Microsoft Security Response Center

The Microsoft Security Response Center (MSRC) identifies, monitors, responds to and resolves security incidents and vulnerabilities in Microsoft software.

Microsoft Security Response Center

  • February 2015 Updates

    Today, as part of Update Tuesday, we released nine security bulletins – three rated Critical and six rated Important in severity, to address 56 unique Common Vulnerabilities and Exposures (CVEs) in ....

  • Advance Notification Service for the November 2014 Security Bulletin Release

    Today, we provide advance notification for the release of 16 Security Bulletins. Five of these updates are rated Critical, nine are rated as Important, and two are rated Moderate in severity. These updates are for Microsoft Windows, Internet Explorer, Office, Exchange, .NET Framework, Internet Information Services (IIS), Remote Desktop Protocol (RDP), Active Directory Federation Services (ADFS), Input Method Editor (IME) (Japanese), and Kernel Mode Driver (KMD). As per our monthly process, we've...
  • March 2015 Updates

    Today, as part of Update Tuesday, we released 14 security bulletins to address vulnerabilities in Microsoft Windows, Microsoft Office, Microsoft Exchange, and Internet Explorer ....

  • Security Advisory 3010060 released

    Today, we released Security Advisory 3010060 to provide additional protections regarding limited, targeted attacks directed at Microsoft Windows customers. A cyberattacker could cause remote code execution if someone is tricked into opening a maliciously-crafted PowerPoint document that contains an infected Object Linking and Embedding (OLE) file. As part of this Security Advisory, we have included an easy, one-click Fix it solution to address the known cyberattack. Please review the "Suggested...
  • October 2014 Updates

    Today, as part of Update Tuesday, we released eight security updates – three rated Critical and five rated Important - to address 24 Common Vulnerabilities & Exposures (CVEs) in Windows, Office, .NET Framework, .ASP.NET, and Internet Explorer (IE). We encourage you to apply all of these updates, but for those who need to prioritize deployment planning, we recommend focusing on the Critical updates first. Here’s an overview slide and video of the security updates released today...
  • Security Advisory 3046015 released

    Today, we released Security Advisory 3046015 to provide guidance to customers in response to the SSL/TLS issue referred to by researchers as “FREAK” (Factoring attack on RSA-EXPORT Keys).

    Our investigation continues and we’ll take the necessary steps to protect our customers.

    MSRC Team

  • April 2015 Updates

    Today, as part of Update Tuesday, we released 11 security bulletins ....

  • Microsoft releases Security Advisory 2963983

    Today, we released Security Advisory 2963983 regarding an issue that impacts Internet Explorer. At this time, we are only aware of limited, targeted attacks. This issue allows remote code execution if users visit a malicious website with an affected browser. This would typically occur by an attacker convincing someone to click a link in an email or instant message. Our initial investigation has revealed that Enhanced Protected Mode, on by default for the modern browsing experience in Internet...
  • Microsoft Bounty Programs Expansion – Azure and Project Spartan

    I am excited to announce significant expansions to the Microsoft Bounty Programs.  We are evolving the 'Online Services Bug Bounty, launching a new bounty for Project Spartan, and updating the Mitigation Bypass Bounty ....

  • Advance Notification Service for the October 2014 Security Bulletin Release

    Today, we provide advance notification for the release of nine Security Bulletins. Three of these updates are rated Critical, five are rated as Important, and one is rated Moderate in severity. These updates are for Microsoft Windows, Internet Explorer,  Office, .NET Framework, and ASP.NET...