Skip to main content
MSRC

Security Update

November 2009 Security Bulletin Release

Tuesday, November 10, 2009

Summary of Microsoft’s Security Bulletin Release for November 2009 Today, we released six security bulletins addressing a total of 15 vulnerabilities. Four affect Windows and Windows Server and two affect Microsoft Office products (Excel and Word). As we do every month, we have prepared our Risk & Impact and our Deployment Priority guidance to help customers assess risk to their environments and prioritize the deployment of this month’s updates.

November 2009 Bulletin Release Advance Notification

Thursday, November 05, 2009

Advance Notification for the November 2009 Security Bulletin Release To help customers plan and prioritize for this month’s security updates, we wanted to let you know that we will be releasing 6 bulletins (three critical and three important) addressing 15 vulnerabilities, affecting Windows and Microsoft Office products. Customers should plan a restart for the Windows bulletins.

October 2009 Security Bulletin Webcast Questions and Answers

Tuesday, October 20, 2009

Hi everyone. We have posted the questions and answers from the security bulletin webcast we conducted on October 14 at this link. It was clear from all of the questions concerning MS09-062 (the GDI+ update) that there is some confusion on how to apply the update when you have a combination of SQL Server and Windows 2000 clients.

Monthly Security Bulletin Webcast Q&A - October 2009

Monday, October 19, 2009

Hosts: Adrian Stone, Senior Security Program Manager Lead Jerry Bryant, Senior Security Program Manager Lead** Website: TechNet/security Chat Topic: October 2009 Security Bulletin Date: Wednesday, October 14, 2009 Q: In reference to MS09-053, are all Internet Information Services (IIS) servers affected or only IIS servers running File Transfer Protocol (FTP)?

October 2009 Security Bulletin Release

Tuesday, October 13, 2009

Summary of Microsoft’s Security Bulletin Release for October 2009 This month, we released 13 new bulletins which address 33 vulnerabilities in Windows, Internet Explorer and Microsoft Office. Since we published this information in our advance notification (ANS) last Thursday, we have been asked “is this the most bulletins Microsoft has ever released”?

October 2009 Bulletin Release Advance Notification

Thursday, October 08, 2009

Advance Notification for the October 2009 Security Bulletin Release For October we are releasing 13 bulletins (eight critical and five important), addressing 34 vulnerabilities, affecting Windows, Internet Explorer, Office, Silverlight, Forefront, Developer Tools, and SQL Server. Most of these updates require a restart so please factor that into your deployment planning.

September 2009 Security Bulletin Webcast Video and Customer Q and A

Friday, September 11, 2009

In the September 2009 security bulletin webcast, it was clear that customers had a lot of concerns about MS09-048 as almost half the questions we answered were on that topic. The questions and answers from the session are now posted here on the blog. As we mentioned in the webcast, The MS09-048 bulletin has been updated to call out Windows XP in the affected products list with a severity rating of low for the two Denial-of-Service vulnerabilities (the third, Remote Code Execution vulnerability, does not affect XP).

Monthly Security Bulletin Webcast Q&A - September 2009

Thursday, September 10, 2009

Hosts: Adrian Stone, Senior Security Program Manager Lead Jerry Bryant, Senior Security Program Manager Lead Website: TechNet/security Chat Topic: September 2009 Security Bulletin Date: Wednesday, September 9, 2009 Q: For MS09-048 how do we mitigate this with Windows 2000 Server since Microsoft will not be producing a patch? Do we have any prescriptive guidance?

September 2009 bulletin Release

Wednesday, September 02, 2009

Advance Notification for the September 2009 Security Bulletin Release This month we will be releasing 5 security bulletins, all affecting Windows, and all with an aggregate severity rating of critical. As always, the target for release is the second Tuesday of the month at 10:00 a.m. PDT (UTC -8). Please check back here at that time as we will be posting our risk and impact assessment, a new deployment prioritization table and an overview video.

August 2009 Bulletin Release

Tuesday, August 11, 2009

Summary of Microsoft’s Security Bulletin Release for August 2009 Hi everyone, This month, we released nine security bulletins. Five of those are rated Critical and four have an aggregate severity rating of Important. Of the nine updates, eight affect Windows and the last one affects Office Web Components (OWC). It is also important to note that five of the six critical updates also have an Exploitability Index rating of “1” which means that we could expect there to be consistent, reliable code in the wild seeking to exploit one or more of these vulnerabilities within the first 30 days from release.