Threat Level: green Handler on Duty: Renato Marinho

SANS ISC: InfoSec Handlers Diary Blog - Microsoft Advance Notification for February 2014 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Microsoft Advance Notification for February 2014

Published: 2014-02-07
Last Updated: 2014-02-07 01:51:56 UTC
by Johannes Ullrich (Version: 1)
1 comment(s)

Today Microsoft published the advance notification for this months security bulletins. The bulletins will be published on February 11th (coming Tuesday) [1]. Again, we will have a pretty light patch day, with only 5 bulletins, and only 2 of these bulletins are considered critical.

Noteworthy: No Internet Explorer patches and no Office Patches. We will only see Windows Patches, a patch for .Net and a "Security Software" patch.  

Not part of the patch Tuesday, but still happening on the same day: Microsoft will no longer allow MD5 hashes for certificates. This may be difficult for some applications that haven't been changed over yet, even though Microsoft gave ample warning, and MD5 hashes have been shown to be badly broken for certificate signatures for a few years now. Just earlier today I ran into a brand new Axis, pretty expensive,  network camera that only allows the use of MD5 hashed certificate signatures.

 

[1] http://technet.microsoft.com/en-us/security/bulletin/ms14-feb

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

1 comment(s)
Diary Archives