MSRC

  • July 2014 Security Bulletin Webcast and Q&A

    Today we published the July 2014 Security Bulletin webcast questions and answers page along with the webcast replay. We answered eight questions on air, with the majority focusing on the update for Internet Explorer . The transcript also includes a question we did not have time to answer on the air. Here is the video replay: We invite you to join us for the next scheduled webcast on Wednesday, August 13, 2014, at 11 a.m. PDT (UTC -7), when we will go into detail about the August bulletin...
  • Security Advisory 2982792 released, Certificate Trust List updated

    Today, we are updating the Certificate Trust List (CTL) for all supported releases of Microsoft Windows to remove the trust of mis-issued third-party digital certificates. These certificates could be used to spoof content and perform phishing or man-in-the-middle attacks against web properties. With this update, most customers will be automatically protected against this issue and will not need to take any action. If you do not have automatic updates enabled, or if you are on Windows Server 2003...
  • July 2014 Security Bulletin Release

    Many around the globe have been following the 2014 FIFA World Cup Brazil™ closely. Regardless of which country you are supporting, many folks have been impressed by the defensive display put on by keeper Tim Howard in a loss against Belgium. It was a great performance highlighting a strong defense – always a good thing to have, be it on the pitch or on your system. This month’s release includes six new security bulletins, addressing 29 Common Vulnerability and Exposures (CVEs...
  • Advance Notification Service for the July 2014 Security Bulletin Release

    Today, we provide advance notification for the release of six Security Bulletins. Two of these are rated Critical, three are rated as Important, and one is rated Moderate in severity. These Updates are for Microsoft Windows and Internet Explorer. This month we will also premier the new format for our Security Bulletin Webcast, scheduled on Wednesday, July 9, at 11 a.m. PDT. Registration, downloading the Live Meeting client, and dialing in to a separate number will no longer be required. You can...
  • Driving a Collectively Stronger Security Community with Microsoft Interflow

    Today, Microsoft is pleased to announce the private preview of Microsoft Interflow , a security and threat information exchange platform for analysts and researchers working in cybersecurity. Interflow uses industry specifications to create an automated, machine-readable feed of threat and security information that can be shared across industries and groups in near real-time. The goal of the platform is to help security professionals respond more quickly to threats. It will also help reduce cost...
  • Microsoft releases Security Advisory 2974294

    Today, we released Security Advisory 2974294 to inform global customers about an update for the Microsoft Malware Protection Engine. This update addresses a privately disclosed issue and fixes a vulnerability that could allow a denial of service if the Microsoft Malware Protection Engine scans a specially crafted file. Updates for the Microsoft Malware Protection Engine are sent through security advisories as there is typically no action required to install the update. This is due to the fact...
  • June 2014 Security Bulletin Webcast and Q&A

    Today we published the June 2014 Security Bulletin webcast questions and answers page along with the webcast replay. We answered six questions on air, with the majority focusing on the updates for TCP and Internet Explorer . The transcript also includes a question we did not have time to answer on the air. Here is the video replay: We invite you to join us for the next scheduled webcast on Wednesday, July 9, 2014, at 11 a.m. PDT (UTC -7), when we will go into detail about the July bulletin...
  • Theoretical Thinking and the June 2014 Bulletin Release

    As security professionals, we are trained to think in worst-case scenarios. We run through the land of the theoretical, chasing “what if” scenarios as though they are lightning bugs to be gathered and stashed in a glass jar. Most of time, this type of thinking is absolutely the correct thing for security professionals to do. We need to be prepared for when, not if, these disruptive events occur. However, every now and then, it can be productive to draw ourselves out of this hypothetical...
  • Advance Notification Service for the June 2014 Security Bulletin Release

    Today we provide advance notification for the release of seven Bulletins, two rated Critical and five rated Important in severity. These Updates are for Microsoft Windows, Microsoft Office and Internet Explorer. The Update for Internet Explorer addresses CVE-2014-1770 , which we have not seen used in any active attacks. Also, in case you missed it, last month we released Security Advisory 2871997 to further enhance credentials management and protections on Windows 7, Windows 8, Windows Server...
  • Meet myBulletins: an online security bulletin customization service

    Microsoft is committed to promoting a safer, more trusted Internet and providing monthly security updates is one of the ways our customers keep their devices and connections to the Internet more secure. Packaging updates together into a monthly bulletin cycle stems from customer feedback and offers a predictable way to help protect them against newly discovered threats. Today, we are excited to introduce myBulletins , a new online security bulletin customization service. We’ve also created...