🐛 COMMON VULNERABILITIES AND EXPOSURES 1[−]
12 NovTechnical details of the targeted attack using IE vulnerability CVE-2013-3918Over the weekend we became aware of an active attack relying on an unknown remote code execution vulnerability of a legacy ActiveX component used by Internet Explorer. We are releasing this blog to confirm one more time that the code execution vulnerability will be fixed in today…MSRC.MICROSOFT.COM
⚠️ VULNERABILITY DISCLOSURE 1[−]
12 NovAssessing risk for the November 2013 security updatesToday we released eight security bulletins addressing 19 CVE’s. Three bulletins have a maximum severity rating of Critical while the other five have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriate…MSRC.MICROSOFT.COM
📋 SECURITY BULLETINS 1[−]
12 NovAuthenticity and the November 2013 Security UpdatesIf you haven’t had a chance to see the movie Gravity, I highly recommend you take the time to check it out. The plot moves a bit slowly at times, but director Alfonso Cuaron’s work portrayal of zero gravity is worth the ticket price alone. Add in stellar acting and yo…MSRC.MICROSOFT.COM
📢 SECURITY ADVISORIES 2[−]
12 NovSecurity Advisory 2868725: Recommendation to disable RC4In light of recent research into practical attacks on biases in the RC4 stream cipher, Microsoft is recommending that customers enable TLS1.2 in their services and take steps to retire and deprecate RC4 as used in their TLS implementations. Microsoft recommends TLS1.2 with AES-GC…MSRC.MICROSOFT.COM
12 NovSecurity Advisory 2880823: Recommendation to discontinue use of SHA-1Microsoft is recommending that customers and CA’s stop using SHA-1 for cryptographic applications, including use in SSL/TLS and code signing. Microsoft Security Advisory 2880823 has been released along with the policy announcement that Microsoft will stop recognizing the validity…MSRC.MICROSOFT.COM
📡 INFOSEC NEWS 1[−]
12 NovIntroducing Enhanced Mitigation Experience Toolkit (EMET) 4.1In June 2013, we released EMET 4.0 and customer response has been fantastic. Many customers across the world now include EMET as part of their defense-in-depth strategy and appreciate how EMET helps businesses prevent attackers from gaining access to computers systems. Today, we’…MSRC.MICROSOFT.COM