Today we provide advance notification for the release of seven Bulletins, two rated Critical and five rated Important in severity. These Updates are for Microsoft Windows, Microsoft Office and Internet Explorer. The Update for Internet Explorer addresses CVE-2014-1770, which we have not seen used in any active attacks.

Also, in case you missed it, last month we released Security Advisory 2871997 to further enhance credentials management and protections on Windows 7, Windows 8, Windows Server 2008 R2, and Windows Server 2012.  Since then, we have received some questions about the functionality changes introduced by the advisory.  Over on the Security Research & Defense (SRD) blog, Joe Bailek from the MRSC Engineering team provides an overview of those changes, their impact and some other important configuration changes that can be made in conjunction with the update to further improve system security.  I recommend you take a few moments to read the SRD blog and consider implementing some or all of the changes in your environment.

As always, we’ve scheduled the Security Bulletin release for the second Tuesday of the month, June 10, 2014, at approximately 10:00 a.m. PDT.  Revisit this blog then for analysis of the relative risk and impact, as well as deployment guidance, together with a brief video overview of the month’s Updates.  Until then, please review the ANS summary page for more information to help you prepare for Security Bulletin testing and deployment.

Don’t forget, you can also follow the MSRC team’s recent activity on Twitter at @MSFTSecResponse

Thank you,
Dustin Childs
Group Manager, Response Communications
Microsoft Trustworthy Computing