Browse by Tags

Related Posts
  • Blog Post: The Next Leap Forward in Cyber Defense: Taking Action to Help Defeat Adversaries

    It is often said that attackers have an advantage, because the defenders have to protect every part of their systems all the time, while the attacker only has to find one way in. This argument oversimplifies the security landscape and the real strength that defenders can achieve if they work together...
  • Blog Post: October 2009 Security Bulletin Release

    Summary of Microsoft’s Security Bulletin Release for October 2009 This month, we released 13 new bulletins which address 33 vulnerabilities in Windows, Internet Explorer and Microsoft Office. Since we published this information in our advance notification (ANS) last Thursday, we have been asked “is this...
  • Blog Post: January 2010 Security Bulletin Release

    Summary of Microsoft’s Security Bulletin Release for January 2010 Hi Everyone, We hope that 2010 is off to a good start for you. For our first bulletin release of the New Year, we have one Critical bulletin affecting all versions of Windows. The bulletin, MS10-001 , addresses one vulnerability in the...
  • Blog Post: New Reports of a Vulnerability in IIS

    Hi everyone, On Dec. 23 we were made aware of a new claim of a vulnerability in Internet Information Services (IIS). We are still investigating this issue and are not aware of any active attacks but wanted to let customers know that our initial assessment shows that the IIS web server must be in a non...
  • Blog Post: Guidance on Internet Explorer XSS Filter

    The XSS Filter related Blackhat EU presentation discussed a vulnerability that was previously disclosed and addressed in the January security update to Internet Explorer ( MS10-002 ). This attack scenario involved modified HTTP responses, enabling XSS on sites that would not otherwise be vulnerable....
  • Blog Post: November 2009 Security Bulletin Release

    Summary of Microsoft’s Security Bulletin Release for November 2009 Today, we released six security bulletins addressing a total of 15 vulnerabilities. Four affect Windows and Windows Server and two affect Microsoft Office products (Excel and Word). As we do every month, we have prepared our Risk &...
  • Blog Post: Update on MS10-025

    I wanted to give customers an update on the status of MS10-025 . First, I want to reiterate that this issue affects only Windows 2000 Servers in a non-default configuration: Windows Media Services needs to be installed. Customers who do not have Windows Media Services installed are not affected and were...
  • Blog Post: Security Advisory 979352 – Going out of Band

    We wanted to provide a quick update on the threat landscape and announce that we will release a security update out-of-band to help protect customers from this vulnerability. Based on our comprehensive monitoring of the threat landscape we continue to see very limited, and in some cases, targeted...
  • Blog Post: August 2009 Bulletin Release

    Summary of Microsoft’s Security Bulletin Release for August 2009 Hi everyone, This month, we released nine security bulletins. Five of those are rated Critical and four have an aggregate severity rating of Important. Of the nine updates, eight affect Windows and the last one affects Office Web Components...
  • Blog Post: Security Advisory 983438 Released

    Hello. Today we released Security Advisory 983438 , addressing a cross-site scripting (XSS) vulnerability in SharePoint Server 2007 and SharePoint Services 3.0 that could allow Elevation of Privilege (EoP) within the SharePoint site itself. Servers are at reduced risk from Internet Explorer 8 clients...
  • Blog Post: June 2010 Security Bulletin Release

    Hi everyone, Today, as part of our regular monthly security bulletin release cycle, we released 10 bulletins to address 34 total vulnerabilities in Windows, Microsoft Office (including SharePoint), Internet Explorer (IE), Internet Information Services (IIS), and the .NET Framework. Only three of these...
  • Blog Post: MS10-025 Security Update to be Re-released

    Hi, MS10-025 is a security update that only affects Windows 2000 Server customers who have installed Windows Media Services (this is a non-default configuration). Today we pulled the update because we found it does not address the underlying issue effectively. We are not aware of any active attacks...
  • Blog Post: Omphaloskepsis and the December 2013 Security Update Release

    There are times when we get too close to a topic. We familiarize ourselves with every aspect and nuance, but fail to recognize not everyone else has done the same. Whether you consider this myopia, navel-gazing, or human nature, the effect is the same. I recognized this during the recent webcast when...
  • Blog Post: Announcing the Microsoft Security Update Guide, Second Edition

    Hi all -- We're pleased to announce the release of the new Microsoft Security Update Guide, Second Edition . Fully revised and updated from the first edition, which was released in 2009, this edition focuses on best practices for prioritizing and testing security updates before deployment within your...