October, 2013

  • Introduction: Chris Betz, new head of MSRC

    By way of introduction, I am Chris Betz, the leader of the Microsoft Security Response Center (MSRC). I’m stepping in to fill the shoes of Mike Reavey, who has moved on to become the General Manager of Secure Operations, still within Trustworthy Computing. Since joining the MSRC, I’ve spent time immersed in learning the business, meeting our global team of security research and response professionals and many of the other teams we frequently interact with here at Microsoft. That’s...
  • 10 years of Update Tuesdays

    On October 1, 2003, Microsoft announced it would move to a monthly security bulletin cadence. Today, marks 10 years since that first monthly security update . We looked at many ways to improve our security preparedness and patch timing was the number one customer request. Your feedback was clear and we delivered a predictable schedule. Since then, we have seen others in the industry follow our move to monthly updates. As we continue to act on feedback, one thing stays the same: our ongoing commitment...
  • October 2013 Security Bulletin Webcast, Q&A, and Slide Deck

    Today we’re publishing the October 2013 Security Bulletin Webcast Questions & Answers page . We fielded 11 questions during the webcast, with specific bulletin questions focusing primarily on the SharePoint ( MS13-084 ) and Kernel-Mode Drivers ( MS13-081 ) bulletins. There was one additional question that we were unable to answer on air, and we have included a response to that question on the Q&A page. We invite our customers to join us for the next public webcast on Wednesday, November...
  • The October 2013 security updates

    This month we release eight bulletins – four Critical and four Important - which address 25* unique CVEs in Microsoft Windows, Internet Explorer, SharePoint, .NET Framework, Office, and Silverlight. For those who need to prioritize their deployment planning, we recommend focusing on MS13-080, MS13-081, and MS13-083. Our Bulletin Deployment Priority graph provides an overview of this month’s priority releases (click for larger view). MS13-080 | Cumulative Security Update for...
  • An update on the bounty programs

    Back in June of this year, we announced three new bounty programs that will pay researchers for techniques that bypass built-in OS mitigations and protections, for defenses that stop those bypasses and for vulnerabilities in Internet Explorer 11 Preview. This past Friday, we provided some additional details about the results of the IE11 Preview bounty program, which covered the first 30 days of the preview period. Today, we are announcing James Forshaw, a security researcher with Context Information...
  • Advance Notification Service for October 2013 Security Bulletin Release

    Today we’re providing advance notification for the release of eight bulletins, four Critical and four Important, for October 2013. The Critical updates address vulnerabilities in Internet Explorer, .NET Framework and Windows. The Critical update for Internet Explorer will be a cumulative update which will address the publicly disclosed issue described in Security Advisory 2887505 . As always, we’ve scheduled the security bulletin release for the second Tuesday of the month, October...