Microsoft – Security Advisories

Revision Note: V1.0 (May 8, 2012): Advisory published.
Summary: Microsoft is releasing a new set of ActiveX kill bits with this advisory.

Revision Note: V1.0 (March 13, 2012): Advisory published.
Summary: Microsoft is releasing a new set of ActiveX kill bits with this advisory.

Revision Note: V15.0 (March 13, 2012): Added the following Microsoft Security Bulletin to the Updates relating to Insecure Library Loading section: MS12-022, "Vulnerability in Expression Design Could Allow Remote Code Execution."
Summary: Microsoft is aware that research has been published detailing a remote attack vector for a class of vulnerabilities that affects how applications load external libraries.

Revision Note: V3.0 (January 19, 2012): Revised to announce the release of an update for Windows Mobile 6.x, Windows Phone 7, and Windows Phone 7.5 devices.
Summary: Microsoft is aware that DigiCert Sdn. Bhd, a Malaysian subordinate certification authority (CA) under Entrust and GTE CyberTrust, has issued 22 certificates with weak 512 bit keys. These weak encryption keys, when broken, could allow an attacker to use the certificates fraudulently to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against all Web browser users including users of Internet Explorer. While this is not a vulnerability in a Microsoft product, this issue affects all supported releases of Microsoft Windows.

Revision Note: V2.0 (January 10, 2012): Advisory updated to reflect publication of security bulletin.
Summary: Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS12-006 to address this issue. For more information about this issue, including download links for an available security update, please review MS12-006. The vulnerability addressed is the SSL/TLS Information Disclosure Vulnerability - CVE-2011-3389.