December, 2010

  • December 2010 Security Bulletin Release

    Hi everyone. As part of our usual cycle of monthly security updates, today Microsoft is releasing 17 bulletins addressing 40 vulnerabilities in Microsoft Windows, Office, Internet Explorer, SharePoint Server and Exchange. Two of those bulletins carry a Critical rating, while 14 are rated Important and one is rated Moderate. We've assigned our highest deployment priority to the two Critical bulletins, though we recommend that customers deploy all updates as soon as possible. MS10...
  • Microsoft Releases Security Advisory 2488013

    Hello, Today we released Security Advisory 2488013 to address a public vulnerability that could affect customers using Internet Explorer 6, 7 and 8 if they visit a website hosting malicious code. Currently the impact of this vulnerability is limited and we are not aware of any affected customers or active attacks targeting customers. Internet Explorer Protected Mode on Windows Vista and later versions of Windows helps to limit the impact of the currently known proof-of-concept exploits. Protected...
  • December 2010 Advance Notification Service is released

    Hi everyone. Mike Reavey from the MSRC here. Today we're releasing our Advance Notification Service for the December 2010 security bulletin release. As we do every month, we've given information about the coming December release and provided links to detailed information so you can plan your deployment by product, service pack level, and severity. However, since this is the last release for the year, I thought it would also be good time to take a look back at the security releases we've had...
  • More about the Office File Validation backport plan

    In November 2010, Microsoft released the first Security Bulletin ( MS10-079 ) against an Office 2010 component, in this case Microsoft Word. Approximately 6 months had elapsed since Office 2010 launched in May and while it's good for such a widely used product to be available for so long without any reported issues, we were naturally disappointed to release the first bulletin affecting Office 2010. The issue was part of a group of 32 issues reported to us by an external researcher. All of the issues...
  • Benefits of Office 2010 File Validation will be made available for Office 2003 and 2007

    Hello everyone -- We're really excited to announce that Office File Validation, currently part of Office 2010, will soon be made available for Office 2003 and 2007. During development of Office 2010, the Office Team, in conjunction with members of the Microsoft Engineering Center (MSEC) organization, performed a number of actions to increase protections for file parsing code. First released in Office 2010 , Office File Validation provides a check of file-format binary schema as each file...
  • Q&A from the December 2010 Security Bulletin Webcast

    Hello, Today we published the December 2010 Security Bulletin Webcast Questions & Answers page . We fielded 17 questions, most concerning the Internet Explorer update and the re-releases of bulletins this month. We invite our customers to join us for the next public webcast on Wednesday, January 12 at 11am PST (-8 UTC), when we will go into detail about the December bulletin release and answer questions live on the air. Customers can register to attend at the link below: Date: Wednesday...