Browse by Tags

Related Posts
  • Blog Post: August 2014 Security Updates

    Today, as part of Update Tuesday, we released nine security updates – two rated Critical and seven rated Important – to address 37 Common Vulnerabilities & Exposures (CVEs) in SQL Server, OneNote, SharePoint, .NET, Windows and Internet Explorer (IE). We encourage you to apply all of these...
  • Blog Post: Theoretical Thinking and the June 2014 Bulletin Release

    As security professionals, we are trained to think in worst-case scenarios. We run through the land of the theoretical, chasing “what if” scenarios as though they are lightning bugs to be gathered and stashed in a glass jar. Most of time, this type of thinking is absolutely the correct thing...
  • Blog Post: Security Update Released to Address Recent Internet Explorer Vulnerability

    Today, we released a security update to address the Internet Explorer (IE) vulnerability first described in Security Advisory 2963983 . This security update addresses every version of Internet Explorer. While we’ve seen only a limited number of targeted attacks, customers are advised to install...
  • Blog Post: The March 2014 Security Updates

    This month we release five bulletins to address 23 unique CVEs in Microsoft Windows, Internet Explorer and Silverlight. If you need to prioritize, the update for Internet Explorer addresses the issue first described in Security Advisory 2934088 , so it should be at the top of your list. While that update...
  • Blog Post: Safer Internet Day 2014 and Our February 2014 Security Updates

    In addition to today being the security update release , February 11 is officially Safer Internet Day for 2014. This year, we’re asking folks to Do 1 Thing to stay safer online. While you may expect my “Do 1 Thing” recommendation would be to apply security updates, I’m guessing...
  • Blog Post: Update (2/10) - Advance Notification Service for February 2014 Security Bulletin Release

    Update as of February 10, 2014 We are adding two updates to the February release. There will be Critical-rated updates for Internet Explorer and VBScript in addition to the previously announced updates scheduled for release on February 11, 2014. These updates have completed testing and will be included...
  • Blog Post: Advance Notification Service for the January 2014 Security Bulletin Release

    Today we provide advance notification for the release of four bulletins for January 2014. All bulletins this month are rated Important in severity and address vulnerabilities in Microsoft Windows, Office, and Dynamics AX. The update provided in MS14-002 fully addresses the issue first described in Security...
  • Blog Post: May 2013 Security Bulletin Webcast, Q&A, and Slide Deck

    For those who couldn’t attend the live webcast, today we’re publishing the May 2013 Security Bulletin Webcast Questions & Answers page . We fielded 13 questions on various topics during the webcast, with specific bulletin questions focusing primarily on Internet Explorer ( MS13-037 and...
  • Blog Post: MS13-008 Released for Security Advisory 2794220

    Today, we released MS13-008 to address the issue described in Security Advisory 2794220 . We’ve seen only a limited number of attacks through an issue in Internet Explorer 6-8, but the potential exists that more customers could be affected. The majority of customers have automatic updates enabled...
  • Blog Post: January 2013 Out-of-Band Security Bulletin Webcast, Q&A, and Slide Deck

    Today we’re publishing the January 2013 Out-of-Band Security Bulletin Webcast Questions & Answers page . During the webcast, we fielded 17 questions focusing on Security Update MS13-088 , and SecurityAdvisory 2794220 which was deprecated by this update release. All questions and answers are...
  • Blog Post: 10 years of Update Tuesdays

    On October 1, 2003, Microsoft announced it would move to a monthly security bulletin cadence. Today, marks 10 years since that first monthly security update . We looked at many ways to improve our security preparedness and patch timing was the number one customer request. Your feedback was clear and...
  • Blog Post: Advance Notification Service for the May 2013 Security Bulletin Release

    Today we’re providing Advance Notification of 10 bulletins for release on Tuesday, May 14, 2013. This release brings two Critical and eight Important-class bulletins, which address 33 unique vulnerabilities. The Critical-rated bulletins address issues in Microsoft Windows and Internet Explorer...
  • Blog Post: August 2012 Security Bulletin Webcast, Q&A, and Slide Deck

    Hello. Today we’re publishing the August 2012 Security Bulletin Webcast Questions & Answers page . During the webcast, we fielded twelve questions focusing primarily on MS12-060 covering Windows Common Controls, MS12-052 regarding Internet Explorer, and Security Advisory 2661254 addressing...
  • Blog Post: August 2013 Security Bulletin Webcast, Q&A, and Slide Deck

    Today we’re publishing the August 2013 Security Bulletin Webcast Questions & Answers page . We fielded 13 questions on various topics during the webcast, with specific bulletin questions focusing primarily on Exchange Server ( MS13-061 ) and Windows Kernel ( MS13-063 ). There were 3 additional...
  • Blog Post: October 2013 Security Bulletin Webcast, Q&A, and Slide Deck

    Today we’re publishing the October 2013 Security Bulletin Webcast Questions & Answers page . We fielded 11 questions during the webcast, with specific bulletin questions focusing primarily on the SharePoint ( MS13-084 ) and Kernel-Mode Drivers ( MS13-081 ) bulletins. There was one additional...
  • Blog Post: September 2012 Out-of-Band Security Bulletin Webcast, Q&A, and Slide Deck

    Hello. Today we’re publishing the September 2012 Security Bulletin Out-of-Band Webcast Questions & Answers page . During the webcast, we fielded 19 questions. Those were focused on MS12-063 , the out-of-band cumulative release for Internet Explorer, and Security Advisory 2755801 , which...
  • Blog Post: June 2013 Security Bulletin Webcast, Q&A, and Slide Deck

    Today we’re publishing the June 2013 Security Bulletin Webcast Questions & Answers page . We fielded three questions during the webcast, with specific questions focusing primarily on Windows Print Spooler ( MS13-050 ), Microsoft Office ( MS13-051 ), and the security advisory addressing digital...
  • Blog Post: Leaving Las Vegas and the August 2013 security updates

    Two weeks ago I, along with 7,500 of my closest friends, attended the Black Hat security conference in Las Vegas, NV. I can’t speak for everyone, but I certainly had a great – if not exhausting – time while there. While there were a lot of great talks, a personal highlight for me each...
  • Blog Post: Advance Notification Service for the January 2013 Security Bulletin Release

    On behalf of all of us here at Microsoft, I’d like to wish everyone a very happy New Year! With 2013 starting on a Tuesday, our monthly bulletin release is upon us a bit earlier than usual. Next Tuesday we’ll release seven bulletins; two Critical and five Important, which address 12 vulnerabilities...
  • Blog Post: Advance Notification Service for October 2013 Security Bulletin Release

    Today we’re providing advance notification for the release of eight bulletins, four Critical and four Important, for October 2013. The Critical updates address vulnerabilities in Internet Explorer, .NET Framework and Windows. The Critical update for Internet Explorer will be a cumulative update...
  • Blog Post: Microsoft security updates and the Common Vulnerability Reporting Framework

    As a part of the Industry Consortium for Advancement of Security on the Internet (ICASI), Microsoft is pleased to present an initial set of monthly security updates – originally released on May 8 – in the consortium’s newly established Common Vulnerability Reporting Framework (CVRF...
  • Blog Post: A new policy for store apps and the July 2013 security updates

    There are those I’ve met who think my life is something akin to the classic comedy Groundhog Day. No, I don’t wake up to the musical stylings of Sonny and Cher each morning, but month after month after month, the second Tuesday rolls around and I’m involved in releasing security updates...
  • Blog Post: Improved cryptography infrastructure and the June 2013 bulletins

    It was just over one year ago, May 28, 2012, to be exact, that I transitioned from running active MSRC cases and writing bulletins to my current role managing software security incidents. A lot has changed in that year - and I’ve dealt with some interesting issues during my tenure - but our goal...
  • Blog Post: April 2012 Security Bulletin Webcast and Q&A

    Hello, Today we published the April Security Bulletin Webcast Questions & Answers page , and the slide deck presented in the webcast. We fielded 15 questions on various topics during the webcast, including bulletins released, deployment tools, and update detection tools. We invite our customers...
  • Blog Post: The October 2013 security updates

    This month we release eight bulletins – four Critical and four Important - which address 25* unique CVEs in Microsoft Windows, Internet Explorer, SharePoint, .NET Framework, Office, and Silverlight. For those who need to prioritize their deployment planning, we recommend focusing on MS13-080, MS13...