Mitigations

Assessing risk for the January 2013 security updates

Today we released seven security bulletins addressing 12 CVE’s. Two of the bulletins have a maximum severity rating of Critical, and five have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack vector Max Bulletin Severity …

Assessing risk for the January 2013 security updates Read More »

MS13-001: Vulnerability in Print Spooler service

MS13-001 addresses a vulnerability in the way the Windows Print Spooler handles maliciously-crafted print jobs. The potential attack scenario is a little different than previous spooler service vulnerabilities so we’d like to share more details to help you assess the risk it may pose in your environment. Potential Attack Scenario A malicious attacker given permission …

MS13-001: Vulnerability in Print Spooler service Read More »

November 2012 Bulletin Release

Security UpdatesToday we released six security bulletins to help protect our customers – four Critical, one Important, and one Moderate – addressing 19 vulnerabilities in Microsoft Windows Shell, Windows Kernel, Internet Explorer, Internet Information Services (IIS), .NET Framework, and Excel. For those who need to prioritize deployment, we recommend focusing on these two Critical updates …

November 2012 Bulletin Release Read More »

Assessing risk for the November 2012 security updates

Today we released six security bulletins addressing 19 CVE’s. Four of the bulletins have a maximum severity rating of Critical, one has a maximum severity rating of Important, and one has a maximum severity rating of Moderate. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. …

Assessing risk for the November 2012 security updates Read More »

Assessing risk for the October 2012 security updates

Today we released seven security bulletins addressing 20 CVEs (7 Microsoft and 13 Oracle CVE’s). Only one of the bulletins is rated Critical. The other six have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack …

Assessing risk for the October 2012 security updates Read More »

More information on Security Advisory 2757760’s Fix It

Today, we revised Security Advisory 2757760 with two new pieces of information: A Fix It solution is available to address the vulnerability via an app-compat shim The comprehensive security update will be released out-of-band on Friday. In this blog post, we’d like to explain more about the vulnerability and explain how the Fix It solution …

More information on Security Advisory 2757760’s Fix It Read More »

August 2012 Security Bulletin Webcast, Q&A, and Slide Deck

Hello. Today we’re publishing the August 2012 Security Bulletin Webcast Questions & Answers page. During the webcast, we fielded twelve questions focusing primarily on MS12-060 covering Windows Common Controls,  MS12-052 regarding Internet Explorer, and Security Advisory 2661254 addressing trust certificates with RSA keys less than 1024 bit key lengths. Three additional questions were answered after …

August 2012 Security Bulletin Webcast, Q&A, and Slide Deck Read More »

MS12-060: Addressing a vulnerability in MSCOMCTL.OCX’s TabStrip control

Today we released MS12-060, addressing a potential remote code execution vulnerability in MSCOMCTL.OCX, the binary included with a number of Microsoft products to provide a set of common ActiveX controls. Limited, targeted attacks exploiting CVE-2012-1856 MS12-060 is on the list of high priority updates for this month for two reasons: we are aware of very …

MS12-060: Addressing a vulnerability in MSCOMCTL.OCX’s TabStrip control Read More »

Technical Analysis of the Top BlueHat Prize Submissions

Now that we have announced the winners of the first BlueHat Prize competition, we wanted to provide some technical details on the top entries and explain how we evaluated their submissions. Speaking on behalf of the judges, it was great to see people thinking creatively about defensive solutions to important security problems! To set the stage …

Technical Analysis of the Top BlueHat Prize Submissions Read More »