MSRC Blog | Microsoft Security Response Center

Assessing risk for the April 2013 security updates

Tuesday, April 09, 2013

Today we released nine security bulletins addressing 13 CVE’s. Two of the bulletins have a maximum severity rating of Critical, and seven have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack vector Max Bulletin Severity Max Exploit-ability Index Likely first 30 days impact Platform mitigations and key notes MS13-028(Internet Explorer) Victim browses to a malicious webpage.

Nine to tide you over: Video highlights from BlueHat v12

Tuesday, April 09, 2013

It has been nearly four months since we gathered in Redmond for BlueHat v12, and we’ve almost caught up on our sleep. As we prepare for what promises to be a momentous year for the BlueHat program – culminating in December with BlueHat v13 – we’ve selected nine of the most compelling, talked-about, or just plain chewy talks from last year’s festivities to share with you.

Out with the old, in with the April 2013 security updates

Tuesday, April 09, 2013

Windows XP was originally released on August 24, 2001. Since that time, high-speed Internet connections and wireless networking have gone from being a rarity to the norm, and Internet usage has grown from 360 million to almost two-and-a-half billion users. Thanks to programs like Skype, we now make video calls with regularity, and social media has grown from a curiosity to a part of our everyday lives.

Advance Notification Service for the April 2013 Security Bulletin Release

Thursday, April 04, 2013

In celebration of spring’s onset, today we’re providing advance notification for the April 2013 release of nine bulletins; two Critical and seven Important. The Critical bulletins address vulnerabilities in Microsoft Windows and Internet Explorer, and the seven Important-rated bulletins will address issues in Microsoft Windows, Office, Antimalware Software, and Server Software.

March 2013 Security Bulletin Webcast, Q&A, and Slide Deck

Friday, March 15, 2013

Today we’re publishing the March 2013 Security Bulletin Webcast Questions & Answers page. We fielded 13 questions on various topics during the webcast, with specific bulletin questions focusing primarily on Internet Explorer (MS13-021), SharePoint (MS13-024) and the update for Kernel-Mode Drivers in MS13-027. There were six additional questions during the webcast that we were unable to answer on air, and we have also answered those on the Q&A page.

Assessing risk for the March 2013 security updates

Tuesday, March 12, 2013

Today we released seven security bulletins addressing 20 CVE’s. Four of the bulletins have a maximum severity rating of Critical, and three have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack vector Max Bulletin Severity Max Exploit-ability Index Likely first 30 days impact Platform mitigations and key notes MS13-021(Internet Explorer) Victim browses to a malicious webpage.

Evolving Response and the March 2013 Bulletin Release

Tuesday, March 12, 2013

As my career in security response has grown over the years, I am often reminded of the words of Italian author Giuseppe Tomasi Di Lampedusa, who stated, “If we want everything to remain as it is, it will be necessary for everything to change.” There are some things that we wish to stay the same.

MS13-027: Addressing an issue in the USB driver requiring physical access

Tuesday, March 12, 2013

Today we are addressing a vulnerability in the way that the Windows USB drivers handle USB descriptors when enumerating devices. (KB 2807986). This update represents an expansion of our risk assessment methodology to recognize vulnerabilities that may require physical access, but do not require a valid logon session. Windows typically discovers USB devices when they are inserted or when they change power sources (if they switch from plugged-in power to being powered off of the USB connection itself).

Windows Store App Security Updates

Tuesday, March 12, 2013

We are committed to adapting our policies as the world evolves and with the new Windows Store, we evaluated how to best release security updates for Windows Store apps. Our goal is to have a quick, transparent and painless security update process. With this in mind, we will deliver high quality security updates for Windows Store apps as they become available.

Advance Notification Service for March 2013 Security Bulletin Release

Thursday, March 07, 2013

Today we’re providing advance notification for the release of seven bulletins, four Critical and three Important, for March 2013. The Critical bulletins address vulnerabilities in Microsoft Silverlight, Internet Explorer, Office and Microsoft Server Software. The three Important-rated bulletins will address issues in Microsoft Windows and Office. As usual, we’ve scheduled the bulletin release for the second Tuesday of the month, March 12, 2013, at approximately 10:00 a.

Microsoft Security Response Center Blog