MSRC

  • Security Bulletin MS14-045 rereleased

    Every month for many years, we’ve released a number of updates focused on the continuous improvement of customers’ experiences with our technology. Historically, these updates happened at different times during the month, with the security-specific ones occurring on the second Tuesday of each month. Recently, to further streamline, we decided to include more of our non-security updates together with our security updates and begin the global release to customers on the second Tuesday of each month...

  • August 2014 Security Bulletin Webcast and Q&A

    Today, we published the August 2014 Security Bulletin webcast questions and answers page along with the webcast replay. We answered ten questions on air, with the majority focusing on the update for Internet Explorer . Here is the video replay: We are aware of some issues related to the recent updates and are working on a fix. For more information please read KB 2982791 . We invite you to join us for the next scheduled webcast on Wednesday, September 10, 2014, at 11 a.m. PDT (UTC -7)...
  • August 2014 Security Updates

    Today, as part of Update Tuesday, we released nine security updates – two rated Critical and seven rated Important – to address 37 Common Vulnerabilities & Exposures (CVEs) in SQL Server, OneNote, SharePoint, .NET, Windows and Internet Explorer (IE). We encourage you to apply all of these updates, but for those who need to prioritize their deployment planning, we recommend focusing on the Critical updates first. Here’s an overview slide and video of the security updates released...
  • Advance Notification Service for the August 2014 Security Bulletin Release

    Today, we provide advance notification for the release of nine Security Bulletins. Two of these are rated Critical, and the remaining seven are rated Important in severity. These Updates are for SQL Server, SharePoint, OneNote, .NET, Microsoft Windows, and Internet Explorer. As per our usual process, we’ve scheduled the Security Bulletin release for the second Tuesday of the month, August 12, 2014, at approximately 10 a.m. PDT. Revisit this blog then for analysis of the relative impact,...
  • General Availability for Enhanced Mitigation Experience Toolkit (EMET) 5.0

    Today, we are excited to announce the general availability of Enhanced Mitigation Experience Toolkit (EMET) 5.0 . EMET is a free tool, designed to help customers with their defense in depth strategies against cyberattacks, by helping block and terminate the most common techniques adversaries might use in comprising systems. EMET 5.0 further helps to protect with two new mitigations, and with new capabilities giving customers additional flexibility on their deployments. EMET helps to protect systems...
  • July 2014 Security Bulletin Webcast and Q&A

    Today we published the July 2014 Security Bulletin webcast questions and answers page along with the webcast replay. We answered eight questions on air, with the majority focusing on the update for Internet Explorer . The transcript also includes a question we did not have time to answer on the air. Here is the video replay: We invite you to join us for the next scheduled webcast on Wednesday, August 13, 2014, at 11 a.m. PDT (UTC -7), when we will go into detail about the August bulletin...
  • Security Advisory 2982792 released, Certificate Trust List updated

    Today, we are updating the Certificate Trust List (CTL) for all supported releases of Microsoft Windows to remove the trust of mis-issued third-party digital certificates. These certificates could be used to spoof content and perform phishing or man-in-the-middle attacks against web properties. With this update, most customers will be automatically protected against this issue and will not need to take any action. If you do not have automatic updates enabled, or if you are on Windows Server 2003...
  • July 2014 Security Bulletin Release

    Many around the globe have been following the 2014 FIFA World Cup Brazil™ closely. Regardless of which country you are supporting, many folks have been impressed by the defensive display put on by keeper Tim Howard in a loss against Belgium. It was a great performance highlighting a strong defense – always a good thing to have, be it on the pitch or on your system. This month’s release includes six new security bulletins, addressing 29 Common Vulnerability and Exposures (CVEs...
  • Advance Notification Service for the July 2014 Security Bulletin Release

    Today, we provide advance notification for the release of six Security Bulletins. Two of these are rated Critical, three are rated as Important, and one is rated Moderate in severity. These Updates are for Microsoft Windows and Internet Explorer. This month we will also premier the new format for our Security Bulletin Webcast, scheduled on Wednesday, July 9, at 11 a.m. PDT. Registration, downloading the Live Meeting client, and dialing in to a separate number will no longer be required. You can...
  • Driving a Collectively Stronger Security Community with Microsoft Interflow

    Today, Microsoft is pleased to announce the private preview of Microsoft Interflow , a security and threat information exchange platform for analysts and researchers working in cybersecurity. Interflow uses industry specifications to create an automated, machine-readable feed of threat and security information that can be shared across industries and groups in near real-time. The goal of the platform is to help security professionals respond more quickly to threats. It will also help reduce cost...