Killbit

MBSA 2.3 and the November 2013 Security Bulletin Webcast, Q&A, and Slide Deck

Today we’re publishing the November 2013 Security Bulletin Webcast Questions & Answers page.  The majority of questions focused on the ActiveX Kill Bits bulletin (MS13-090) and the advisories. We also answered a few general questions that were not specific to any of this month’s updates, but that may be of interest. We’ve discussed the Microsoft …

MBSA 2.3 and the November 2013 Security Bulletin Webcast, Q&A, and Slide Deck Read More »

May 2013 Security Bulletin Webcast, Q&A, and Slide Deck

For those who couldn’t attend the live webcast, today we’re publishing the May 2013 Security Bulletin Webcast Questions & Answers page.  We fielded 13 questions on various topics during the webcast, with specific bulletin questions focusing primarily on Internet Explorer (MS13-037 and MS13-038) and Visio (MS13-044).  We invite our customers to join us for the …

May 2013 Security Bulletin Webcast, Q&A, and Slide Deck Read More »

The December bulletins are released

Hello. As I previously mentioned in the Advance Notification Service blog post on Thursday, today we are releasing 13 security bulletins, three of which are rated Critical in severity, and 10 Important. These bulletins will increase protection by addressing 19 unique vulnerabilities in Microsoft products. Customers should plan to install all of these updates as …

The December bulletins are released Read More »

More information on the December 2011 ActiveX Kill Bits bulletin (MS11-090)

This month we released MS11-090 to address a vulnerability in the Microsoft Time component (CVE-2011-3397), which features the deprecated time behavior that is still supported in IE6. We would like to provide further information about this issue and help explain why a “binary behavior kill bit” is the appropriate course of action. Which products are …

More information on the December 2011 ActiveX Kill Bits bulletin (MS11-090) Read More »

Assessing the risk of public issues currently being tracked by the MSRC

At Microsoft, as at most large software vendors, we are likely to have publicly known issues under investigation at any given time. This is what we do on the Security Research & Defense team. Recently we’ve seen confusion from folks trying to make sense of some of the current public issues. To help clear that …

Assessing the risk of public issues currently being tracked by the MSRC Read More »

June 2010 Security Bulletin Release

Hi everyone, Today, as part of our regular monthly security bulletin release cycle, we released 10 bulletins to address 34 total vulnerabilities in Windows, Microsoft Office (including SharePoint), Internet Explorer (IE), Internet Information Services (IIS), and the .NET Framework. Only three of these bulletins get our maximum severity rating of Critical. The rest are rated …

June 2010 Security Bulletin Release Read More »

October 2009 Security Bulletin Release

Summary of Microsoft’s Security Bulletin Release for October 2009 This month, we released 13 new bulletins which address 33 vulnerabilities in Windows, Internet Explorer and Microsoft Office. Since we published this information in our advance notification (ANS) last Thursday, we have been asked “is this the most bulletins Microsoft has ever released”? The short answer …

October 2009 Security Bulletin Release Read More »

Overview of the out-of-band release

Today we released Security Advisory 973882 and with it, two out-of-band security bulletins. These updates are MS09-034 (an Internet Explorer update) and MS09-035 (a Visual Studio update). At this time for customers who have applied MS09-032 we are not aware of any “in the wild” exploits that leverage the vulnerabilities documented in 973882 and MS09-035. …

Overview of the out-of-band release Read More »

Internet Explorer Mitigations for ATL Data Stream Vulnerabilities

IE security update MS09-034 implements two defense-in-depth measures intended to mitigate the threat of attacks which attempt to exploit the Microsoft Active Template Library (ATL) vulnerabilities described in Security Advisory 973882 and MS09-034. We would like to explain these mitigations in more detail. ATL persisted data checks The first mitigation is a change to modify …

Internet Explorer Mitigations for ATL Data Stream Vulnerabilities Read More »