Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: Microsoft Advance Notification for February 2014 SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Microsoft Advance Notification for February 2014

Today Microsoft published the advance notification for this months security bulletins. The bulletins will be published on February 11th (coming Tuesday) [1]. Again, we will have a pretty light patch day, with only 5 bulletins, and only 2 of these bulletins are considered critical.

Noteworthy: No Internet Explorer patches and no Office Patches. We will only see Windows Patches, a patch for .Net and a "Security Software" patch.  

Not part of the patch Tuesday, but still happening on the same day: Microsoft will no longer allow MD5 hashes for certificates. This may be difficult for some applications that haven't been changed over yet, even though Microsoft gave ample warning, and MD5 hashes have been shown to be badly broken for certificate signatures for a few years now. Just earlier today I ran into a brand new Axis, pretty expensive,  network camera that only allows the use of MD5 hashed certificate signatures.



Johannes B. Ullrich, Ph.D.
SANS Technology Institute

I will be teaching next: Intrusion Detection In-Depth - SANS London October 2021


4250 Posts
ISC Handler
Feb 7th 2014
Might want to update this. Microsoft revealed a bit more this morning, and Internet Explorer is on the list in Bulletin 1.

Sign Up for Free or Log In to start participating in the conversation!