Microsoft has given Windows admins the option to remove the SSL 3.0 fallback from Internet Explorer. By disabling SSL 3.0, IE is no longer vulnerable to POODLE attacks.
Browsing Tag: Microsoft
Microsoft’s December 2014 advanced Patch Tuesday notification includes three critical bulletins and a missing Exchange patch originally scheduled for November.
Microsoft on Tuesday released a rare out-of-band patch for a critical vulnerability in several versions of Windows and Windows Server, including Windows 8 and 8.1.
Some users who have installed the MS14-066 patch that fixes a vulnerability in the Schannel technology in Windows are having issues with the fix causing TLS negotiations to fail in some circumstances.
Mike Mimoso and Dennis Fisher talk about the Windows Schannel vulnerability and whether it’s ripe for mass exploitation, as well as the WireLurker attack and why Apple hasn’t addressed it.
Microsoft is considering adding public-key pinning–an important defense against man-in-the-middle attacks–to Internet Explorer. The feature is designed to help protect users against the types of MITM attacks that rely on forged certificates, which comprise a large portion of those attacks. Attackers use forged or stolen certificates to trick victims’ browsers into trusting a malicious site[…]
The critical vulnerability in the Schannel technology in Windows that Microsoft patched Tuesday is ripe for exploitation, experts say, and continues the long line of severe vulnerabilities in major SSL/TLS implementations in recent months.
Microsoft patched a zero-day vulnerability in OLE being used in targeted attacks as part of its November 2014 Patch Tuesday security bulletins, one of four critical updates released today.
Microsoft is expected to release 16 bulletins next week, including five rated critical, as part of its November 2014 Patch Tuesday updates.
Microsoft is planning to disable support for the weak SSLv3 protocol in Internet Explorer at some undetermined point in the future.