Browse by Tags

Related Posts
  • Blog Post: The March 2014 Security Updates

    This month we release five bulletins to address 23 unique CVEs in Microsoft Windows, Internet Explorer and Silverlight. If you need to prioritize, the update for Internet Explorer addresses the issue first described in Security Advisory 2934088 , so it should be at the top of your list. While that update...
  • Blog Post: Safer Internet Day 2014 and Our February 2014 Security Updates

    In addition to today being the security update release , February 11 is officially Safer Internet Day for 2014. This year, we’re asking folks to Do 1 Thing to stay safer online. While you may expect my “Do 1 Thing” recommendation would be to apply security updates, I’m guessing...
  • Blog Post: Update (2/10) - Advance Notification Service for February 2014 Security Bulletin Release

    Update as of February 10, 2014 We are adding two updates to the February release. There will be Critical-rated updates for Internet Explorer and VBScript in addition to the previously announced updates scheduled for release on February 11, 2014. These updates have completed testing and will be included...
  • Blog Post: Advance Notification Service for the January 2014 Security Bulletin Release

    Today we provide advance notification for the release of four bulletins for January 2014. All bulletins this month are rated Important in severity and address vulnerabilities in Microsoft Windows, Office, and Dynamics AX. The update provided in MS14-002 fully addresses the issue first described in Security...
  • Blog Post: May 2013 Security Bulletin Webcast, Q&A, and Slide Deck

    For those who couldn’t attend the live webcast, today we’re publishing the May 2013 Security Bulletin Webcast Questions & Answers page . We fielded 13 questions on various topics during the webcast, with specific bulletin questions focusing primarily on Internet Explorer ( MS13-037 and...
  • Blog Post: MS13-008 Released for Security Advisory 2794220

    Today, we released MS13-008 to address the issue described in Security Advisory 2794220 . We’ve seen only a limited number of attacks through an issue in Internet Explorer 6-8, but the potential exists that more customers could be affected. The majority of customers have automatic updates enabled...
  • Blog Post: January 2013 Out-of-Band Security Bulletin Webcast, Q&A, and Slide Deck

    Today we’re publishing the January 2013 Out-of-Band Security Bulletin Webcast Questions & Answers page . During the webcast, we fielded 17 questions focusing on Security Update MS13-088 , and SecurityAdvisory 2794220 which was deprecated by this update release. All questions and answers are...
  • Blog Post: 10 years of Update Tuesdays

    On October 1, 2003, Microsoft announced it would move to a monthly security bulletin cadence. Today, marks 10 years since that first monthly security update . We looked at many ways to improve our security preparedness and patch timing was the number one customer request. Your feedback was clear and...
  • Blog Post: Advance Notification Service for the May 2013 Security Bulletin Release

    Today we’re providing Advance Notification of 10 bulletins for release on Tuesday, May 14, 2013. This release brings two Critical and eight Important-class bulletins, which address 33 unique vulnerabilities. The Critical-rated bulletins address issues in Microsoft Windows and Internet Explorer...
  • Blog Post: August 2012 Security Bulletin Webcast, Q&A, and Slide Deck

    Hello. Today we’re publishing the August 2012 Security Bulletin Webcast Questions & Answers page . During the webcast, we fielded twelve questions focusing primarily on MS12-060 covering Windows Common Controls, MS12-052 regarding Internet Explorer, and Security Advisory 2661254 addressing...
  • Blog Post: Update Tuesday overview for September 2012

    As I previously mentioned in the Advance Notification blog on Thursday, today we are releasing two security bulletins, both of which are rated Important. These bulletins will increase protection by addressing two unique vulnerabilities in the following Microsoft products: MS12-061 (Visual Studio...
  • Blog Post: July 2013 Security Bulletin Webcast, Q&A, and Slide Deck

    Today we’re publishing the July 2013 Security Bulletin Webcast Questions & Answers page . During the webcast, we fielded 10 questions covering all updates. All questions are included on the Q&A page. We invite our customers to join us for the next scheduled webcast on Wednesday, August...
  • Blog Post: Microsoft security updates and the Common Vulnerability Reporting Framework

    As a part of the Industry Consortium for Advancement of Security on the Internet (ICASI), Microsoft is pleased to present an initial set of monthly security updates – originally released on May 8 – in the consortium’s newly established Common Vulnerability Reporting Framework (CVRF...
  • Blog Post: Improved cryptography infrastructure and the June 2013 bulletins

    It was just over one year ago, May 28, 2012, to be exact, that I transitioned from running active MSRC cases and writing bulletins to my current role managing software security incidents. A lot has changed in that year - and I’ve dealt with some interesting issues during my tenure - but our goal...
  • Blog Post: April 2012 Security Bulletin Webcast and Q&A

    Hello, Today we published the April Security Bulletin Webcast Questions & Answers page , and the slide deck presented in the webcast. We fielded 15 questions on various topics during the webcast, including bulletins released, deployment tools, and update detection tools. We invite our customers...
  • Blog Post: The October 2013 security updates

    This month we release eight bulletins – four Critical and four Important - which address 25* unique CVEs in Microsoft Windows, Internet Explorer, SharePoint, .NET Framework, Office, and Silverlight. For those who need to prioritize their deployment planning, we recommend focusing on MS13-080, MS13...
  • Blog Post: December 2012 Security Bulletin Webcast, Q&A, and Slide Deck

    Hello, Today we’re publishing the December 2012 Security Bulletin Webcast Questions & Answers page . During the webcast, we fielded five questions focusing primarily on Microsoft Word and the Office compatibility pack in MS12-079 . All questions are included on the Q&A page. We invite...
  • Blog Post: January 2013 Security Bulletin Webcast, Q&A, and Slide Deck

    Today we’re publishing the January2013 Security Bulletin Webcast Questions & Answers page . During the webcast, we fielded 12 questions focusing primarily on the Print Spooler ( MS12-001 ) and .NET Framework ( MS13-004 ) updates. All questions are included on the Q&A page. We invite...
  • Blog Post: March 2013 Security Bulletin Webcast, Q&A, and Slide Deck

    Today we’re publishing the March 2013 Security Bulletin Webcast Questions & Answers page . We fielded 13 questions on various topics during the webcast, with specific bulletin questions focusing primarily on Internet Explorer ( MS13-021 ), SharePoint ( MS13-024 ) and the update for Kernel-Mode...
  • Blog Post: Bulletin Management Process and the May 2012 Bulletins

    Hello, Have you ever wondered why bulletins group particular issues together? Or one set of products and not another? Well today Jonathan Ness has posted an insightful Security Research & Defense (SRD) blog discussing some of the nuances and packaging decisions that went into MS12-034. This is...
  • Blog Post: MBSA 2.3 and the November 2013 Security Bulletin Webcast, Q&A, and Slide Deck

    Today we’re publishing the November 2013 Security Bulletin Webcast Questions & Answers page . The majority of questions focused on the ActiveX Kill Bits bulletin ( MS13-090 ) and the advisories. We also answered a few general questions that were not specific to any of this month’s updates...
  • Blog Post: It’s That Time of Year, For the December 2012 Bulletin Release

    Happy holidays! I hope everyone is enjoying the festive season. I like to get my holiday shopping done early, and this year was no exception. In the middle of my holiday shopping last week, as I passed my cash from one store to the next, I was reminded of “Pass-the-Hash.” (My mind does tend...
  • Blog Post: Advance Notification Service for December 2013 Security Bulletin Release

    Today we’re providing advance notification for the release of 11 bulletins, five Critical and six Important, for December 2013. The Critical updates address vulnerabilities in Internet Explorer, Windows, Microsoft Exchange and GDI+. The Critical update for GDI+ fully addresses the publicly disclosed...
  • Blog Post: June 2013 Security Bulletin Webcast, Q&A, and Slide Deck

    Today we’re publishing the June 2013 Security Bulletin Webcast Questions & Answers page . We fielded three questions during the webcast, with specific questions focusing primarily on Windows Print Spooler ( MS13-050 ), Microsoft Office ( MS13-051 ), and the security advisory addressing digital...
  • Blog Post: Leaving Las Vegas and the August 2013 security updates

    Two weeks ago I, along with 7,500 of my closest friends, attended the Black Hat security conference in Las Vegas, NV. I can’t speak for everyone, but I certainly had a great – if not exhausting – time while there. While there were a lot of great talks, a personal highlight for me each...