Revision Note: V1.1 (May 10, 2017): Advisory revised to include a table of issue CVEs and their descriptions. This is an informational change only.Summary: Microsoft is releasing this security advisory to provide information about vulnerabilities in th...

Share

Revision Note: V2.0 (March 14, 2017): Advisory rereleased to announce that the changes described in this advisory have been reverted as of November 2016. This is an informational change only.Summary: Microsoft is announcing a policy change to the Micro...

Share

Revision Note: V1.0 (January 27, 2017): Advisory published.Summary: Microsoft is releasing this security advisory to provide information about a vulnerability in the public versions of ASP.NET Core MVC 1.1.0. This advisory also provides guidance on wha...

Share

Revision Note: V1.0 (January 10, 2017): Advisory published.Summary: Microsoft is releasing this security advisory to provide information about a vulnerability in the public version of Identity Model Extensions 5.1.0. This advisory also provides guidanc...

Share

Revision Note: V1.0 (September 13, 2016): Advisory published.Summary: Microsoft is releasing this security advisory to provide information about a vulnerability in the public versions of ASP.NET Core MVC 1.0.0. This advisory also provides guidance on w...

Share

Revision Note: V1.0 (September 13, 2016): Advisory published.Summary:

Share

Revision Note: V1.0 (August 9, 2016): Click here to enter text.Summary: Microsoft is blacklisting some publically released versions of securekernel.exe. This advisory includes a list of hashes for specific operating systems that are on the blacklist

Share

Revision Note: V2.0 (May 18, 2016): Advisory updated to provide links to the current information regarding the use of the SHA1 hashing algorithm for the purposes of SSL and code signing. For more information, see Windows Enforcement of Authenticode Cod...

Share

Revision Note: V1.0 (May 10, 2016): Advisory published.
Summary: FalseStart allows the TLS client to send application data before receiving and verifying the server Finished message. This allows an attacker to launch a man-in-the-middle (MiTM) attack to force the TLS client to encrypt the first flight of application_data records using the attacker’s chosen cipher suite from the client’s list. To avoid downgrade attacks, TLS clients only allow FalseStart when their strongest cipher suites are negotiated.

Share

Revision Note: V1.1 (April 22, 2016): Added FAQs and additional information to clarify that only standalone mouse devices are affected. This is an informational change only.Summary: Microsoft is announcing the availability of an update to improve input...

Share