ms-msrc

Today, as part of Update Tuesday, we released nine security bulletins – three rated Critical and six rated Important in severity, to address 56 unique Common Vulnerabilities and Exposures (CVEs) in Microsoft Windows, Microsoft Office, Internet Explorer, and Microsoft Server software.  We encourage you to apply all of these updates. For more information about this month’s security updates, including the detailed view of the Exploitability Index (XI) broken down by each CVE, visit the Microsoft Bulletin Summary webpage. If you are not familiar with how we calculate the XI, a full description can be found here. We re-released one Security Bulletin: MS14-083 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution One new Security Advisory was released: Update for Windows Command Line Auditing (3004375). One Security Advisory was revised: Vulnerability in SSL 3.0 Could Allow Information Disclosure (3009008). We also [ more… ]

Today, as part of Update Tuesday, we released eight security updates – one rated Critical and seven rated Important in severity, to address eight unique Common Vulnerabilities and Exposures (CVEs) in Microsoft Windows. We encourage you to apply all of these updates. For more information about this month’s security updates, including the detailed view of the Exploit Index (XI) broken down by each CVE, visit the Microsoft Bulletin Summary webpage. If you are not familiar with how we calculate XI, a full description can be found here. We re-released one Security Bulletin: MS14-080 Cumulative Security Update for Internet Explorer One Security Advisory was revised: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer (2755801) For the latest information, you can follow the MSRC team on Twitter at @MSFTSecResponse. MSRC Team Source: ms-msrc

For years our customers have been in the trenches against cyberattacks in an increasingly complex digital landscape. We’ve been there with you, as have others. And we aren’t going anywhere.  Forces often seek to undermine and disrupt technology and people, attempting to weaken the very devices and services people have come to depend on and trust. Just as malicious acts are planned, so too are counter-measures implemented by companies like Microsoft. These efforts aim to protect everyone against a broad spectrum of activity ranging from phishing scams that focus on socially engineered trickery, to sophisticated attacks by persistent and determined adversaries. (And yes, people have a role to play – strong passwords, good policies and practices, keeping current to the best of your ability, detection and response, etc. But we’ll save those topics for another day).      With all that is [ more… ]

Our Advance Notification Service (ANS) was created more than a decade ago as part of Update Tuesday to broadly communicate in advance, about the security updates being released for Microsoft products and services each month. Over the years, technology environments and customer needs have evolved, prompting us to evaluate our existing information and distribution channels. This desire to improve is why customers may have seen us introduce myBulletins to provide bulletin reports tailored to customer preferences, discontinue the Deployment Priority matrix in favor of the Exploitability Index, modify the Exploitability Index to account for more threat scenarios, simplify security bulletin content to help customer understanding, and create a centralized glossary for bulletin definitions. The change being announced today fits within that context. We are making changes to how we distribute ANS to customers. Moving forward, we will provide ANS information [ more… ]

Today, as part of Update Tuesday, we released seven security updates – three rated Critical and four rated Important in severity, to address 24 unique Common Vulnerabilities and Exposures (CVEs) in Microsoft Windows, Internet Explorer (IE), Office and Exchange. We encourage you to apply all of these updates. For more information about this month’s security updates, including the detailed view of the Exploit Index (XI) broken down by each CVE, visit the Microsoft Bulletin Summary webpage. If you are not familiar with how we calculate XI, a full description can be found here. We re-released two Security Bulletins: MS14-065 Cumulative Security Update for Internet Explorer MS14-066 Vulnerability in Schannel Could Allow Remote Code Execution  One Security Advisory was revised: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer (2755801).  For the latest information, you can follow the MSRC team [ more… ]