SECURITY

Our Advance Notification Service (ANS) was created more than a decade ago as part of Update Tuesday to broadly communicate in advance, about the security updates being released for Microsoft products and services each month. Over the years, technology environments and customer needs have evolved, prompting us to evaluate our existing information and distribution channels. This desire to improve is why customers may have seen us introduce myBulletins to provide bulletin reports tailored to customer preferences, discontinue the Deployment Priority matrix in favor of the Exploitability Index, modify the Exploitability Index to account for more threat scenarios, simplify security bulletin content to help customer understanding, and create a centralized glossary for bulletin definitions. The change being announced today fits within that context. We are making changes to how we distribute ANS to customers. Moving forward, we will provide ANS information [ more… ]

Today, as part of Update Tuesday, we released seven security updates – three rated Critical and four rated Important in severity, to address 24 unique Common Vulnerabilities and Exposures (CVEs) in Microsoft Windows, Internet Explorer (IE), Office and Exchange. We encourage you to apply all of these updates. For more information about this month’s security updates, including the detailed view of the Exploit Index (XI) broken down by each CVE, visit the Microsoft Bulletin Summary webpage. If you are not familiar with how we calculate XI, a full description can be found here. We re-released two Security Bulletins: MS14-065 Cumulative Security Update for Internet Explorer MS14-066 Vulnerability in Schannel Could Allow Remote Code Execution  One Security Advisory was revised: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer (2755801).  For the latest information, you can follow the MSRC team [ more… ]

Today, we provide advance notification for the release of seven Security Bulletins. Three of these updates are rated Critical and four are rated as Important in severity. These updates are for Microsoft Windows, Internet Explorer (IE), Office and Exchange. As per our monthly process, we’ve scheduled the Security Bulletin release for the second Tuesday of the month, December 9, 2014, at approximately 10 a.m. PDT. Until then, please review the ANS summary page for more information to help you prepare for Security Bulletin testing and deployment. Follow us on Twitter at @MSFTSecResponse Tracey Pretorius, Director Response Communications Source: ms-msrc

Today, we released an out-of-band security update to address a vulnerability in Kerberos which could allow Elevation of Privilege. This update is for all supported versions of Windows Server and includes a defense-in-depth update for all supported versions of Windows. We strongly encourage customers to apply this update as soon as possible by following the directions in Security Bulletin MS14-068. Tracey Pretorius, Director Response Communications Source: ms-msrc

On Tuesday, November 18, 2014, at approximately 10 a.m. PST, we will release an out-of-band security update to address a vulnerability in Windows. We strongly encourage customers to apply this update as soon as possible, following the directions in the security bulletin. More information about this bulletin can be found at Microsoft’s Bulletin Summary page. Tracey Pretorius, Director Response Communications Source: ms-msrc