Tuesday, April 19, 2011
Last summer at the Black Hat security conference, we announced a philosophical shift in how we refer to vulnerability disclosure, called “Coordinated Vulnerability Disclosure” (CVD). Our intent was to focus on how coordination and collaboration are required to resolve security issues in a way that minimizes risk and disruption for customers.
Thursday, April 14, 2011
Hello, Today we published the April Security Bulletin Webcast Questions & Answers page. We fielded 14 questions on various topics during the webcast, including bulletins released, deployment tools, and update detection tools. There were two questions during the webcast that we were unable to answer and we have included those questions and answers on the QA page.
Wednesday, April 13, 2011
一部のお客様から 4/13 に提供開始した MS11-022 (KB2464588) の PowerPoint 2003 用のセキュリティ更新プログラムを適用後、PowerPoin
Wednesday, April 13, 2011
皆さん、今月のセキュリティ更新プログラムは、もう適用済みでしょうか? 4 月 13 日に公開したセキュリティ ア
Tuesday, April 12, 2011
先週の事前通知でお伝えした通り、セキュリティ情報 計 17 件 (緊急 9 件、重要 8 件) を公開しました。また、2
Tuesday, April 12, 2011
皆さん、こんにちは!今月のマイクロソフトワンポイントセキュリティ情報担当者です。 先ほど 4 月のワンポイ
Tuesday, April 12, 2011
Hello again everyone, Pete Voss here, and as I previously mentioned in the Advanced Notification blog on Thursday, today we are releasing 17 security bulletins, nine of which are Critical, and eight rated Important. These bulletins will increase protection by addressing 64 unique vulnerabilities in the following Microsoft products: Microsoft Windows, Microsoft Office, Internet Explorer, Visual Studio, SMB, .
Tuesday, April 12, 2011
Today we released 17 security bulletins. Nine have a maximum severity rating of Critical and eight have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack vector Max Bulletin Severity Max Exploit-ability Index Likely first 30 days impact Platform mitigations and key notes MS11-018(IE) Victim browses to a malicious webpage.
Tuesday, April 12, 2011
Today Microsoft released MS11-018 addressing one of the three vulnerabilities that were used to win the Pwn2Own contest last month at CanSecWest 2011. It took three vulnerabilities to successfully compromise IE8 and meet all the requirements of the organizers. The vulnerability we are fixing today, a use-after-free which does not affect IE9, was the primary vulnerability used to gain code execution.
Tuesday, April 12, 2011
This month we released updates for the SMB client and server components (MS11-019 and MS11-020 respectively). These bulletins address three externally-reported issues, but also include fixes for several issues that Microsoft identified internally. This blog post provides background on these issues and the work done internally at Microsoft to improve SMB security.
