Security | Microsoft Security Response Center

June Advance Notification Service and 10 Immutable Laws Revisited

Thursday, June 09, 2011

Before we get into this month’s release, we wanted to alert you to updates to a document that’s been central to much of how Microsoft thinks about security. Ten years ago, Microsoft penned the “Ten Immutable Laws of Security,” which debuted on TechNet. It was written before the rise of – among other technologies and trends – cloud computing, social networking, widespread smartphone adoption, and Windows XP, to name but a few landmarks along the way.

Q&A from May 2011 Security Bulletin Webcast

Thursday, May 12, 2011

Hello, Today we published the May Security Bulletin Webcast Questions & Answers page. We fielded twelve questions on various topics during the webcast, including bulletins released and the Malicious Software Removal Tool. There were two questions during the webcast that we were unable to answer and we have included those questions and answers on the QA page.

Exploitability Index Improvements & Advance Notification Service for May 2011 Bulletin Release

Thursday, May 05, 2011

Hello everyone, Today we are announcing changes to Microsoft’s Exploitability Index. Since October 2008, we have used the Exploitability Index to provide customers with valuable exploitability analysis for our security bulletins, and starting Tuesday this information will become even more comprehensive for those who use Microsoft’s latest platforms. The Exploitability Index assesses the likelihood of functional exploit code being developed for a particular vulnerability.

Exploitability Index Improvements Now Offer Additional Guidance

Thursday, May 05, 2011

Exploitability Index Improvements Now Offer Additional Guidance In October of 2008, Microsoft published its first Exploitability Index: a rating system that helps customers identify the likelihood that a specific vulnerability would be exploited within the first 30 days after bulletin release. As of this month, we are making some changes to the rating system to make vulnerability assessment more clear and digestible for customers.

Q&A from the March 2011 Security Bulletin Webcast

Friday, March 11, 2011

Hello, Today we published the March Security Bulletin Webcast Questions & Answers page. We fielded five questions on various topics during the webcast, including bulletins released, deployment tools, and update detection tools. We invite our customers to join us for the next public webcast on Wednesday, April 13th at 11am PDT (-8 UTC), when we will go into detail about the March bulletin release and answer questions live on the air.

Q&A from the January 2011 Security Bulletin Webcast

Thursday, January 13, 2011

Hello, Today we published the January Security Bulletin Webcast Questions & Answers page. We fielded five questions on various topics during the webcast. We invite our customers to join us for the next public webcast on Wednesday, February 9th at 11am PST (-8 UTC), when we will go into detail about the February bulletin release and answer questions live on the air.

Q&A from the December 2010 Security Bulletin Webcast

Friday, December 17, 2010

Hello, Today we published the December 2010 Security Bulletin Webcast Questions & Answers page. We fielded 17 questions, most concerning the Internet Explorer update and the re-releases of bulletins this month. We invite our customers to join us for the next public webcast on Wednesday, January 12 at 11am PST (-8 UTC), when we will go into detail about the December bulletin release and answer questions live on the air.

December 2010 Security Bulletin Release

Tuesday, December 14, 2010

Hi everyone. As part of our usual cycle of monthly security updates, today Microsoft is releasing 17 bulletins addressing 40 vulnerabilities in Microsoft Windows, Office, Internet Explorer, SharePoint Server and Exchange. Two of those bulletins carry a Critical rating, while 14 are rated Important and one is rated Moderate. We’ve assigned our highest deployment priority to the two Critical bulletins, though we recommend that customers deploy all updates as soon as possible.

December 2010 Advance Notification Service is released

Thursday, December 09, 2010

Hi everyone. Mike Reavey from the MSRC here. Today we’re releasing our Advance Notification Service for the December 2010 security bulletin release. As we do every month, we’ve given information about the coming December release and provided links to detailed information so you can plan your deployment by product, service pack level, and severity.

Advance Notification Service for November 2010 Bulletins

Thursday, November 04, 2010

Hello. We’ve issued our Advance Notification Service for the November ’10 security bulletin release. This time around we’re releasing three updates addressing 11 vulnerabilities in Microsoft Office and Unified Access Gateway (UAG). One bulletin carries a Critical severity rating; the other two are rated Important. When customers buy Microsoft software, it includes high-quality security updates to be provided via predictable monthly bulletin releases, helping to protect their computing experience over time.