MSRC

  • May 2014 Security Bulletin Webcast and Q&A

    Today we published the May 2014 Security Bulletin Webcast Questions & Answers page . We answered 17 questions in total, with the majority focusing on the update for SharePoint ( MS14-022 ), Group Policy ( MS14-025 ) and Internet Explorer ( MS14-029 ). Here is the video replay: We invite you to join us for the next scheduled webcast on Wednesday, June 11, 2014, at 11 a.m. PDT (UTC -7), when we will go into detail about the June bulletin release and answer your bulletin deployment questions...
  • The May 2014 Security Updates

    Today, we released eight security bulletins – two rated Critical and six rated Important – to address 13 Common Vulnerability & Exposures (CVEs) in .NET Framework, Office, SharePoint, Internet Explorer, and Windows. We encourage you to apply all of these updates, but for those who need to prioritize their deployment planning, we recommend focusing on MS14-024 , MS14-025 and MS14-029 . We also have some new security advisories releasing today. Security Advisory 2871997 provides...
  • Advance Notification Service for the May 2014 Security Bulletin Release

    Today we provide Advance Notification Service (ANS) for the release of eight bulletins, two rated Critical and six rated Important in severity. These updates will address vulnerabilities for .NET Framework, Office, Internet Explorer, and Windows. As we do every month, we’ve scheduled the security bulletin release for the second Tuesday of the month, May 13, 2014, at approximately 10:00 a.m. PDT. Revisit this blog then for deployment guidance and further analysis together with a brief video...
  • Security Update Released to Address Recent Internet Explorer Vulnerability

    Today, we released a security update to address the Internet Explorer (IE) vulnerability first described in Security Advisory 2963983 . This security update addresses every version of Internet Explorer. While we’ve seen only a limited number of targeted attacks, customers are advised to install this update promptly. The majority of our customers have automatic updates enabled and so will not need to take any action as protections will be downloaded and installed automatically. If you’re...
  • Out-of-Band Release to Address Microsoft Security Advisory 2963983

    At approximately 10 a.m. PDT, we will release an out-of-band security update to address the issue affecting Internet Explorer (IE) that was first discussed in Security Advisory 2963983. This update is fully tested and ready for release for all affected versions of the browser. The majority of customers have automatic updates enabled and will not need to take any action because protections will be downloaded and installed automatically. If you’re unsure if you have automatic updates, or you...
  • Microsoft releases Security Advisory 2963983

    Today, we released Security Advisory 2963983 regarding an issue that impacts Internet Explorer. At this time, we are only aware of limited, targeted attacks. This issue allows remote code execution if users visit a malicious website with an affected browser. This would typically occur by an attacker convincing someone to click a link in an email or instant message. Our initial investigation has revealed that Enhanced Protected Mode, on by default for the modern browsing experience in Internet...
  • April 2014 Security Bulletin Webcast and Q&A

    Today we published the April 2013 Security Bulletin Webcast Questions & Answers page . We answered 13 questions in total, with the majority focusing on the update for Internet Explorer ( MS14-018 ) and the Windows 8.1 Update ( KB2919355 ). Two questions that were not answered on air have been included on the Q&A page. Here is the video replay. For those of you following the ongoing investigation around the industry-wide issue known as “Heartbleed,” please refer to this...
  • The April 2014 Security Updates

    T. S. Elliot once said, “What we call the beginning is often the end. And to make an end is to make a beginning. The end is where we start from.” So as we put one season to bed, let’s start another by looking at the April security updates . Today, we release four bulletins to address 11 CVEs in Microsoft Windows, Internet Explorer and Microsoft Office. The update for Microsoft Word addresses the issues described in Microsoft Security Advisory 2953095 . For those who prioritize,...
  • Advance Notification Service for the April 2014 Security Bulletin Release

    Today we provide advance notification for the release of four bulletins, two rated Critical and two rated Important in severity. These updates address issues in Microsoft Windows, Office and Internet Explorer. The update provided through MS14-017 fully addresses the Microsoft Word issue first described in Security Advisory 2953095 . This advisory also included a Fix it to disable opening rich-text format (RTF) files within Microsoft Word. Once the security update is applied, you should disable...
  • The Next Leap Forward in Cyber Defense: Taking Action to Help Defeat Adversaries

    It is often said that attackers have an advantage, because the defenders have to protect every part of their systems all the time, while the attacker only has to find one way in. This argument oversimplifies the security landscape and the real strength that defenders can achieve if they work together. While it’s true that it is difficult to defend against an adversary that targets a single victim, this isn’t the way most malicious actors work. It is easier and cheaper for malicious...