Today, as a part of our regular Update Tuesday process, we released four security bulletins – one rated Critical and three rated Important in severity – to address 42 Common Vulnerabilities & Exposures (CVEs) in Microsoft Windows, Internet Explorer, .NET Framework, and Lync Server. We encourage you to apply all of these updates, but for …
As security professionals, we are trained to think in worst-case scenarios. We run through the land of the theoretical, chasing “what if” scenarios as though they are lightning bugs to be gathered and stashed in a glass jar. Most of time, this type of thinking is absolutely the correct thing for security professionals to do. …
Theoretical Thinking and the June 2014 Bulletin Release Read More »
Today we provide advance notification for the release of seven Bulletins, two rated Critical and five rated Important in severity. These Updates are for Microsoft Windows, Microsoft Office and Internet Explorer. The Update for Internet Explorer addresses CVE-2014-1770, which we have not seen used in any active attacks. Also, in case you missed it, last …
Advance Notification Service for the June 2014 Security Bulletin Release Read More »
T. S. Elliot once said, “What we call the beginning is often the end. And to make an end is to make a beginning. The end is where we start from.” So as we put one season to bed, let’s start another by looking at the April security updates. Today, we release four bulletins to …
This month we release five bulletins to address 23 unique CVEs in Microsoft Windows, Internet Explorer and Silverlight. If you need to prioritize, the update for Internet Explorer addresses the issue first described in Security Advisory 2934088, so it should be at the top of your list. While that update does warrant your attention, I …
In January, there are those who like to make predictions about the upcoming year. I am not one of those people. Instead, I like to quote Niels Bohr who said, “Prediction is very difficult, especially if it’s about the future.” However, I can say without a doubt that change is afoot in 2014. In February, …
A Look Into the Future and the January 2014 Bulletin Release Read More »
There are times when we get too close to a topic. We familiarize ourselves with every aspect and nuance, but fail to recognize not everyone else has done the same. Whether you consider this myopia, navel-gazing, or human nature, the effect is the same. I recognized this during the recent webcast when someone asked the …
Omphaloskepsis and the December 2013 Security Update Release Read More »
Today we’re publishing the November 2013 Security Bulletin Webcast Questions & Answers page. The majority of questions focused on the ActiveX Kill Bits bulletin (MS13-090) and the advisories. We also answered a few general questions that were not specific to any of this month’s updates, but that may be of interest. We’ve discussed the Microsoft …
MBSA 2.3 and the November 2013 Security Bulletin Webcast, Q&A, and Slide Deck Read More »
Today we’re publishing the September 2013 Security Bulletin Webcast Questions & Answers page. The majority of questions focused on Office bulletins, especially SharePoint Server (MS13-067). We received multiple Office related questions that were very similar in nature, so the questions have been merged, as applicable, with consolidated answers provided. We were able to answer six …
September 2013 Security Bulletin Webcast, Q&A, and Slide Deck Read More »
Today we’re publishing the August 2013 Security Bulletin Webcast Questions & Answers page. We fielded 13 questions on various topics during the webcast, with specific bulletin questions focusing primarily on Exchange Server (MS13-061) and Windows Kernel (MS13-063). There were 3 additional questions during the webcast that we were unable to answer on air, and we …
August 2013 Security Bulletin Webcast, Q&A, and Slide Deck Read More »