Microsoft Security Response Center Blog

Assessing risk for the July 2013 security updates

Tuesday, July 09, 2013

Today we released seven security bulletins addressing 34 CVE’s. Six bulletins have a maximum severity rating of Critical, and one has a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack vector Max Bulletin Severity Max Exploit-ability rating Likely first 30 days impact Platform mitigations and key notes MS13-055(Internet Explorer) Victim browses to a malicious webpage.

• Attack Vector
• Risk Asessment

Advance Notification Service for July 2013 Security Bulletin Release

Thursday, July 04, 2013

Today we’re providing advance notification for the release of seven bulletins, six Critical and one Important, for July 2013. The Critical bulletins address vulnerabilities in Microsoft Windows, .NET Framework, Silverlight, Internet Explorer and GDI+. Also scheduled for inclusion among these Critical bulletins is an update to address CVE-2013-3660, which is a publicly known issue in the Kernel-Mode Drivers component of Windows.

• ANS
• Bulletins
• Monthly bulletin release
• Update Tuesday

New Bounty Programs – One Week In

Wednesday, July 03, 2013

Two weeks ago, Microsoft made an important evolutionary step in our work with the security community when we announced our first-ever bounty programs for security issues. One week ago, the Windows 8.1 Preview and Internet Explorer 11 Preview became available for download, and the doors officially opened for bounty-eligible submissions to secure [at] Microsoft [dot] com.

• Black Hat
• BlueHat Prize
• Bounty
• Bountyprograms
• CVD
• Internet Explorer (IE)
• Microsoft Windows
• Security Ecosystem
• Security Research

Doors Open for New Bounty Programs

Thursday, June 27, 2013

As we announced last week, Microsoft is now offering $100,000 bounties for new exploitation techniques that can bypass our latest platform-wide defenses and up to $50,000 bonus bounties for defense ideas. We’re also offering (from now until July 26) bounties of up to $11,000 for critical security issues in Internet Explorer 11 Preview.

• BlueHat Prize
• Bounty
• Bountyprograms
• Internet Explorer (IE)
• Microsoft Windows
• Security Ecosystem
• Zero-Day Exploit

Announcing the Microsoft Bounty Programs

Wednesday, June 19, 2013

Over the years, we’ve put a lot of work into helping secure the computing ecosystem and limiting the number of issues in our products. The security researcher community is critical to these efforts, as they help us find vulnerabilities in our software that we may have missed. Now we’re taking it even further.

• Announcements
• Bounty Programs

Heart of Blue Gold – Announcing New Bounty Programs

Wednesday, June 19, 2013

Our Philosophy At the heart of our community outreach programs, we’ve always had the same philosophy: help increase the win-win between Microsoft’s customers and the security research community. We have evolved and deepened our relationships with this community since the earliest days of Microsoft’s outreach. In the early 2000’s, Microsoft had to go through what I call “the five stages of vulnerability response grief.

• BlueHat Prize
• Bounty
• Bountyprograms
• Mitigations
• Security Ecosystem

New Bounty Program Details

Wednesday, June 19, 2013

Today we announced the upcoming Mitigation Bypass Bounty, the BlueHat Bonus for Defense, and the Internet Explorer 11 Preview Bug Bounty program. It’s very exciting to finally take the wraps off of these initiatives and we are anticipating some great submissions from the security research community! These programs will allow us to reward great work by researchers and improve the security of our software – all to the benefit of our customers.

• Exploitation
• IE
• Mitigations

EMET 4.0 now available for download

Monday, June 17, 2013

We are pleased to announce that the final release of version 4.0 of the Enhanced Mitigation Experience Toolkit , best known as EMET, is now finally available for download. You can download it from http://www.microsoft.com/en-us/download/details.aspx?id=39273. We already mentioned some of the new features introduced in EMET 4: Certificate Trust , mitigations improvement hardening , and the Early Warning Program.

• EMET

Microsoft is sponsoring the Cyber Security Challenge UK

Monday, June 17, 2013

The global adoption of computing continues to draw attackers toward ever-richer targets. The latest data from the Microsoft Security Intelligence Report shows that although industry-wide vulnerability disclosures are down (and computer defenses are improved), exploit activity has actually increased in many parts of the world. See the Microsoft Security Intelligent Report (SIR) v14 for more details.

June 2013 Security Bulletin Webcast, Q&A, and Slide Deck

Friday, June 14, 2013

Today we’re publishing the June 2013 Security Bulletin Webcast Questions & Answers page. We fielded three questions during the webcast, with specific questions focusing primarily on Windows Print Spooler (MS13-050), Microsoft Office (MS13-051), and the security advisory addressing digital certificates (SA2854544). There was one question we were unable to field on the air which we answered on the Q&A page.

• Advisory
• Bulletins
• Customer Questions
• Internet Explorer (IE)
• Malicious Software Removal Tool (MSRT)
• Microsoft Office
• Microsoft Windows
• Monthly bulletin release
• Q&A
• Security
• Security Advisory
• Security Bulletin
• Security bulletin release
• Security Bulletin Webcast
• Security Bulletins
• Webcast
• Webcast Q&A