Skip to main content
MSRC

Month Archives: September 2011

Is SSL broken? – More about Security Bulletin MS12-006 (previously known as Security Advisory 2588513)

Monday, September 26, 2011

On January 10th, Microsoft released MS12-006 in response to a new vulnerability discovered in September in SSL 3.0 and TLS 1.0. Here we would like to give further information about the technique used to exploit this vulnerability and workaround options Microsoft has released if you discover a compatibility issue after installing the update.

Microsoft releases Security Advisory 2588513

Monday, September 26, 2011

Hello. Today we released Security Advisory 2588513, addressing an information-disclosure issue in SSL (Secure Sockets Layer) 3.0 and TLS (Transport Layer Security) 1.0 to provide guidance for customers. This is an industry-wide issue with limited impact that affects the Internet ecosystem as a whole rather than any specific platform. Our Advisory addresses the issue via the Windows operating system.

Cumulative non-security update protects from fraudulent certificates

Monday, September 19, 2011

Today, Microsoft re-released KB2616676 non-security update for customers using Microsoft Windows XP and Windows Server 2003, which addresses an issue described in the “known issues” section of KB2616676. Customers who have enabled automatic updates are already protected and no further action is required, and others are recommended to download the cumulative version of the KB2616676 to protect themselves from the fraudulent certificates listed in Security Advisory 2607712.

Q&A from the September 2011 Security Bulletin Webcast

Friday, September 16, 2011

Hello, Today we published the September Security Bulletin Webcast Questions & Answers page. We fielded 15 questions primarily regarding the Diginotar Certificate compromise and the associated Security Advisory. There was one question that we were unable to answer during the webcast due to time constraints, and we have included all questions and answers on the Q&A page.

More on DigiNotar Certificates, and September Bulletins

Tuesday, September 13, 2011

In an effort to protect customers, last week we released Security Advisory 2607712 along with a non-security update to add fraudulent DigiNotar certificates to the Windows Untrusted Certificate Store. Today, we are releasing another update (2616676), adding six additional DigiNotar root certificates that are cross-signed by Entrust and GTE, to the Untrusted Certificate Store.