dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
693
share rss forum feed


dp
Premium,MVM
join:2000-12-08
Greensburg, PA
kudos:7

3 recommendations

Microsoft Security Advisory Notification - Jan 3, 2013

Security Advisories Updated or Released Today

* Microsoft Security Advisory (2798897)
- Title: Fraudulent Digital Certificates Could Allow Spoofing
- »technet.microsoft.com/security/a···/2798897
- Revision Note: V1.0 (January 3, 2013): Advisory published.
--
Microsoft® Security MVP, 2004 - 2013
DP's Security Bits


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:3

1 recommendation

Also see

»Microsoft untrusted certificate store update (Dec 31st)
--
Don't feed trolls--it only makes them grow!

redwolfe_98
Premium
join:2001-06-11
kudos:1
reply to dp
thanks DP..


FFH5
Premium
join:2002-03-03
Tavistock NJ
kudos:5
reply to dp
Here is a news story on the update:
»news.idg.no/cw/art.cfm?id=17AA53···E852FDBF

Microsoft will release seven security updates next week -- including one rated critical for Windows 8 and Windows RT -- to patch 12 vulnerabilities in Windows, Office, SharePoint Server and the company's website design software.

Missing from Thursday's advance notification was any news about the Internet Explorer (IE) zero-day vulnerability that hackers have been exploiting since at least Dec. 7.

Microsoft today declined to comment when asked about the timetable for the IE fix.

Security firms that have gone into their logs have found evidence that the IE exploits started Dec. 7, but at least two websites -- the foreign policy think-tank Council on Foreign Relations, and Capstone Turbine, a U.S. micro-turbine manufacturer -- have been compromised by hackers, who then planted malware on their servers. People running IE6, IE7 or IE8 who surfed to those websites were then attacked by the malware, had their computers hijacked and, in some cases, data stolen.

According to Microsoft, Bulletin 2 -- one of the two pegged critical -- applies to all supported versions of Windows, from the 11-year-old XP to 2012's Windows 8 and Windows RT, from Server 2008 to Server 2012. It will also affect Office 2003 through Office 2007 on Windows; Expression Web, part of the Expression Studio web development suite; and SharePoint Server 2007, Groove Server 2007 and System Center Operations Manager 2007.

"Bulletin 5 may end up being the most significant, as it targets Vista SP 2, Server 2008 and Windows 7," said Alex Horan, senior product manager with CORE Security, in an email. "This has the potential for the most long-term issue, as it represents an extremely large base of potential targets if it is not rectified properly."

Microsoft rated Bulletin 5 as important. As Horan noted, it will not apply to Windows XP, but will to Windows 8 and Windows RT, both released two months ago. According to Web metrics company Net Applications, Vista, Windows 7 and Windows 8 collectively power about 57% of all Windows PCs.


--
A democracy cannot exist as a permanent form of government. It can only exist until the voters discover that they can vote themselves money from the public treasury.


siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
reply to dp
Thanks, dp See Profile


siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17

1 recommendation

reply to dp
Google issued the intermediary CA's