Tuesday, February 09, 2010
MSRC Bulletin Release Blog Post Hi everyone, As mentioned in our ANS blog post last week, today we are releasing 13 bulletins addressing 26 vulnerabilities. 11 bulletins affect Windows and 2 affect older versions of Microsoft Office. In the post on Thursday, we mentioned that bulletins in the ANS listed as 1, 2, 3, and 6 were going to top our deployment priority list this month.
Tuesday, December 08, 2009
This morning we released six security bulletins, three Critical and three Important, addressing 12 CVE’s. Please apply the Internet Explorer update right away as it poses the most risk of all the bulletins due to severity and exploitability. The Internet Explorer update addresses the vulnerability described by Security Advisory 977981. We hope that the table and commentary below will help you prioritize the deployment of the other updates appropriately.
Tuesday, November 10, 2009
Summary of Microsoft’s Security Bulletin Release for November 2009 Today, we released six security bulletins addressing a total of 15 vulnerabilities. Four affect Windows and Windows Server and two affect Microsoft Office products (Excel and Word). As we do every month, we have prepared our Risk & Impact and our Deployment Priority guidance to help customers assess risk to their environments and prioritize the deployment of this month’s updates.
Monday, October 19, 2009
This year at BlackHat USA in Las Vegas, we presented on the topic of attacking Short Message Service (SMS). Our presentation focused on the different ways in which SMS can be used to compromise mobile security. We’re excited to give an updated version of our talk at the upcoming BlueHat v9 conference later this month, and thought the BlueHat blog readers who will not be able to attend might enjoy an overview of some key material from the presentation.
Tuesday, October 13, 2009
Summary of Microsoft’s Security Bulletin Release for October 2009 This month, we released 13 new bulletins which address 33 vulnerabilities in Windows, Internet Explorer and Microsoft Office. Since we published this information in our advance notification (ANS) last Thursday, we have been asked “is this the most bulletins Microsoft has ever released”?
Monday, October 12, 2009
This morning we released 13 security bulletins, our largest release of 2009. Altogether, these bulletins address 34 separate CVEs. We’d like to use this blog post to help you prioritize your deployment of the updates. Prioritization Criteria We’ve provided a prioritized list of bulletins in the table below. The prioritization is based on the following criteria:
Monday, October 12, 2009
MS09-054 addresses an IE vulnerability (CVE-2009-2529), which was discovered and presented by Mark Dowd, Ryan Smith, and David Dewey at the BlackHat conference in July. First we’d like to make it clear that any customers that have applied the update associated with MS09-054 are protected, regardless of the attack vector. And most customers need not take any action as they’ll receive this update automatically through Automatic Updates.
Monday, October 12, 2009
MS09-061 fixes vulnerabilities in the .NET Framework which could allow malicious .NET applications execute arbitrary native code, resulting in remote code execution. This post is intended to help clarify the attack vectors for these vulnerabilities, and to cover recommended workarounds. **Important note: **These vulnerabilities in the .NET framework do not affect applications built on the .
Friday, September 11, 2009
In the September 2009 security bulletin webcast, it was clear that customers had a lot of concerns about MS09-048 as almost half the questions we answered were on that topic. The questions and answers from the session are now posted here on the blog. As we mentioned in the webcast, The MS09-048 bulletin has been updated to call out Windows XP in the affected products list with a severity rating of low for the two Denial-of-Service vulnerabilities (the third, Remote Code Execution vulnerability, does not affect XP).
Tuesday, September 08, 2009
This morning we released five security bulletins, all of them having a bulletin maximum severity rating of Critical and two having a bulletin maximum exploitability index rating of “1” (Consistent exploit code likely). We wanted to just say a few words about each bulletin to help you prioritize your deployment this month.
