Microsoft Security Advisory (2269637): Insecure Library Loading Could Allow Remote Code Execution – Version: 9.0
Revision Note: V9.0 (August 9, 2011): Added Microsoft Security Bulletin MS11-059, “Vulnerability in Data Access Components Could Allow Remote Code Execution,” to the Updates relating to Insecure Library Loading section.
Summary: Microsoft is aware that research has been published detailing a remote attack vector for a class of vulnerabilities that affects how applications load external libraries.
Microsoft Security Advisory (2607712): Fraudulent Digital Certificates Could Allow Spoofing – Version: 5.0
Revision Note: V5.0 (September 19, 2011): Revised to announce the rerelease of the KB2616676 update. See the Update FAQ in this advisory for more information.
Summary: Microsoft is aware of active attacks using at least one fraudulent digital certificate issued by DigiNotar, a certification authority present in the Trusted Root Certification Authorities Store. A fraudulent certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against all Web browser users including users of Internet Explorer. While this is not a vulnerability in a Microsoft product, this issue affects all supported releases of Microsoft Windows.
Microsoft Security Advisory (961040): Vulnerability in SQL Server Could Allow Remote Code Execution – Version: 2.0
Revision Note: V2.0 (February 10, 2009): Advisory updated to reflect publication of security bulletin.
Summary: Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS09-004 to address this issue. For more information about this issue, including download links for an available security update, please review MS09-004. The vulnerability addressed is the Microsoft XML Core Services Vulnerability – CVE-2008-5416.
Microsoft Security Advisory (953839): Update Rollup for ActiveX Kill Bits – Version: 1.3
Revision Note: V1.3 (March 11, 2009): Added an entry to Frequently Asked Questions to communicate that for the purpose of automatic updating, this update does not replace the Cumulative Security Update of ActiveX Kill Bits (950760) that is described in Microsoft Security Bulletin MS08-032.
Summary: Microsoft is releasing a new set of ActiveX kill bits with this advisory.
Microsoft Security Advisory (951306): Vulnerability in Windows Could Allow Elevation of Privilege – Version: 3.0
Revision Note: V3.0 (April 14, 2009): Advisory updated to reflect publication of security bulletin.
Summary: Security Advisory