Microsoft Security Advisory (2641690): Fraudulent Digital Certificates Could Allow Spoofing – Version: 3.0
Revision Note: V3.0 (January 19, 2012): Revised to announce the release of an update for Windows Mobile 6.x, Windows Phone 7, and Windows Phone 7.5 devices. Summary: Microsoft is aware that DigiCert Sdn. Bhd, a Malaysian subordinate certification authority (CA) under Entrust and GTE CyberTrust, has issued 22 certificates with weak 512 bit keys. These [...]
Microsoft Security Advisory (2588513): Vulnerability in SSL/TLS Could Allow Information Disclosure – Version: 2.0
Revision Note: V2.0 (January 10, 2012): Advisory updated to reflect publication of security bulletin. Summary: Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS12-006 to address this issue. For more information about this issue, including download links for an available security update, please review MS12-006. The vulnerability addressed [...]
Microsoft Security Advisory (2659883): Vulnerability in ASP.NET Could Allow Denial of Service – Version: 2.0
Revision Note: V2.0 (December 29, 2011): Advisory updated to reflect publication of security bulletin. Summary: Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS11-100 to address this issue. For more information about this issue, including download links for an available security update, please review MS11-100. The vulnerability addressed [...]
Microsoft Security Advisory (2659883): Vulnerability in ASP.NET Could Allow Denial of Service – Version: 1.0
Revision Note: V1.0 (December 28, 2011): Advisory published. Summary: Microsoft is aware of detailed information that has been published describing a new method to exploit hash tables. Attacks targeting this type of vulnerability are generically known as hash collision attacks. Attacks such as these are not specific to Microsoft technologies and affect other web service [...]
Microsoft Security Advisory (2269637): Insecure Library Loading Could Allow Remote Code Execution – Version: 13.0
Revision Note: V13.0 (December 13, 2011): Added the following Microsoft Security Bulletins to the Updates relating to Insecure Library Loading section: MS11-099, “Cumulative Security Update for Internet Explorer;” and MS11-094, “Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution.” Summary: Microsoft is aware that research has been published detailing a remote attack vector for a [...]