Mitigations

Assessing risk for the March 2013 security updates

Tuesday, March 12, 2013

Today we released seven security bulletins addressing 20 CVE’s. Four of the bulletins have a maximum severity rating of Critical, and three have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack vector Max Bulletin Severity Max Exploit-ability Index Likely first 30 days impact Platform mitigations and key notes MS13-021(Internet Explorer) Victim browses to a malicious webpage.

Read More

• Mitigations
• Rating
• Risk Asessment

Assessing risk for the February 2013 security updates

Tuesday, February 12, 2013

Today we released twelve security bulletins addressing 57 CVE’s. Five of the bulletins have a maximum severity rating of Critical, and seven have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack vector Max Bulletin Severity Max Exploit-ability rating Likely first 30 days impact Platform mitigations and key notes MS13-010(VML) Victim browses to a malicious webpage.

Read More

• Mitigations
• Rating
• Risk Asessment

Introducing ModSecurity IIS 2.7.2 Stable Release

Monday, February 11, 2013

We are pleased to announce the release of a stable version of the open source web application firewall module ModSecurity IIS 2.7.2. Since the announcement of availability of the beta version in July 2012, we have been working very hard to bring the quality of the module to meet the enterprise class product requirements.

Read More

• IIS
• Mitigations
• ModSecurity
• Security Tools

Assessing risk for the January 2013 security updates

Tuesday, January 08, 2013

Today we released seven security bulletins addressing 12 CVE’s. Two of the bulletins have a maximum severity rating of Critical, and five have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack vector Max Bulletin Severity Max Exploit-ability Index Likely first 30 days impact Platform mitigations and key notes MS13-002(MSXML) Victim browses to a malicious webpage.

Read More

• Attack Vector
• Mitigations
• Rating
• Risk Asessment

MS13-001: Vulnerability in Print Spooler service

Tuesday, January 08, 2013

MS13-001 addresses a vulnerability in the way the Windows Print Spooler handles maliciously-crafted print jobs. The potential attack scenario is a little different than previous spooler service vulnerabilities so we’d like to share more details to help you assess the risk it may pose in your environment. Potential Attack Scenario

Read More

• Attack Vector
• Mitigations
• Risk Asessment

Microsoft Releases Security Advisory 2794220

Saturday, December 29, 2012

Today, we released Security Advisory 2794220 regarding an issue that impacts Internet Explorer 6, 7, and 8. We are only aware of a very small number of targeted attacks at this time. This issue allows remote code execution if users browse to a malicious website with an affected browser. This would typically occur by an attacker convincing someone to click a link in an email or instant message.

Read More

• Advisory
• Internet Explorer (IE)
• Mitigations
• Security
• Security Advisory
• Zero-Day Exploit

Assessing risk for the November 2012 security updates

Tuesday, November 13, 2012

Today we released six security bulletins addressing 19 CVE’s. Four of the bulletins have a maximum severity rating of Critical, one has a maximum severity rating of Important, and one has a maximum severity rating of Moderate. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment.

Read More

• Attack Vector
• Mitigations
• Rating
• Risk Asessment

November 2012 Bulletin Release

Tuesday, November 13, 2012

Security Updates Today we released six security bulletins to help protect our customers - four Critical, one Important, and one Moderate – addressing 19 vulnerabilities in Microsoft Windows Shell, Windows Kernel, Internet Explorer, Internet Information Services (IIS), .NET Framework, and Excel. For those who need to prioritize deployment, we recommend focusing on these two Critical updates first:

Read More

• Announcements
• Bulletins
• Exploitability Index
• IIS
• Internet Explorer (IE)
• Microsoft Office
• Microsoft Windows
• Mitigations
• Monthly bulletin release
• Security Bulletin
• Security bulletin release
• Security Update
• Update Tuesday
• Video

Assessing risk for the October 2012 security updates

Tuesday, October 09, 2012

Today we released seven security bulletins addressing 20 CVEs (7 Microsoft and 13 Oracle CVE’s). Only one of the bulletins is rated Critical. The other six have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment.

Read More

• Attack Vector
• Mitigations
• Rating
• Risk Asessment
• Workarounds

More information on Security Advisory 2757760's Fix It

Wednesday, September 19, 2012

Today, we revised Security Advisory 2757760 with two new pieces of information: A Fix It solution is available to address the vulnerability via an app-compat shim The comprehensive security update will be released out-of-band on Friday. In this blog post, we’d like to explain more about the vulnerability and explain how the Fix It solution addresses the issue.

Read More

• Attack
• EMET
• FixIt
• Internet Explorer (IE)
• Mitigations
• MSHTML
• Risk Asessment