Headline
CVE-2013-3900: Archived MSDN and TechNet Blogs
The WinVerifyTrust function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly validate PE file digests during Authenticode signature verification, which allows remote attackers to execute arbitrary code via a crafted PE file, aka “WinVerifyTrust Signature Validation Vulnerability.”
Skip to main content
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Archived MSDN and TechNet Blogs
- Article
- 5/29/2020
- 2 minutes to read
In this article
If you were looking for MSDN or TechNet blogs, please know that MSDN and TechNet blog sites have been retired, and blog content has been migrated and archived here.
How to use this site
Archived blogs are grouped alphabetically by the initial letter of the blog name. Select the initial letter from the TOC to see the full list of the blogs.
You can also type the name of the blog or the title of the blog post in the “search” box at the upper-right corner of this page to search for it.
If you have any questions or issues, please share your feedback here.
All Blogs****A****B****C****D****E****F****G****H****I****J****K****L****M****N****O****P****Q****R****S****T****U****V****W****X****Y****Z****0-9, Non-Alphabet Characters
Related news
It's the second Tuesday of the month, and Microsoft has released another set of security updates to fix a total of 97 flaws impacting its software, one of which has been actively exploited in ransomware attacks in the wild. Seven of the 97 bugs are rated Critical and 90 are rated Important in severity. Interestingly, 45 of the shortcomings are remote code execution flaws, followed by 20
The April 2023 Patch Tuesday security update also included a reissue of a fix for a 10-year-old bug that a threat actor recently exploited in the supply chain attack on 3CX.
The adversary behind the supply chain attack targeting 3CX deployed a second-stage implant specifically singling out a small number of cryptocurrency companies. Russian cybersecurity firm Kaspersky, which has been internally tracking the versatile backdoor under the name Gopuram since 2020, said it observed an increase in the number of infections in March 2023 coinciding with the 3CX breach.
"Gopuram" is a backdoor that North Korea's Lazarus Group has used in some campaigns dating back to 2020, some researchers say.