ms-msrc

Today, as part of Update Tuesday, we released 13 security bulletins. We encourage customers to apply all of these updates. For more information about this month’s security updates, including a detailed view of the Exploitability Index (XI), visit the Microsoft Bulletin Summary webpage. If you are not familiar with how we calculate the XI, a full description can be found here. We also released one new Security Advisory: Update to Default Cipher Suite Priority Order (3042058) One Security Advisory was revised: Update for Adobe Flash Player in Internet Explorer (2755801) For the latest information, you can follow the Microsoft Security Response Center (MSRC) team on Twitter at @MSFTSecResponse. MSRC Team Source: ms-msrc

I am excited to announce significant expansions to the Microsoft Bounty Programs.  We are evolving the 'Online Services Bug Bounty, launching a new bounty for Project Spartan, and updating the Mitigation Bypass Bounty. This continued evolution includes additions to the Online Services Bug Bounty Program:  Azure Azure is Microsoft’s cloud platform and the backbone of Microsoft cloud services. This program will include a number of Azure services, such as: Azure virtual machines, Azure Cloud Services, Azure Storage, Azure Active Directory and much more Sway.com Sway.com is a web application that lets users express ideas in an entirely new way across many devices and platforms Raising the maximum payout for the Online Services Bounty Program We will pay up to $15,000 USD for critical bugs, as always, more for more impactful and better documented bugs. We’re also launching a new bounty [ more… ]

Today, as part of Update Tuesday, we released 11 security bulletins. We encourage customers to apply all of these updates. For more information about this month’s security updates, including the detailed view of the Exploitability Index (XI), visit the Microsoft Bulletin Summary webpage. If you are not familiar with how we calculate the XI, a full description can be found here. We released one new Security Advisory: Update to Improve PKU2U Authentication (3045755) One Security Advisory was revised: SSL 3.0 Update (3009008) For the latest information, you can follow the Microsoft Security Response Center (MSRC) team on Twitter at @MSFTSecResponse. MSRC Team Source: ms-msrc

Today, as part of Update Tuesday, we released 14 security bulletins to address vulnerabilities in Microsoft Windows, Microsoft Office, Microsoft Exchange, and Internet Explorer. We encourage customers to apply all of these updates. For more information about this month’s security updates, including the detailed view of the Exploitability Index (XI) broken down by each Common Vulnerabilities and Exposures (CVE), visit the Microsoft Bulletin Summary webpage. If you are not familiar with how we calculate the XI, a full description can be found here. We released one new Security Advisory: Availability of SHA-2 code signing support for Windows 7 and Windows Server 2008 R2 (3033929) Two Security Advisories were revised: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer (2755801) Vulnerability in Schannel Could Allow Security Feature Bypass (3046015) For the latest information, you can follow the Microsoft Security Response [ more… ]

Today, we released Security Advisory 3046015 to provide guidance to customers in response to the SSL/TLS issue referred to by researchers as “FREAK” (Factoring attack on RSA-EXPORT Keys). Our investigation continues and we’ll take the necessary steps to protect our customers. MSRC Team Source: ms-msrc