MSRC

  • The Next Leap Forward in Cyber Defense: Taking Action to Help Defeat Adversaries

    It is often said that attackers have an advantage, because the defenders have to protect every part of their systems all the time, while the attacker only has to find one way in. This argument oversimplifies the security landscape and the real strength that defenders can achieve if they work together. While it’s true that it is difficult to defend against an adversary that targets a single victim, this isn’t the way most malicious actors work. It is easier and cheaper for malicious...
  • Meet myBulletins: an online security bulletin customization service

    Microsoft is committed to promoting a safer, more trusted Internet and providing monthly security updates is one of the ways our customers keep their devices and connections to the Internet more secure. Packaging updates together into a monthly bulletin cycle stems from customer feedback and offers a predictable way to help protect them against newly discovered threats. Today, we are excited to introduce myBulletins , a new online security bulletin customization service. We’ve also created...
  • April 2014 Security Bulletin Webcast and Q&A

    Today we published the April 2013 Security Bulletin Webcast Questions & Answers page . We answered 13 questions in total, with the majority focusing on the update for Internet Explorer ( MS14-018 ) and the Windows 8.1 Update ( KB2919355 ). Two questions that were not answered on air have been included on the Q&A page. Here is the video replay. For those of you following the ongoing investigation around the industry-wide issue known as “Heartbleed,” please refer to this...
  • March 2014 Security Bulletin Webcast and Q&A

    Today we published the March 2014 Security Bulletin Webcast Questions & Answers page . We answered eight questions in total, with the majority focusing on the updates for Windows ( MS14-016 ) and Internet Explorer ( MS14-012 ). One question that was not answered on air has been included on the Q&A page. Here is the video replay. We invite you to join us for the next scheduled webcast on Wednesday, April 9, 2014, at 11 a.m. PDT (UTC -7), when we will go into detail about the April...
  • Microsoft Releases Security Advisory 2934088

    Today, we released Security Advisory 2934088 regarding an issue that impacts Internet Explorer 9 and 10. Internet Explorer 6, 7, 8 and 11 are not affected. At this time, we are only aware of limited, targeted attacks against Internet Explorer 10. This issue allows remote code execution if users browse to a malicious website with an affected browser. This would typically occur by an attacker convincing someone to click a link in an email or instant message. As part of the security advisory, we...
  • Update (2/10) - Advance Notification Service for February 2014 Security Bulletin Release

    Update as of February 10, 2014 We are adding two updates to the February release. There will be Critical-rated updates for Internet Explorer and VBScript in addition to the previously announced updates scheduled for release on February 11, 2014. These updates have completed testing and will be included in tomorrow’s release. This brings the total for Tuesday’s release to seven bulletins, four Critical. Please review the ANS summary page for updated information to help customers...
  • A Look Into the Future and the January 2014 Bulletin Release

    In January, there are those who like to make predictions about the upcoming year. I am not one of those people. Instead, I like to quote Niels Bohr who said, “Prediction is very difficult, especially if it’s about the future.” However, I can say without a doubt that change is afoot in 2014. In February, usage of the MD5 hash algorithm in certificates will be restricted, as first discussed in Security Advisory 2862973 , and the update goes out through Microsoft Update on the 11th...
  • Advance Notification Service for the March 2014 Security Bulletin Release

    Today we provide advance notification for the release of five bulletins for March 2014, two rated Critical and thee rated Important in severity. These updates address issues in Microsoft Windows, Internet Explorer and Silverlight. The update provided in MS14-012 fully addresses the issue first described in Security Advisory 2934088 . While we have seen a limited number of attacks using this issue, they have only targeted Internet Explorer 10. Customers using other versions of Internet Explorer...
  • Predictions for 2014 and the December 2013 Security Bulletin Webcast, Q&A, and Slide Deck

    Today we’re publishing the December 2013 Security Bulletin Webcast Questions & Answers page . We answered 17 questions in total, with the majority of questions focusing on the Graphics Component bulletin ( MS13-096 ), Security Advisory 2915720 and Security Advisory 2905247 . We also wanted to note a new blog on the Microsoft Security Blog site on the top cyber threat predications for 2014. Topics from ransomware to regulation are covered by seven of Trustworthy Computing’s top...
  • The May 2014 Security Updates

    Today, we released eight security bulletins – two rated Critical and six rated Important – to address 13 Common Vulnerability & Exposures (CVEs) in .NET Framework, Office, SharePoint, Internet Explorer, and Windows. We encourage you to apply all of these updates, but for those who need to prioritize their deployment planning, we recommend focusing on MS14-024 , MS14-025 and MS14-029 . We also have some new security advisories releasing today. Security Advisory 2871997 provides...