Browse by Tags

Related Posts
  • Blog Post: Security Advisory 2982792 released, Certificate Trust List updated

    Today, we are updating the Certificate Trust List (CTL) for all supported releases of Microsoft Windows to remove the trust of mis-issued third-party digital certificates. These certificates could be used to spoof content and perform phishing or man-in-the-middle attacks against web properties. With...
  • Blog Post: Microsoft releases Security Advisory 2963983

    Today, we released Security Advisory 2963983 regarding an issue that impacts Internet Explorer. At this time, we are only aware of limited, targeted attacks. This issue allows remote code execution if users visit a malicious website with an affected browser. This would typically occur by an attacker...
  • Blog Post: Microsoft Releases Security Advisory 2953095

    Today we released Security Advisory 2953095 to notify customers of a vulnerability in Microsoft Word. At this time, we are aware of limited, targeted attacks directed at Microsoft Word 2010. An attacker could cause remote code execution if someone was convinced to open a specially crafted Rich Text Format...
  • Blog Post: Microsoft Releases Security Advisory 2914486

    Today we released Security Advisory 2914486 regarding a local elevation of privilege (EoP) issue that affects customers using Microsoft Windows XP and Server 2003. Windows Vista and later are not affected by this local EoP issue. A member of the Microsoft Active Protections Program (MAPP) found this...
  • Blog Post: Microsoft Releases Security Advisory 2794220

    Today, we released Security Advisory 2794220 regarding an issue that impacts Internet Explorer 6, 7, and 8. We are only aware of a very small number of targeted attacks at this time. This issue allows remote code execution if users browse to a malicious website with an affected browser. This would typically...
  • Blog Post: Security Advisory 2755801 revised to address Adobe Flash Player issues (Feb. 7, 2013)

    Today we revised Security Advisory 2755801 to address issues in Adobe Flash Player in Internet Explorer 10 on Windows 8, this revision was released in conjunction with Adobe’s update process. Customers who have automatic updates enabled will not need to take any action because protections will...
  • Blog Post: Microsoft Releases Security Advisory 2847140

    Today, we released Security Advisory 2847140 regarding an issue that impacts Internet Explorer 8. Internet Explorer 6, 7, 9 and 10 are not affected by the vulnerability. This issue allows remote code execution if users browse to a malicious website with an affected browser. This would typically occur...
  • Blog Post: Microsoft releases Security Advisory 2639658

    Hi everyone, Today we released Security Advisory 2639568 to provide customer guidance for the Windows kernel issue related to the Duqu malware. I would like to provide you information on how to protect your system(s), how we are addressing the issue, and insight into our threat landscape monitoring...
  • Blog Post: Security Advisory 2755801 revised to address Adobe Flash Player issues

    Today we revised Security Advisory 2755801 to address issues in Adobe Flash Player in Internet Explorer 10, in conjunction with Adobe’s update process. Customers who have automatic updates enabled will not need to take any action because protections will be downloaded and installed automatically...
  • Blog Post: September 2010 Security Bulletin Release

    Hi everyone, With this month's bulletin release, I want to highlight the great work done through our partnerships in the Microsoft Active Protections Program (MAPP). MAPP represents our commitment to community based defense and a shared sense of responsibility to help protect the computing ecosystem...
  • Blog Post: Fix it for Security Advisory 2794220 now available

    We have updated Security Advisory 2749920 to include the Fix it we discussed in Saturday’s blog post . This easy, one-click Fix it is available to everyone and prevents the vulnerability from being used for code execution without affecting your ability to browse the Web. Additionally, applying...
  • Blog Post: Update to Security Advisory 2416728

    Hi everyone - We've just updated Microsoft Security Advisory 2416728 as we've begun to see limited attacks with the ASP.NET vulnerability. We have added questions and answers and encourage customers to review this information and evaluate it for their environment. We have also added additional...
  • Blog Post: Security Advisory 2755801 addresses Adobe Flash Player issues

    Today we released Security Advisory 2755801 that addresses vulnerabilities in Adobe Flash Player in Internet Explorer 10 on Windows 8. The majority of customers have automatic updates enabled and will not need to take any action because protections will be downloaded and installed automatically. Customers...
  • Blog Post: Additional information about Internet Explorer and Security Advisory 2757760

    We will release a Fix it in the next few days to address an issue in Internet Explorer, as outlined in the Security Advisory 2757760 that we released yesterday. While we have only seen a few attempts to exploit the issue, impacting an extremely limited number of people, we are taking this proactive...
  • Blog Post: Security Advisory 2737111 released

    Hello – Today we published Security Advisory 2737111, which provides mitigations and workarounds that will help protect customers from a known vulnerability in one of Oracle’s Outside In libraries, which were updated earlier this month. Microsoft licenses the libraries from Oracle and...
  • Blog Post: Advance Notification Service for the February 2011 Security Bulletin Release

    Hello all - Today, as part of our usual monthly bulletin cadence, we are providing our Advance Notification Service for February's security bulletins. This month, we'll release 12 bulletins, three of them rated Critical and nine rated Important, addressing issues in Microsoft Windows, Internet Explorer...
  • Blog Post: Microsoft Releases Security Advisory 2524375

    Hello - Today we're releasing Security Advisory 2524375 , to address nine fraudulent digital certificates issued by Comodo Group Inc, a root certificate authority. Comodo has since revoked the digital certificates. This is not a Microsoft security vulnerability; however, one of the certificates potentially...
  • Blog Post: MBSA 2.3 and the November 2013 Security Bulletin Webcast, Q&A, and Slide Deck

    Today we’re publishing the November 2013 Security Bulletin Webcast Questions & Answers page . The majority of questions focused on the ActiveX Kill Bits bulletin ( MS13-090 ) and the advisories. We also answered a few general questions that were not specific to any of this month’s updates...
  • Blog Post: It’s That Time of Year, For the December 2012 Bulletin Release

    Happy holidays! I hope everyone is enjoying the festive season. I like to get my holiday shopping done early, and this year was no exception. In the middle of my holiday shopping last week, as I passed my cash from one store to the next, I was reminded of “Pass-the-Hash.” (My mind does tend...
  • Blog Post: August 2012 Bulletin Release

    Security Advisory 2661254 - Update For Minimum Certificate Key Length Before we get into the details of this month’s bulletin release, let’s take a look at an important change on how Windows deals with certificates that have RSA keys of less than 1024 bits in length. We’ve been talking...
  • Blog Post: Microsoft security updates and the Common Vulnerability Reporting Framework

    As a part of the Industry Consortium for Advancement of Security on the Internet (ICASI), Microsoft is pleased to present an initial set of monthly security updates – originally released on May 8 – in the consortium’s newly established Common Vulnerability Reporting Framework (CVRF...
  • Blog Post: Security Advisory 2416728 Released

    Hi everyone, Today we released Security Advisory 2416728 describing a publicly disclosed vulnerability in ASP.NET that affects all versions of the .NET Framework. At this time we are not aware of any attacks using this vulnerability and we encourage customers to review the advisory for mitigations...
  • Blog Post: June 2013 Security Bulletin Webcast, Q&A, and Slide Deck

    Today we’re publishing the June 2013 Security Bulletin Webcast Questions & Answers page . We fielded three questions during the webcast, with specific questions focusing primarily on Windows Print Spooler ( MS13-050 ), Microsoft Office ( MS13-051 ), and the security advisory addressing digital...
  • Blog Post: Security Advisory 2755801 revised to address Adobe Flash Player issues (Feb. 26, 2013)

    Today we revised Security Advisory 2755801 to address issues in Adobe Flash Player in Internet Explorer 10 on Windows 8. This advisory revision was released in conjunction with Adobe’s update process. Customers who have automatic updates enabled will not need to take any action because protections...
  • Blog Post: Microsoft Security Advisory 2269637 Released

    Overview Today we released Microsoft Security Advisory 2269637 . This is different from other Microsoft Security Advisories because it's not talking about specific vulnerabilities in Microsoft products. Rather, this is our official guidance in response to security research that has outlined a new...