317 replies to this topic

[AplusWebMaster]

FYI...

Microsoft Security Advisory (2934088)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- http://technet.micro...dvisory/2934088
Updated: March 11, 2014 - "... We have issued MS14-012* to address this issue. For more information about this issue, including download links for an available security update, please review MS14-012..."
* https://technet.micr...lletin/ms14-012

Microsoft Security Advisory (2755801)
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- http://technet.micro...dvisory/2755801
Updated: March 11, 2014 Version: 21.0 - "... announcing the availability of an update for Adobe Flash Player in Internet Explorer on all supported editions of Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10 and Internet Explorer 11..."
 

[AplusWebMaster]

FYI...

Microsoft Security Advisory (2953095)
Vulnerability in Microsoft Word Could Allow Remote Code Execution
- https://technet.micr...dvisory/2953095
Mar 24, 2014 - "Microsoft is aware of a vulnerability affecting supported versions of Microsoft Word. At this time, we are aware of limited, targeted attacks directed at Microsoft Word 2010. The vulnerability could allow remote code execution if a user opens a specially crafted RTF file using an affected version of Microsoft Word, or previews or opens a specially crafted RTF email message in Microsoft Outlook while using Microsoft Word as the email viewer. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. Applying the Microsoft Fix it solution*, "Disable opening RTF content in Microsoft Word," prevents the exploitation of this issue through Microsoft Word... The vulnerability is a remote code execution vulnerability. The issue is caused when Microsoft Word parses specially crafted RTF-formatted data causing system memory to become corrupted in such a way that an attacker could execute arbitrary code. The vulnerability could be exploited through Microsoft Outlook only when using Microsoft Word as the email viewer. Note that by default, Microsoft Word is the email reader in Microsoft Outlook 2007, Microsoft Outlook 2010, and Microsoft Outlook 2013. On completion of investigation for this vulnerability, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs..."
• V1.1 (March 27, 2014): Updated Advisory FAQ to clarify that Microsoft WordPad is not affected by the issue and to help explain how the issue is specific to Microsoft Word.
* https://support.micr...3095#FixItForMe
Microsoft Fix it 51010

- http://blogs.technet...detections.aspx
24 Mar 2014
___

- https://secunia.com/advisories/57577/
Criticality: Extremely Critical
Where: From remote
Impact: System access...
CVE Reference: https://web.nvd.nist...d=CVE-2014-1761 - 9.3 (HIGH)
"... as exploited in the wild in March 2014."
Reported as a 0-Day...
Original Advisory: https://technet.micr...dvisory/2953095

0-Day Exploit Targeting Word, Outlook
- http://krebsonsecuri...d-2010-exploit/
Mar 24, 2014

- https://www.computer...g_unpatched_bug
Mar 24, 2014 - "... exploits are triggered just by -previewing- malicious messages in Outlook 2007, 2010 and 2013..."
 

Edited by AplusWebMaster, 30 March 2014 - 05:52 AM.

[AplusWebMaster]

FYI...

Microsoft Security Advisory (2953095)
Vulnerability in Microsoft Word Could Allow Remote Code Execution
- http://technet.micro...dvisory/2953095
Last Updated: April 8, 2014 - "... We have issued MS14-017* to address this issue..."
* http://technet.micro...lletin/ms14-017

Microsoft Security Advisory (2755801)
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- http://technet.micro...dvisory/2755801
Last Updated: April 8, 2014 - V22.0
 

[AplusWebMaster]

FYI...

Microsoft Security Advisory 2963983
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- https://technet.micr...ecurity/2963983
April 26, 2014 8:25 PM - "Microsoft is aware of limited, targeted attacks that attempt to exploit a vulnerability in Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11. The vulnerability is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website. On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs.
Suggested Actions: Apply Workarounds... Deploy the Enhanced Mitigation Experience Toolkit 4.1 ...

- https://web.nvd.nist...d=CVE-2014-1776 - 10.0 (HIGH)
Last revised: 04/28/2014 - "... Use-after-free vulnerability in VGX.DLL... as exploited in the wild in April 2014"

- https://www.us-cert....erability-Being
April 28, 2014 - "... consider employing an alternative web browser until an official update is available..."

- http://www.fireeye.c...ed-attacks.html
April 26, 2014 - "... exploit leverages a previously unknown use-after-free vulnerability, and uses a well-known Flash exploitation technique* to achieve arbitrary memory access and bypass Windows’ ASLR and DEP protections..."
* http://www.fireeye.c...y-exploits.html

- http://blog.trendmic...ersions-in-use/
Apr 27, 2014 - "... some workarounds have been provided by Microsoft as part of their advisory; of these enabling Enhanced Protected Mode (an IE10 and IE11-only feature) is the easiest to do. In addition, the exploit code requires Adobe Flash to work, so disabling or removing the Flash Player from IE also reduces the risk from this vulnerability as well..."

- http://blogs.technet...y-advisory.aspx
Tags: Advisory, Zero-Day Exploit, Security, Internet Explorer (IE), Vulnerability"
 

Edited by AplusWebMaster, 28 April 2014 - 12:09 PM.

[AplusWebMaster]

FYI...

MS Security Advisory 2755801
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- https://technet.micr...ecurity/2755801
V23.0 (April 28, 2014): Added the 2961887 update to the Current Update section.
On April 28, 2014, Microsoft released an update (2961887) for Internet Explorer 10 on Windows 8, Windows Server 2012, and Windows RT, and for Internet Explorer 11 on Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. The update addresses the vulnerabilities described in Adobe Security bulletin APSB14-13*. For more information about this update, including download links, see Microsoft Knowledge Base Article 2961887** ...
* http://helpx.adobe.c.../apsb14-13.html

** https://support.micr....com/kb/2961887
Last Review: April 28, 2014 - Rev: 1.0

- https://technet.micr...ecurity/2963983
V1.1 (April 29, 2014): Updated advisory to clarify workarounds to help prevent exploitation of the vulnerability described in this advisory. See Advisory FAQ for details.
 

Edited by AplusWebMaster, 29 April 2014 - 07:38 PM.

[AplusWebMaster]

FYI...

Microsoft Security Advisory 2755801
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- https://technet.micr...ecurity/2755801
V23.1 (April 30, 2014): Revised advisory to clarify that the 2961887* update is -not- cumulative and requires that the 2942844** update be installed for affected systems to be offered the update.

* https://support.micr....com/kb/2961887
Last Review: Apr 8, 2014 - Rev: 1.0

** https://support.micr....com/kb/2942844
Last Review: Apr 8, 2014 - Rev: 1.0

___

An update is available for EMET Certificate Trust default rules
- https://support.micr....com/kb/2961016
Last Review: Apr 29, 2014 - Rev: 1.0
Applies to: Enhanced Mitigation Experience Toolkit 4.1

Enhanced Mitigation Experience Toolkit
- https://support.micr....com/kb/2458544
Last Review: Apr 30, 2014 - Rev: 9.0

 

 

___

Microsoft Security Advisory 2963983
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- https://technet.micr...ecurity/2963983
Updated: May 1, 2014 Ver: 2.0 - "Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS14-021* to address this issue..."
* https://technet.micr...curity/ms14-021
May 1, 2014

- https://support.micr....com/kb/2965111
Last Review: May 1, 2014 - Rev: 1.2

> http://update.microsoft.com/
___

- http://atlas.arbor.n...ndex#1200596255
Extreme Severity
May 01, 2014
... IE 0-day vulnerability currently being exploited in targeted attacks... out-of-band patch for this vulnerability should be applied immediately.
 

Edited by AplusWebMaster, 05 May 2014 - 10:01 AM.

[AplusWebMaster]

FYI...

Microsoft Security Advisory 2962393
Update for Vulnerability in Juniper Networks Windows In-Box Junos Pulse Client
- https://technet.micr...ecurity/2962393
May 5, 2014 - "Microsoft is announcing the availability of an update for the Juniper Networks Windows In-Box Junos Pulse Client for Windows 8.1 and Windows RT 8.1. The update addresses a vulnerability in the Juniper VPN client by updating the affected Juniper VPN client libraries contained in affected versions of Microsoft Windows... Microsoft released an update for the Juniper Networks Windows In-Box Junos Pulse VPN client. The update addresses the vulnerability described in Juniper Security Advisory JSA10623*. For more information about this update, including download links, see Microsoft Knowledge Base Article 2962393**.
Note: Updates for Windows RT 8.1 are available via Windows Update."

* https://kb.juniper.n...ent&id=JSA10623
Last Updated: 30 Apr 2014    
Version: 43.0

** https://support.micr....com/kb/2962393
Last Review: May 5, 2014 - Rev: 1.1
 

[AplusWebMaster]

FYI...

Microsoft Security Advisory 2871997
Update to Improve Credentials Protection and Management
- https://technet.micr...ecurity/2871997
May 13, 2014 - "Microsoft is announcing the availability of an update for supported editions of Windows 8, Windows RT, Windows Server 2012, Windows 7, and Windows Server 2008 R2 that improves credential protection and domain authentication controls to reduce credential theft. This update provides additional protection for the Local Security Authority (LSA), adds a restricted admin mode for Credential Security Support Provider (CredSSP), introduces support for the protected account-restricted domain user category, and enforces stricter authentication policies for Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012 machines as clients.
Recommendation. Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service..."
- https://support.micr....com/kb/2871997

Microsoft Security Advisory 2962824
Update Rollup of Revoked Non-Compliant UEFI Modules
- https://technet.micr...ecurity/2962824
May 13, 2014 - "With this advisory, Microsoft is revoking the digital signature for four private, third-party UEFI (Unified Extensible Firmware Interface) modules that could be loaded during UEFI Secure Boot. These UEFI (Unified Extensible Firmware Interface) modules are partner modules distributed in backup and recovery software. When the update is applied, the affected UEFI modules will no longer be trusted and will no longer load on systems where UEFI Secure Boot is enabled. The affected UEFI modules consist of specific Microsoft-signed modules that are not in compliance with our certification program and are being revoked at the request of the author. Microsoft is not aware of any misuse of the affected UEFI modules..."
- https://support.micr....com/kb/2962824

Microsoft Security Advisory 2960358
Update for Disabling RC4 in .NET TLS
- https://technet.micr...ecurity/2960358
May 13, 2014 - "Microsoft is announcing the availability of an update for Microsoft .NET Framework that disables RC4 in Transport Layer Security (TLS) through the modification of the system registry. Use of RC4 in TLS could allow an attacker to perform man-in-the-middle attacks and recover plaintext from encrypted sessions.
Recommendation. Microsoft recommends that customers download and test the update before deploying it in their environments as soon as possible..."
- https://support.micr....com/kb/2960358

Microsoft Security Advisory 2755801
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- https://technet.micr...ecurity/2755801
Updated: May 13, 2014 Ver: 24.0 - "Microsoft is announcing the availability of an update for Adobe Flash Player in Internet Explorer on all supported editions of Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10 and Internet Explorer 11..."
- https://support.micr....com/kb/2957151

Microsoft Security Advisory 2269637
Insecure Library Loading Could Allow Remote Code Execution
- https://technet.micr...ecurity/2269637
Updated: May 13, 2014 Ver: 19.0 - "Microsoft is aware that research has been published detailing a remote attack vector for a class of vulnerabilities that affects how applications load external libraries. This issue is caused by specific insecure programming practices that allow so-called "binary planting" or "DLL preloading attacks". These practices could allow an attacker to remotely execute arbitrary code in the context of the user running the vulnerable application when the user opens a file from an untrusted location. This issue is caused by applications passing an insufficiently qualified path when loading an external library. Microsoft has issued guidance to developers in the MSDN article, Dynamic-Link Library Security, on how to correctly use the available application programming interfaces to prevent this class of vulnerability. Microsoft is also actively reaching out to third-party vendors through the Microsoft Vulnerability Research Program to inform them of the mitigations available in the operating system. Microsoft is also actively investigating which of its own applications may be affected. In addition to this guidance, Microsoft is releasing a tool that allows system administrators to mitigate the risk of this new attack vector by altering the library loading behavior system-wide or for specific applications. This advisory describes the functionality of this tool and other actions that customers can take to help protect their systems...
V19.0 (May 13, 2014): Added the following Microsoft Security Bulletin to the Updates relating to Insecure Library Loading section: MS14-023, "Vulnerabilities in Microsoft Office Could Allow Remote Code Execution."
 

[AplusWebMaster]

FYI...

Microsoft Security Advisory 2915720
Changes in Windows Authenticode Signature Verification
- https://technet.micr...ecurity/2915720
Published: Dec 10, 2013 | Updated: May 21, 2014 Version: 1.3
"Microsoft is announcing the availability of an update for all supported releases of Microsoft Windows to change how signatures are verified for binaries signed with the Windows Authenticode signature format. The change is included with Security Bulletin MS13-098, but will not be enabled until August 12, 2014. Once enabled, the new default behavior for Windows Authenticode signature verification will no longer allow extraneous information in the WIN_CERTIFICATE structure. Note that after August 12, 2014, Windows will no longer recognize non-compliant binaries as signed.
Recommendation: Microsoft recommends that by August 12, 2014, executables authors ensure that all signed binaries comport with this new verification behavior by containing no extraneous information in the WIN_CERTIFICATE structure. Microsoft also recommends that customers appropriately test this change to evaluate how it will behave in their environments...
Suggested Actions: Review Microsoft Root Certificate Program Technical Requirements
Customers who are interested in learning more about the topic covered in this advisory should review Windows Root Certificate Program - Technical Requirements*..."
* http://social.techne...quirements.aspx
"... The Technical Requirements version 1.1 have been superseded by this version 2.0..."
 

[AplusWebMaster]

FYI...

Microsoft Security Advisory 2962824
Update Rollup of Revoked Non-Compliant UEFI Modules
- https://technet.micr...ecurity/2962824
Updated: June 10, 2014 - Ver: 1.1 - "With this advisory, Microsoft is revoking the digital signature for four private, third-party UEFI (Unified Extensible Firmware Interface) modules that could be loaded during UEFI Secure Boot. These UEFI (Unified Extensible Firmware Interface) modules are partner modules distributed in backup and recovery software. When the update is applied, the affected UEFI modules will no longer be trusted and will no longer load on systems where UEFI Secure Boot is enabled. The affected UEFI modules consist of specific Microsoft-signed modules that are not in compliance with our certification program and are being revoked at the request of the author.  Microsoft is not aware of any misuse of the affected UEFI modules. Microsoft is proactively revoking these non-compliant modules in coordination with their author as part of ongoing efforts to protect customers. This action only affects systems running Windows 8, Windows 8.1, Windows Server 2012, and Windows Server 2012 R2 that are capable of UEFI Secure Boot where the system is configured to boot via UEFI and Secure Boot is enabled. There is no action on systems that do not support UEFI Secure Boot or where it is disabled...
Known Issues. Microsoft Knowledge Base Article 2962824* documents the currently known issues that customers may experience when installing this update. The article also documents recommended solutions for these issues."
* https://support.micr....com/kb/2962824

Microsoft Security Advisory 2755801
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- https://technet.micr...ecurity/2755801
Updated: June 10, 2014 - Ver: 25.0 - "... Microsoft recommends that customers apply the current update immediately using update management software, or by checking for updates using the Microsoft Update service. Since the update is cumulative, only the current update will be offered. Customers do not need to install previous updates as a prerequisite for installing the current update. On June 10, 2014, Microsoft released an update (2966072) for Internet Explorer 10 on Windows 8, Windows Server 2012, and Windows RT, and for Internet Explorer 11 on Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. The update addresses the vulnerabilities described in Adobe Security bulletin APSB14-16*..."
* http://helpx.adobe.c.../apsb14-16.html

Microsoft Security Advisory 2862973
Update for Deprecation of MD5 Hashing Algorithm for Microsoft Root Certificate Program
- https://technet.micr...ecurity/2862973
Updated: June 10, 2014 - Ver: 3.0 - "Microsoft is announcing the availability of an update for supported editions of Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, and Windows RT that restricts the use of certificates with MD5 hashes. This restriction is limited to certificates issued under roots in the Microsoft root certificate program. Usage of MD5 hash algorithm in certificates could allow an attacker to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. Recommendation: Microsoft recommends that customers apply the update at the earliest opportunity. Please see the Suggested Actions section of this advisory for more information..."
- https://support.micr....com/kb/2862966

- https://support.micr....com/kb/2862973
 

[AplusWebMaster]

FYI...

Microsoft Security Advisory 2974294
Vulnerability in Microsoft Malware Protection Engine Could Allow Denial of Service
- https://technet.micr...ecurity/2974294
June 17, 2014 - "Microsoft is releasing this security advisory to inform customers that an update to the Microsoft Malware Protection Engine addresses a security vulnerability that was reported to Microsoft. The vulnerability could allow denial of service if the Microsoft Malware Protection Engine scans a specially crafted file. An attacker who successfully exploited this vulnerability could prevent the Microsoft Malware Protection Engine from monitoring affected systems until the specially crafted file is manually removed and the service is restarted... See the Affected Software section for a list of affected products. Updates to the Microsoft Malware Protection Engine are installed along with the updated malware definitions for the affected products...  automatic detection and deployment of updates will apply the update within 48 hours of release. The exact time frame depends on the software used, Internet connection, and infrastructure configuration..."

- https://www.us-cert....ware-Protection
June 17, 2014
___

- http://www.securityt....com/id/1030438
CVE Reference: https://web.nvd.nist...d=CVE-2014-2779
Jun 17 2014
Impact: Denial of service via local system, Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 1.1.10600.0 and prior...
Solution: The vendor has issued a fix (1.1.10701.0).
The vendor's advisory is available at:
- https://technet.micr...ecurity/2974294
___

- https://atlas.arbor.net/briefs/
High Severity
June 20, 2014
Analysis: If the engine scans a specially crafted file, the vulnerability could be exploited to cause a denial of service condition, stopping the engine from monitoring affected systems. A specially crafted file could be delivered via email or instant messenger, or by visiting a site hosting a malicious file; alternatively, a malicious attacker could use a website that hosts user-provided content to upload a malicious file, which would be scanned by the engine running on the hosting server. [ https://technet.micr...ecurity/2974294 ] Microsoft has updates for affected products, which will automatically be pushed to Microsoft Malware Protection Engine...
 

Edited by AplusWebMaster, 22 June 2014 - 01:12 PM.

[AplusWebMaster]

FYI...

Microsoft Security Advisory 2960358
Update for Disabling RC4 in .NET TLS
- https://technet.micr...ecurity/2960358
V1.1 (June 19, 2014): Added link to Microsoft Knowledge Base Article 2978675* under Known Issues in the Executive Summary.
* https://support.micr....com/kb/2978675
June 19, 2014 - Rev: 1.0
 

[AplusWebMaster]

FYI...

- https://isc.sans.edu...l?storyid=18319
2014-06-28
"... Microsoft Security Notifications
Issued: June 27, 2014
Notice to IT professionals:
As of July 1, 2014, due to changing governmental policies concerning the issuance of automated electronic messaging, Microsoft is -suspending- the use of -email- notifications that announce the following:
* Security bulletin advance notifications
* Security bulletin summaries
* New security advisories and bulletins
* Major and minor revisions to security advisories and bulletins
In lieu of email notifications, you can subscribe to one or more of the RSS feeds described on the Security TechCenter website. For more information, or to sign up for an RSS feed, visit the Microsoft Technical Security Notifications webpage at:
- http://technet.micro...curity/dd252948 "
___

- http://www.theregist...c_mailing_list/
1 Jul 2014 - "... In an email last night Microsoft said it would resume the mailing list on 3 July.
'On June 27, 2014, Microsoft notified customers that we were suspending Microsoft Security Notifications due to changing governmental policies concerning the issuance of automated electronic messaging. We have reviewed our processes and will resume these security notifications with our monthly Advanced Notification Service on July 3, 2014'..."
___

Microsoft Update client
- https://support.micr....com/kb/2887535
Last Review: June 27, 2014 - Rev: 4.0
 

Edited by AplusWebMaster, 01 July 2014 - 03:35 AM.

[AplusWebMaster]

FYI...

Microsoft Security Advisory 2871997
Update to Improve Credentials Protection and Management
- https://technet.micr...ecurity/2871997
Published: May 13, 2014 | Updated: July 8, 2014 Version: 2.0 - "Microsoft is announcing the availability of updates for supported editions of Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1 that improve credential protection and domain authentication controls to reduce credential theft..."

Microsoft Security Advisory 2960358
Update for Disabling RC4 in .NET TLS
- https://technet.micr...ecurity/2960358
Published: May 13, 2014 | Updated: July 8, 2014 Version: 1.2 - "Microsoft is announcing the availability of an update for Microsoft .NET Framework that disables RC4 in Transport Layer Security (TLS) through the modification of the system registry. Use of RC4 in TLS could allow an attacker to perform man-in-the-middle attacks and recover plaintext from encrypted sessions.
Recommendation. Microsoft recommends that customers download and test the update before deploying it in their environments as soon as possible. Please see the Suggested Actions section of this advisory for more information.
Known Issues. Microsoft Knowledge Base Article 2978675* documents the currently known issues that customers may experience when installing this update. The article also documents recommended solutions for these issues..."
* https://support.micr....com/kb/2978675

Microsoft Security Advisory 2755801
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- https://technet.micr...ecurity/2755801
Published: September 21, 2012 | Updated: July 8, 2014 Version: 26.0 - "Microsoft is announcing the availability of an update for Adobe Flash Player in Internet Explorer on all supported editions of Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10 and Internet Explorer 11.
Current Update: Microsoft recommends that customers apply the current update immediately using update management software, or by checking for updates using the Microsoft Update service. Since the update is cumulative, only the current update will be offered. Customers do not need to install previous updates as a prerequisite for installing the current update..."
 

[AplusWebMaster]

FYI...

Microsoft Security Advisory 2982792
Improperly Issued Digital Certificates Could Allow Spoofing
- https://technet.micr...ty/2982792.aspx
July 10, 2014 - "Executive Summary: Microsoft is aware of improperly issued SSL certificates that could be used in attempts to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. The SSL certificates were improperly issued by the National Informatics Centre (NIC), which operates subordinate CAs under root CAs operated by the Government of India Controller of Certifying Authorities (CCA), which are CAs present in the Trusted Root Certification Authorities Store. This issue affects all supported releases of Microsoft Windows. Microsoft is not currently aware of attacks related to this issue. The subordinate CA has been misused to issue SSL certificates for multiple sites, including Google web properties. These SSL certificates could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against web properties. The subordinate CAs may also have been used to issue certificates for other, currently unknown sites, which could be subject to similar attacks...
Recommendation: An automatic updater of revoked certificates is included in supported editions of Windows 8, Windows 8.1, Windows RT, Windows RT 8.1, Windows Server 2012, and Windows Server 2012 R2, and for devices running Windows Phone 8 or Windows Phone 8.1. For these operating systems or devices, customers do not need to take any action because the CTL will be updated automatically.
For systems running Windows Vista, Windows 7, Windows Server 2008, or Windows Server 2008 R2 that are using the automatic updater of revoked certificates (see Microsoft Knowledge Base Article 2677070* for details), customers do not need to take any action because the CTL will be updated automatically.
For systems running Windows Vista, Windows 7, Windows Server 2008, or Windows Server 2008 R2, and that do -not- have the automatic updater of revoked certificates installed, this update is not available. To receive this update, customers must install the automatic updater of revoked certificates (see Microsoft Knowledge Base Article 2677070* for details). Customers in disconnected environments and who are running Windows Vista, Windows 7, Windows 8, Windows Server 2008, Windows Server 2008 R2, or Windows Server 2012 can install update 2813430** to receive this update (see Microsoft Knowledge Base Article 2813430** for details)..."
* https://support.micr....com/kb/2677070

** https://support.micr....com/kb/2813430

- https://technet.micr...ecurity/2982792
V2.0 (July 17, 2014): Advisory revised to announce the availability of update 2982792 for supported editions of Windows Server 2003. For more information, see the Suggested Actions section of this advisory.
___

- http://atlas.arbor.n...ndex#1956386183
High Severity
July 10, 2014
Four fake certificates have been identified posing as Google and Yahoo, putting Internet Explorer users at risk.
Analysis: The certificates were issued by the National Informatics Centre (NIC) in India, whose certificate issuance process was reportedly compromised. NIC is trusted by CCA India, who in turn is trusted by Microsoft. Other fake certificates were likely issued as well, though details on the full scope of the breach have not been released. While the identified certificates have been revoked by CCA, they could nonetheless affect Windows users: real-time revocation checks performed by security measures using certificate revocation list and online certificate status protocol do not sufficiently prevent attacks, as seen following certificate revocations after disclosure of the OpenSSL Heartbleed vulnerability earlier this year. Firefox, Thunderbird, and Chrome users on Windows are -not- at risk, as the applications' root stores are independent of Windows. Users running Mac OS X, Linux, and other platforms are also not at risk. Until Microsoft has addressed the issue, Windows users should use applications other than Internet Explorer to access domains using TLS. [ http://arstechnica.c...-windows-users/ ]

- http://www.securityt....com/id/1030548
Updated: Jul 17 2014
Impact: Modification of authentication information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2003 SP2, Vista SP2, 2008 SP2, 7 SP1, 2008 R2 SP1, 8, 8.1, 2012, 2012 R2; and prior service packs
Description: A vulnerability was reported in Microsoft Windows. A remote user may be able to spoof SSL certificates.
The operating system includes invalid subordinate certificates issued by National Informatics Centre (NIC), which operates subordinate certificate authorities (CAs) under root CAs operated by the Government of India Controller of Certifying Authorities (CCA)...
Impact: A remote user may be able to spoof SSL certificates.
Solution: The vendor has issued a fix, available via automatic update for Windows 8, Windows 8.1, Windows RT, Windows RT 8.1, Windows Server 2012, Windows Server 2012 R2, Windows Phone 8, and Windows Phone 8.1.
The vendor has issued a fix for Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2 systems that use the automatic updater of revoked certificates (see KB2677070)...
Vendor URL: https://technet.micr...ecurity/2982792
 

Edited by AplusWebMaster, 18 July 2014 - 09:08 PM.