Browse by Tags

Related Posts
  • Blog Post: The Next Leap Forward in Cyber Defense: Taking Action to Help Defeat Adversaries

    It is often said that attackers have an advantage, because the defenders have to protect every part of their systems all the time, while the attacker only has to find one way in. This argument oversimplifies the security landscape and the real strength that defenders can achieve if they work together...
  • Blog Post: Microsoft Security Advisory 975191 Released

    Hi Everyone, This is Alan Wallace, senior communications manager for our security response communications team. Today, Microsoft released Security Advisory 975191 , to provide customer guidance and protection from a vulnerability that could allow remote code execution on affected systems running the...
  • Blog Post: Microsoft Security Advisory 975191 Revised

    Hi Everyone, Today we updated Security Advisory 975191 as we are now seeing limited attacks. Additionally, a new proof of concept published allowing for Denial of Service (DoS) attacks on Windows XP and Windows Server 2003 with read access to the File Transfer Protocol (FTP) service. This does not...
  • Blog Post: August 2013 Security Bulletin Webcast, Q&A, and Slide Deck

    Today we’re publishing the August 2013 Security Bulletin Webcast Questions & Answers page . We fielded 13 questions on various topics during the webcast, with specific bulletin questions focusing primarily on Exchange Server ( MS13-061 ) and Windows Kernel ( MS13-063 ). There were 3 additional...
  • Blog Post: Out-of-Band Security Bulletin Webcast Q&A - March 30, 2010

    Hosts: Adrian Stone, Senior Security Program Manager Lead Jerry Bryant, Group Manager, Response Communications Website: TechNet/security Chat Topic: March 2010 Out-of-Band Security Bulletin Date: Tuesday, March 30, 2010 Q: CVE-2010-0483 , like CVE-2010-0806 , is a remote code executable...
  • Blog Post: Security Advisory 983438 Released

    Hello. Today we released Security Advisory 983438 , addressing a cross-site scripting (XSS) vulnerability in SharePoint Server 2007 and SharePoint Services 3.0 that could allow Elevation of Privilege (EoP) within the SharePoint site itself. Servers are at reduced risk from Internet Explorer 8 clients...
  • Blog Post: Windows Help Vulnerability Disclosure

    Hello, We are aware of a publicly disclosed vulnerability affecting Windows XP and Windows Server 2003. We are not aware of any current exploitation of this issue and customers running Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2, are not vulnerable to this issue, or at...
  • Blog Post: Announcing the 2013 MSRC Progress Report featuring MAPP expansions

    Over the years, our customers have come to expect a certain regularity and transparency in both our security updates and the guidance that goes with them. One regular piece of communication about our work is a yearly progress report, which provides a look into the program updates and bulletin statistics...
  • Blog Post: Out-of-Band Security Bulletin Webcast Q&A - January 21, 2010

    Hosts: Adrian Stone , Senior Security Program Manager Lead Jerry Bryant, Senior Security Communications Manager Lead Website: TechNet/security Chat Topic: January 2010 Out-of-Band Security Bulletin Date: Thursday , January 21, 2010 Q: I understand the severity for workstaitons. Is the...
  • Blog Post: September 2010 Security Bulletin Release

    Hi everyone, With this month's bulletin release, I want to highlight the great work done through our partnerships in the Microsoft Active Protections Program (MAPP). MAPP represents our commitment to community based defense and a shared sense of responsibility to help protect the computing ecosystem...
  • Blog Post: Microsoft Security Advisory 973472 Released

    Hi Everyone, This is Dave Forstrom, group manager for our security response communications team. We have just posted Microsoft Security Advisory 973472, which highlights a vulnerability in Microsoft Office Web Components. Specifically, the vulnerability exists in the Spreadsheet ActiveX control...
  • Blog Post: Community-Based Defense: Looking Outward, Moving Forward

    Two years ago, in front of a standing-room only crowd here at Black Hat, we introduced three new information sharing programs as well as the concept of Community-Based Defense. The underlying concept shared by all three programs was simple-collaboration will be key to preventing and defending against...
  • Blog Post: News from MAPP, and Advance Notification Service for the December 2011 Bulletin Release

    Hello all. Before we look at next week’s bulletin release, we’d like to point out an update to our Microsoft Active Protections Program (MAPP) that should provide customers with greater transparency as to how MAPP partners use the information we share with them when we release security advisories...
  • Blog Post: Security Advisory 2416728 Released

    Hi everyone, Today we released Security Advisory 2416728 describing a publicly disclosed vulnerability in ASP.NET that affects all versions of the .NET Framework. At this time we are not aware of any attacks using this vulnerability and we encourage customers to review the advisory for mitigations...
  • Blog Post: Microsoft Security Advisory 972890 Released

    I wanted to let you know that we have just posted Microsoft Security Advisory 972890 that discusses new, limited attacks against a Microsoft Video ActiveX Control affecting Windows XP and Windows Server 2003. Specifically, we’re aware of a code execution vulnerability within this control that can...