July 2013 Microsoft Patch Tuesday Security Updates

A critical Windows kernel vulnerability, publicly disclosed in May by a Google security engineer, will be patched tomorrow when Microsoft releases its July Patch Tuesday security updates. Tavis Ormandy, who has controversially disclosed Windows vulnerability details in the past, made a posting to...

Microsoft to patch Six critical Remote Code Execution vulnerabilities this Tuesday

Microsoft has announced Patch Tuesday for this July Month, with seven bulletins. Out of that, one is important kernel privilege escalation flaw and six critical Remote Code Execution vulnerabilities. Patch will address vulnerabilities in Microsoft Windows, .Net Framework, Silverlight and will app...

Advance Notification Service for July 2013 Security Bulletin Release

Today we’re providing advance notification for the release of seven bulletins, six Critical and one Important, for July 2013. The Critical bulletins address vulnerabilities in Microsoft Windows, .NET Framework, Silverlight, Internet Explorer and GDI+. Also scheduled for inclusion among these...

Microsoft .NET Framework 身份验证绕过漏洞(CVE-2013-1337)(MS13-040)

BUGTRAQ ID: 59790 CVECAN ID: CVE-2013-1337 .NET就是微软的用来实现XML，Web Services，SOA（面向服务的体系结构service-oriented architecture）和敏捷性的技术。.NET Framework是微软开发的软件框架，主要运行在Microsoft Windows上。 当设置自定义 WCF 终结点身份验证时，Microsoft .NET Framework...

CVE-2013-1336

The Common Language Runtime CLR in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check signatures, which allows remote attackers to make undetected changes to signed XML documents via unspecified vectors that preserve signature validity, aka "XML Digital Signature...

CVE-2013-1337

Microsoft .NET Framework 4.5 does not properly create policy requirements for custom Windows Communication Foundation WCF endpoint authentication in certain situations involving passwords over HTTPS, which allows remote attackers to bypass authentication by sending queries to an endpoint, aka...

Authentication flaw

Microsoft .NET Framework 4.5 does not properly create policy requirements for custom Windows Communication Foundation WCF endpoint authentication in certain situations involving passwords over HTTPS, which allows remote attackers to bypass authentication by sending queries to an endpoint, aka...

CVE-2013-1337

Microsoft .NET Framework 4.5 does not properly create policy requirements for custom Windows Communication Foundation WCF endpoint authentication in certain situations involving passwords over HTTPS, which allows remote attackers to bypass authentication by sending queries to an endpoint, aka...

CVE-2013-1336

The Common Language Runtime CLR in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check signatures, which allows remote attackers to make undetected changes to signed XML documents via unspecified vectors that preserve signature validity, aka "XML Digital Signature...

CVE-2013-1337

The CVE-2013-1337 issue affects Microsoft .NET Framework (notably 4.x, including 4.5) where custom WCF endpoint authentication policy is not created correctly in scenarios involving HTTPS passwords. This results in an authentication bypass vulnerability that could let an attacker access endpoint ...

CVE-2013-1336

CVE-2013-1336 affects Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5. The vulnerability arises because the CLR does not properly validate signatures, enabling an attacker to modify signed XML files without breaking the signature (XML Digital Signature Spoofing). This is tied to the MS13...

Microsoft .NET Framework Authentication Bypass and Spoofing Vulnerabilities (2836440)

This host is missing an important security update according to Microsoft Bulletin MS13-040. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Microsoft .NET Framework Authentication Bypass and Spoofing Vulnerabilities (2836440)

This host is missing an important security update according to Microsoft Bulletin MS13-040. OpenVAS Vulnerability Test $Id: secpodms13-040.nasl 5365 2017-02-20 13:46:09Z cfi $ Microsoft .NET Framework Authentication Bypass and Spoofing Vulnerabilities 2836440 Authors: Thanga Prakash S Copyright:...

MS13-040: Vulnerabilities in .NET Framework Could Allow Spoofing (2836440)

The remote Windows host is running a version of the Microsoft .NET Framework that is affected by multiple vulnerabilities : - A spoofing vulnerability exists that could allow an attacker to modify the contents of an XML file without invalidating the signature associated with the file. CVE-2013-13...

Security Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2804584)

A security issue has been identified that could allow an attacker to misrepresent a system action or behavior without the knowledge of the user. You can help protect your system by installing this update from Microsoft. After you install this update, you may have to restart your system...

MS13-040: Vulnerabilities in the .NET Framework could allow spoofing: May 14, 2013

Resolves a vulnerability in the Microsoft .NET Framework that could allow identity spoofing on a client system.View products that this article applies to.IntroductionResolves a vulnerability in the Microsoft .NET Framework that could allow identity spoofing on a client system.SummaryMicrosoft has...

Microsoft .NET Framework CVE-2013-1337 Authentication Bypass Vulnerability

Description Microsoft .NET Framework is prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and gain unauthorized access to the application. This allows attackers to obtain sensitive information and perform unauthorized actio...

Microsoft .NET Framework XML Digital Signature CVE-2013-1336 Security Bypass Vulnerability

Description Microsoft .NET Framework is prone to a security-bypass vulnerability because it fails to properly validate the signature of a specially crafted XML file. Attackers can exploit this issue to bypass XML digital signature validation and spoof XML content by conducting man-in-the-middle...

Microsoft IIS 6. 0 and 7. 5 multiple vulnerabilities and the use of method-vulnerability warning-the black bar safety net

Microsoft IIS 6.0 install PHP to bypass authentication vulnerability Microsoft IIS with PHP 6.0, which is on PHP5 in Windows Server 2 0 0 3 SP1 test detail: An attacker can send a special request is sent to the IIS 6.0 Service, successfully bypass access restrictions The attacker can access the...

Microsoft .NET Framework WinForms Buffer Overflow (CVE-2013-0002)

A buffer overflow vulnerability exists in Microsoft .NET Framework Windows Form. The vulnerability is due to a race condition when handling the size of an array of objects prior to copying them into a global memory buffer.An attacker can remotely exploit this vulnerability by enticing a user to...