Hi all -- We're pleased to announce the release of the new Microsoft Security Update Guide, Second Edition . Fully revised and updated from the first edition, which was released in 2009, this edition focuses on best practices for prioritizing and testing security updates before deployment within your organization's IT environment. Feedback from our enterprise customers tells us that more and more IT professionals are deploying Microsoft security updates quickly based on their assurance in in...

Hello everyone, My name is Pete Voss, and I'm a senior response communications manager with Microsoft Trustworthy Computing. I'll be joining the rest of the team on the MSRC blog and @MSFTSecResponse Twitter handle to help provide you with the latest information and guidance for Microsoft security. Today, we're providing advanced notification on the release of 17 security bulletins, nine rated Critical and eight rated Important. This month's bulletin release will address 64 vulnerabilities...

Hello again everyone, Pete Voss here, and as I previously mentioned in the Advanced Notification blog on Thursday, today we are releasing 17 security bulletins, nine of which are Critical, and eight rated Important. These bulletins will increase protection by addressing 64 unique vulnerabilities in the following Microsoft products: Microsoft Windows, Microsoft Office, Internet Explorer, Visual Studio, SMB, .NET Framework and GDI+. I did want to point out that 30 of these vulnerabilities are...

Hello, Today we published the April Security Bulletin Webcast Questions & Answers page . We fielded 14 questions on various topics during the webcast, including bulletins released, deployment tools, and update detection tools. There were two questions during the webcast that we were unable to answer and we have included those questions and answers on the QA page. I also want to provide some clarity regarding our announcement that SMS 2003 with SUIT is retiring this month. SMS 2.0 and the...

Last summer at the Black Hat security conference, we announced a philosophical shift in how we refer to vulnerability disclosure, called "Coordinated Vulnerability Disclosure" (CVD). Our intent was to focus on how coordination and collaboration are required to resolve security issues in a way that minimizes risk and disruption for customers. Since then, feedback from the broader security community has been generally supportive. Today, we're providing more transparency and insight into our disclosure...