Skip to main content

Month Archives: April 2011

Coordinated Vulnerability Disclosure Reloaded

Tuesday, April 19, 2011

Today on the MSRC Blog, Matt Thomlinson announced three new efforts to provide more transparency into Microsoft’s vulnerability disclosure process. These included a Coordinated Vulnerability Disclosure (CVD) at Microsoft procedures document, the first release of MSVR Advisories on vulnerabilities that were discovered by Microsoft and fixed by affected vendors, and an internal employee disclosure policy.

Coordinated Vulnerability Disclosure: From Philosophy to Practice

Tuesday, April 19, 2011

Last summer at the Black Hat security conference, we announced a philosophical shift in how we refer to vulnerability disclosure, called “Coordinated Vulnerability Disclosure” (CVD). Our intent was to focus on how coordination and collaboration are required to resolve security issues in a way that minimizes risk and disruption for customers.

Q&A from April 2011 Security Bulletin Webcast

Thursday, April 14, 2011

Hello, Today we published the April Security Bulletin Webcast Questions & Answers page. We fielded 14 questions on various topics during the webcast, including bulletins released, deployment tools, and update detection tools. There were two questions during the webcast that we were unable to answer and we have included those questions and answers on the QA page.

April 2011 Security Bulletin Release

Tuesday, April 12, 2011

Hello again everyone, Pete Voss here, and as I previously mentioned in the Advanced Notification blog on Thursday, today we are releasing 17 security bulletins, nine of which are Critical, and eight rated Important. These bulletins will increase protection by addressing 64 unique vulnerabilities in the following Microsoft products: Microsoft Windows, Microsoft Office, Internet Explorer, Visual Studio, SMB, .