Tuesday, February 26, 2013
Today we revised Security Advisory 2755801 to address issues in Adobe Flash Player in Internet Explorer 10 on Windows 8. This advisory revision was released in conjunction with Adobe’s update process. Customers who have automatic updates enabled will not need to take any action because protections will be downloaded and installed automatically.
Friday, February 22, 2013
As reported by Facebook and Apple, Microsoft can confirm that we also recently experienced a similar security intrusion. Consistent with our security response practices, we chose not to make a statement during the initial information gathering process. During our investigation, we found a small number of computers, including some in our Mac business unit, that were infected by malicious software using techniques similar to those documented by other organizations.
Thursday, February 14, 2013
Today we’re publishing the February 2013 Security Bulletin Webcast Questions & Answers page. We fielded 15 questions on various topics during the webcast, with specific bulletin questions focusing primarily on Microsoft Internet Explorer (MS13-009), VML (MS13-010) and the update for Microsoft Exchange in MS13-012. There were several questions during the webcast that we were unable to answer on air, and we have also answered those on the Q&A page.
Tuesday, February 12, 2013
Today we released twelve security bulletins addressing 57 CVE’s. Five of the bulletins have a maximum severity rating of Critical, and seven have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack vector Max Bulletin Severity Max Exploit-ability rating Likely first 30 days impact Platform mitigations and key notes MS13-010(VML) Victim browses to a malicious webpage.
Tuesday, February 12, 2013
Before we discuss this month’s release, I wanted to briefly touch on the big event happening this week. No, I’m not talking about the romantically-themed holiday on Thursday. I’m talking about the start of spring training and the return of baseball. There are a few things I am very passionate about and those who know me, know how much I love baseball.
Tuesday, February 12, 2013
We are pleased to announce that as of today customers with access to Microsoft Services Premier and Professional Support can receive EMET related technical assistance. This is an important step for us to better support professional and enterprise customers and answer questions related to EMET deployment, configuration, and troubleshooting. The support will be fee based.
Tuesday, February 12, 2013
MS13-018 addresses a potential denial-of-service condition in the Windows TCP/IP stack. This vulnerability could be leveraged by an attacker in certain circumstances to exhaust a server’s non paged pool, preventing it from making new TCP connections. The vulnerability is as follows: A Windows victim machine has a TCP/IP connection in an ESTABLISHED state to a remote attacker machine, and the Windows victim machine (not the attacker machine) sends a FIN packet to the remote attacker machine to initiate the connection teardown sequence, as outlined in RFC 793.
Monday, February 11, 2013
We are pleased to announce the release of a stable version of the open source web application firewall module ModSecurity IIS 2.7.2. Since the announcement of availability of the beta version in July 2012, we have been working very hard to bring the quality of the module to meet the enterprise class product requirements.
Thursday, February 07, 2013
We’re kicking off the February 2013 Security Bulletin Release with Advance Notification of 12 bulletins for release Tuesday, February 12. This release brings five Critical and seven Important-class bulletins, which address 57 unique vulnerabilities. The Critical-rated bulletins address issues in Microsoft Windows, Internet Explorer and Exchange Software. The Important-rated bulletins address issues in Microsoft Windows, Office, .
Thursday, February 07, 2013
Today we revised Security Advisory 2755801 to address issues in Adobe Flash Player in Internet Explorer 10 on Windows 8, this revision was released in conjunction with Adobe’s update process. Customers who have automatic updates enabled will not need to take any action because protections will be downloaded and installed automatically.
