Skip to main content
MSRC

2011

Additional Fixes in Microsoft Security Bulletins

Monday, February 14, 2011

From time to time we receive questions regarding fixes not documented in security bulletins. Some call these “silent fixes.” We hope this blog post answers those questions and helps clarify Microsoft’s process in fixing and documenting all vulnerabilities and addressing internally discovered variants. It’s important to remember the following: As part of Microsoft’s comprehensive security update process, Microsoft will address variants of reported issues.

Read More

Q&A from the February 2011 Security Bulletin Webcast

Thursday, February 10, 2011

Hello, Today we published the February Security Bulletin Webcast Questions & Answers page. We fielded 12 questions on various topics during the webcast, including bulletins released, deployment tools, and update detection tools. We invite our customers to join us for the next public webcast on Wednesday, March 9th at 11am PST (-8 UTC), when we will go into detail about the March bulletin release and answer questions live on the air.

Read More

Assessing the risk of the February security updates

Tuesday, February 08, 2011

Today we released twelve security bulletins. Three have a maximum severity rating of Critical and nine have a maximum severity rating of Important. This release addresses three publicly disclosed vulnerabilities. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack vector Max Bulletin Severity Max Exploit-ability Likely first 30 days impact Platform mitigations and key notes MS11-003(IE) Victim browses to a malicious webpage.

Read More

Deeper insight into the Security Advisory 967940 update

Tuesday, February 08, 2011

Hi! I’m Adam Shostack, a program manager working in TWC Security, and I’d like to talk a bit about today’s AutoRun update. Normally, I post over on the SDL blog, but of late I’ve been doing a lot of work in classifying and quantifying how Windows computers get compromised. One thing that popped from that analysis was the proportion of infected machines with malware that uses Autorun to propagate.

Read More

February 2011 Security Bulletin Release

Tuesday, February 08, 2011

Hello all – Today, as part of our monthly security bulletin release, we have 12 bulletins addressing 22 vulnerabilities in Microsoft Windows, Office, Internet Explorer, and IIS (Internet Information Services). Three bulletins are rated Critical, and these are the bulletins we recommend for priority deployment: o MS11-003. This bulletin resolves three critical-level and moderate-level vulnerabilities affecting all versions of Internet Explorer.

Read More