Spyware Remover Help » Microsoft Security Advisory

Microsoft Security Advisory (2641690): Fraudulent Digital Certificates Could Allow Spoofing – Version: 3.0

Ted — Fri, 20 Jan 2012 16:00:08 +0000

Revision Note: V3.0 (January 19, 2012): Revised to announce the release of an update for Windows Mobile 6.x, Windows Phone 7, and Windows Phone 7.5 devices.
Summary: Microsoft is aware that DigiCert Sdn. Bhd, a Malaysian subordinate certification authority (CA) under Entrust and GTE CyberTrust, has issued 22 certificates with weak 512 bit keys. These weak encryption keys, when broken, could allow an attacker to use the certificates fraudulently to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against all Web browser users including users of Internet Explorer. While this is not a vulnerability in a Microsoft product, this issue affects all supported releases of Microsoft Windows.

Microsoft Security Advisory (2588513): Vulnerability in SSL/TLS Could Allow Information Disclosure – Version: 2.0

Ted — Wed, 11 Jan 2012 16:00:07 +0000

Revision Note: V2.0 (January 10, 2012): Advisory updated to reflect publication of security bulletin.
Summary: Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS12-006 to address this issue. For more information about this issue, including download links for an available security update, please review MS12-006. The vulnerability addressed is the SSL/TLS Information Disclosure Vulnerability – CVE-2011-3389.

Microsoft Security Advisory (2659883): Vulnerability in ASP.NET Could Allow Denial of Service – Version: 2.0

Ted — Fri, 30 Dec 2011 16:00:05 +0000

Revision Note: V2.0 (December 29, 2011): Advisory updated to reflect publication of security bulletin.
Summary: Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS11-100 to address this issue. For more information about this issue, including download links for an available security update, please review MS11-100. The vulnerability addressed is the Collisions in HashTable May Cause DoS Vulnerability – CVE-2011-3414.

Microsoft Security Advisory (2659883): Vulnerability in ASP.NET Could Allow Denial of Service – Version: 1.0

Ted — Thu, 29 Dec 2011 16:00:05 +0000

Revision Note: V1.0 (December 28, 2011): Advisory published.
Summary: Microsoft is aware of detailed information that has been published describing a new method to exploit hash tables. Attacks targeting this type of vulnerability are generically known as hash collision attacks. Attacks such as these are not specific to Microsoft technologies and affect other web service software providers. This vulnerability affects all versions of Microsoft .NET Framework and could allow for an unauthenticated denial of service attack on servers that serve ASP.NET pages. Sites that only serve static content or disallow dynamic content types listed in the mitigation factors below are not vulnerable.

Microsoft Security Advisory (2269637): Insecure Library Loading Could Allow Remote Code Execution – Version: 13.0

Ted — Thu, 15 Dec 2011 04:00:04 +0000

Revision Note: V13.0 (December 13, 2011): Added the following Microsoft Security Bulletins to the Updates relating to Insecure Library Loading section: MS11-099, “Cumulative Security Update for Internet Explorer;” and MS11-094, “Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution.”
Summary: Microsoft is aware that research has been published detailing a remote attack vector for a class of vulnerabilities that affects how applications load external libraries.

Microsoft Security Advisory (2639658): Vulnerability in TrueType Font Parsing Could Allow Elevation of Privilege – Version: 2.0

Ted — Wed, 14 Dec 2011 16:00:04 +0000

Revision Note: V2.0 (December 13, 2011): Advisory updated to reflect publication of security bulletins.
Summary: Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS11-087 to address this issue. For more information about this issue, including download links for an available security update, please review MS11-087. The vulnerability addressed is the TrueType Font Parsing Vulnerability – CVE-2011-3402.

Microsoft Security Advisory (2641690): Fraudulent Digital Certificates Could Allow Spoofing – Version: 2.0

Ted — Thu, 17 Nov 2011 04:00:04 +0000

Revision Note: V2.0 (November 16, 2011): Revised to announce the rerelease of the KB261690 update. See the Update FAQ in this advisory for more information. Also, added link to Microsoft Knowledge Base Article 2641690 under Known Issues in the Executive Summary.
Summary: Microsoft is aware that DigiCert Sdn. Bhd, a Malaysian subordinate certification authority (CA) under Entrust and GTE CyberTrust, has issued 22 certificates with weak 512 bit keys. These weak encryption keys, when broken, could allow an attacker to use the certificates fraudulently to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against all Web browser users including users of Internet Explorer. While this is not a vulnerability in a Microsoft product, this issue affects all supported releases of Microsoft Windows.

Microsoft Security Advisory (2639658): Vulnerability in TrueType Font Parsing Could Allow Elevation of Privilege – Version: 1.4

Ted — Sat, 12 Nov 2011 04:00:05 +0000

Revision Note: V1.4 (November 11, 2011): Revised impact statement for the workaround, Deny access to T2EMBED.DLL, to address applications that rely on T2EMBED.DLL for functionality.
Summary: Microsoft is investigating a vulnerability in a Microsoft Windows component, the Win32k TrueType font parsing engine. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. We are aware of targeted attacks that try to use the reported vulnerability; overall, we see low customer impact at this time. This vulnerability is related to the Duqu malware.

Microsoft Security Advisory (2641690): Fraudulent Digital Certificates Could Allow Spoofing – Version: 1.0

Ted — Fri, 11 Nov 2011 04:00:06 +0000

Revision Note: V1.0 (November 10, 2011): Advisory published.
Summary: Microsoft is aware that DigiCert Sdn. Bhd, a Malaysian subordinate certification authority (CA) under Entrust and GTE CyberTrust, has issued 22 certificates with weak 512 bit keys. These weak encryption keys, when broken, could allow an attacker to use the certificates fraudulently to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against all Web browser users including users of Internet Explorer. While this is not a vulnerability in a Microsoft product, this issue affects all supported releases of Microsoft Windows.

Microsoft Security Advisory (2639658): Vulnerability in TrueType Font Parsing Could Allow Elevation of Privilege – Version: 1.3

Ted — Thu, 10 Nov 2011 04:00:03 +0000

Revision Note: V1.3 (November 8, 2011): Added link to MAPP Partners with Updated Protections in the Executive Summary.
Summary: Microsoft is investigating a vulnerability in a Microsoft Windows component, the Win32k TrueType font parsing engine. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. We are aware of targeted attacks that try to use the reported vulnerability; overall, we see low customer impact at this time. This vulnerability is related to the Duqu malware.