MSRC

  • The March 2014 Security Updates

    This month we release five bulletins to address 23 unique CVEs in Microsoft Windows, Internet Explorer and Silverlight. If you need to prioritize, the update for Internet Explorer addresses the issue first described in Security Advisory 2934088 , so it should be at the top of your list. While that update does warrant your attention, I want to also call out another impactful update. MS14-014 provides an update to address a security feature bypass in Silverlight. The issue wasn’t publicly...
  • Announcing the Enhanced Mitigation Experience Toolkit (EMET) 5.0 Technical Preview

    I’m here at the Moscone Center, San Francisco, California, attending the annual RSA Conference USA 2014 . There’s a great crowd here and many valuable discussions. Our Microsoft Security Response Center (MSRC) engineering teams have been working hard on the next version of EMET, which helps customers increase the effort attackers must make to compromise a computer system. I’m happy to announce the public release of the EMET 5.0 Technical Preview today from the RSA exhibit hall...
  • April 2014 Security Bulletin Webcast and Q&A

    Today we published the April 2013 Security Bulletin Webcast Questions & Answers page . We answered 13 questions in total, with the majority focusing on the update for Internet Explorer ( MS14-018 ) and the Windows 8.1 Update ( KB2919355 ). Two questions that were not answered on air have been included on the Q&A page. Here is the video replay. For those of you following the ongoing investigation around the industry-wide issue known as “Heartbleed,” please refer to this...
  • The May 2014 Security Updates

    Today, we released eight security bulletins – two rated Critical and six rated Important – to address 13 Common Vulnerability & Exposures (CVEs) in .NET Framework, Office, SharePoint, Internet Explorer, and Windows. We encourage you to apply all of these updates, but for those who need to prioritize their deployment planning, we recommend focusing on MS14-024 , MS14-025 and MS14-029 . We also have some new security advisories releasing today. Security Advisory 2871997 provides...
  • The Next Leap Forward in Cyber Defense: Taking Action to Help Defeat Adversaries

    It is often said that attackers have an advantage, because the defenders have to protect every part of their systems all the time, while the attacker only has to find one way in. This argument oversimplifies the security landscape and the real strength that defenders can achieve if they work together. While it’s true that it is difficult to defend against an adversary that targets a single victim, this isn’t the way most malicious actors work. It is easier and cheaper for malicious...
  • Advance Notification Service for the May 2014 Security Bulletin Release

    Today we provide Advance Notification Service (ANS) for the release of eight bulletins, two rated Critical and six rated Important in severity. These updates will address vulnerabilities for .NET Framework, Office, Internet Explorer, and Windows. As we do every month, we’ve scheduled the security bulletin release for the second Tuesday of the month, May 13, 2014, at approximately 10:00 a.m. PDT. Revisit this blog then for deployment guidance and further analysis together with a brief video...
  • Security Advisory 3009008 revised

    Today, we revised Security Advisory 3009008 to provide an easy, one-click Fix it for customers to disable SSL 3.0 in all supported versions of Internet Explorer (IE). We are committed to helping protect our customers and providing the best possible encryption to protect their data. To do this, we’re working to disable fallback to SSL 3.0 in IE, and disable SSL 3.0 by default in IE, and across Microsoft online services, over the coming months. Millions of people and thousands of organizations...
  • March 2014 Security Bulletin Webcast and Q&A

    Today we published the March 2014 Security Bulletin Webcast Questions & Answers page . We answered eight questions in total, with the majority focusing on the updates for Windows ( MS14-016 ) and Internet Explorer ( MS14-012 ). One question that was not answered on air has been included on the Q&A page. Here is the video replay. We invite you to join us for the next scheduled webcast on Wednesday, April 9, 2014, at 11 a.m. PDT (UTC -7), when we will go into detail about the April...
  • Microsoft Releases Security Advisory 2934088

    Today, we released Security Advisory 2934088 regarding an issue that impacts Internet Explorer 9 and 10. Internet Explorer 6, 7, 8 and 11 are not affected. At this time, we are only aware of limited, targeted attacks against Internet Explorer 10. This issue allows remote code execution if users browse to a malicious website with an affected browser. This would typically occur by an attacker convincing someone to click a link in an email or instant message. As part of the security advisory, we...
  • Security Bulletin MS14-045 rereleased

    Every month for many years, we’ve released a number of updates focused on the continuous improvement of customers’ experiences with our technology. Historically, these updates happened at different times during the month, with the security-specific ones occurring on the second Tuesday of each month. Recently, to further streamline, we decided to include more of our non-security updates together with our security updates and begin the global release to customers on the second Tuesday of each month...