March, 2014

  • Microsoft Releases Security Advisory 2953095

    Today we released Security Advisory 2953095 to notify customers of a vulnerability in Microsoft Word. At this time, we are aware of limited, targeted attacks directed at Microsoft Word 2010. An attacker could cause remote code execution if someone was convinced to open a specially crafted Rich Text Format (RTF) file or a specially crafted mail in Microsoft Outlook while using Microsoft Word as the email viewer. As part of the security advisory, we have included an easy, one-click Fix it to address...
  • March 2014 Security Bulletin Webcast and Q&A

    Today we published the March 2014 Security Bulletin Webcast Questions & Answers page . We answered eight questions in total, with the majority focusing on the updates for Windows ( MS14-016 ) and Internet Explorer ( MS14-012 ). One question that was not answered on air has been included on the Q&A page. Here is the video replay. We invite you to join us for the next scheduled webcast on Wednesday, April 9, 2014, at 11 a.m. PDT (UTC -7), when we will go into detail about the April...
  • The March 2014 Security Updates

    This month we release five bulletins to address 23 unique CVEs in Microsoft Windows, Internet Explorer and Silverlight. If you need to prioritize, the update for Internet Explorer addresses the issue first described in Security Advisory 2934088 , so it should be at the top of your list. While that update does warrant your attention, I want to also call out another impactful update. MS14-014 provides an update to address a security feature bypass in Silverlight. The issue wasn’t publicly...
  • Advance Notification Service for the March 2014 Security Bulletin Release

    Today we provide advance notification for the release of five bulletins for March 2014, two rated Critical and thee rated Important in severity. These updates address issues in Microsoft Windows, Internet Explorer and Silverlight. The update provided in MS14-012 fully addresses the issue first described in Security Advisory 2934088 . While we have seen a limited number of attacks using this issue, they have only targeted Internet Explorer 10. Customers using other versions of Internet Explorer...