Microsoft Security Response Center
The Microsoft Security Response Center (MSRC) identifies, monitors, responds to and resolves security incidents and vulnerabilities in Microsoft software.
Advance Notification Service
Coordinated Vulnerability Disclosure
Internet Explorer (IE)
Internet Explorer IE)
Malicious Software (Malware)
Malicious Software Removal Tool (MSRT)
Malware Protection Engine
Microsoft Active Protections Program (MAPP)
Microsoft Server Software
monthly bulletin release
MSRC Progress Report
security bulletin release
Security Bulletin Webcast
Security Development Lifecycle (SDL)
Security Update Webcast
Security Update Webcast Q & A
Browse by Tags
Microsoft Security Response Center
The Next Leap Forward in Cyber Defense: Taking Action to Help Defeat Adversaries
It is often said that attackers have an advantage, because the defenders have to protect every part of their systems all the time, while the attacker only has to find one way in. This argument oversimplifies the security landscape and the real strength that defenders can achieve if they work together...
2 Apr 2014
October 2009 Security Bulletin Release
Summary of Microsoft’s Security Bulletin Release for October 2009 This month, we released 13 new bulletins which address 33 vulnerabilities in Windows, Internet Explorer and Microsoft Office. Since we published this information in our advance notification (ANS) last Thursday, we have been asked “is this...
13 Oct 2009
January 2010 Security Bulletin Release
Summary of Microsoft’s Security Bulletin Release for January 2010 Hi Everyone, We hope that 2010 is off to a good start for you. For our first bulletin release of the New Year, we have one Critical bulletin affecting all versions of Windows. The bulletin, MS10-001 , addresses one vulnerability in the...
12 Jan 2010
New Reports of a Vulnerability in IIS
Hi everyone, On Dec. 23 we were made aware of a new claim of a vulnerability in Internet Information Services (IIS). We are still investigating this issue and are not aware of any active attacks but wanted to let customers know that our initial assessment shows that the IIS web server must be in a non...
28 Dec 2009
Guidance on Internet Explorer XSS Filter
The XSS Filter related Blackhat EU presentation discussed a vulnerability that was previously disclosed and addressed in the January security update to Internet Explorer ( MS10-002 ). This attack scenario involved modified HTTP responses, enabling XSS on sites that would not otherwise be vulnerable....
20 Apr 2010
November 2009 Security Bulletin Release
Summary of Microsoft’s Security Bulletin Release for November 2009 Today, we released six security bulletins addressing a total of 15 vulnerabilities. Four affect Windows and Windows Server and two affect Microsoft Office products (Excel and Word). As we do every month, we have prepared our Risk &...
10 Nov 2009
Update on MS10-025
I wanted to give customers an update on the status of MS10-025 . First, I want to reiterate that this issue affects only Windows 2000 Servers in a non-default configuration: Windows Media Services needs to be installed. Customers who do not have Windows Media Services installed are not affected and were...
23 Apr 2010
Security Advisory 979352 – Going out of Band
We wanted to provide a quick update on the threat landscape and announce that we will release a security update out-of-band to help protect customers from this vulnerability. Based on our comprehensive monitoring of the threat landscape we continue to see very limited, and in some cases, targeted...
19 Jan 2010
August 2009 Bulletin Release
Summary of Microsoft’s Security Bulletin Release for August 2009 Hi everyone, This month, we released nine security bulletins. Five of those are rated Critical and four have an aggregate severity rating of Important. Of the nine updates, eight affect Windows and the last one affects Office Web Components...
11 Aug 2009
Security Advisory 983438 Released
Hello. Today we released Security Advisory 983438 , addressing a cross-site scripting (XSS) vulnerability in SharePoint Server 2007 and SharePoint Services 3.0 that could allow Elevation of Privilege (EoP) within the SharePoint site itself. Servers are at reduced risk from Internet Explorer 8 clients...
29 Apr 2010
June 2010 Security Bulletin Release
Hi everyone, Today, as part of our regular monthly security bulletin release cycle, we released 10 bulletins to address 34 total vulnerabilities in Windows, Microsoft Office (including SharePoint), Internet Explorer (IE), Internet Information Services (IIS), and the .NET Framework. Only three of these...
8 Jun 2010
MS10-025 Security Update to be Re-released
Hi, MS10-025 is a security update that only affects Windows 2000 Server customers who have installed Windows Media Services (this is a non-default configuration). Today we pulled the update because we found it does not address the underlying issue effectively. We are not aware of any active attacks...
21 Apr 2010
Omphaloskepsis and the December 2013 Security Update Release
Dustin C. Childs
There are times when we get too close to a topic. We familiarize ourselves with every aspect and nuance, but fail to recognize not everyone else has done the same. Whether you consider this myopia, navel-gazing, or human nature, the effect is the same. I recognized this during the recent webcast when...
10 Dec 2013
Announcing the Microsoft Security Update Guide, Second Edition
Hi all -- We're pleased to announce the release of the new Microsoft Security Update Guide, Second Edition . Fully revised and updated from the first edition, which was released in 2009, this edition focuses on best practices for prioritizing and testing security updates before deployment within your...
4 Apr 2011
© 2015 Microsoft Corporation.
Privacy & Cookies