Get on-the-go access to the latest insights featured on our Trustworthy Computing blogs.
Today, as part of Update Tuesday, we released nine security updates – two rated Critical and seven rated Important – to address 37 Common Vulnerabilities & Exposures (CVEs) in SQL Server, OneNote, SharePoint, .NET, Windows and Internet Explorer (IE). We encourage you to apply all of these updates, but for those who need to prioritize their deployment planning, we recommend focusing on the Critical updates first.
Here’s an overview slide and video of the security updates released today:
Click to enlarge
Microsoft also revised Security Advisory 2755801: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer.
For more information about this month’s security updates, including the detailed view of the Exploit Index broken down by each CVE, visit the Microsoft Bulletin Summary Web page. If you are not familiar with how we calculate the Exploitability Index (XI), a full description is found here.
You may notice a revision in the XI this month, which aims to better characterize the actual risk to a customer on the day the security update is released. Customers will see new wording for the rating, including a new rating of “0” for “Exploitation Detected.” More information about XI can be found here: http://technet.microsoft.com/en-us/security/cc998259.aspx.
Last week, Microsoft announced some other news that relates to Update Tuesday:
Jonathan Ness and I will host the monthly bulletin webcast, scheduled for Wednesday, August 13, 2014, at 11 a.m. PDT.
For all the latest information, you can also follow the MSRC team on Twitter at @MSFTSecResponse.
Group Manager, Response Communications Microsoft Trustworthy Computing