Version: 1.0

Tue, 07/14/2015 - 01:00
Severity Rating: Important
Revision Note: V1.0 (July 14, 2015): Advisory published
Summary: Microsoft is releasing this security advisory to inform customers that an update to the Microsoft Malicious Software Removal Tool (MSRT) is available that addresses a security vulnerability that was reported to Microsoft. The vulnerability could allow elevation of privilege if an attacker logs on to a target system and places a specially crafted dynamic link library (.dll) file in a local directory. An authenticated attacker who successfully exploited the vulnerability could elevate privileges on a target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.