Skip to main content
MSRC

2011

Assessing the risk of the October 2011 security updates

Tuesday, October 11, 2011

Today we released eight security bulletins. Two have a maximum severity rating of Critical with the other six having a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack vector Max Bulletin Severity Max Exploit-ability Likely first 30 days impact Platform mitigations and key notes MS11-081 (Internet Explorer) Victim browses to a malicious website.

October Update Tuesday: Security Intelligence Report volume 11 announced

Tuesday, October 11, 2011

Hello, On this October Update Tuesday, we are releasing the 11th volume of the Security Intelligence Report, SIRv11, which puts zero-day vulnerabilities into context against other global threats. We are also releasing eight security updates so please read on for details. A new method of analyzing malware distribution indicates that in the first half of 2011 zero-day issues account for a very small percentage of actual infections.

Advanced Notification for the October 2011 Bulletin Release

Thursday, October 06, 2011

Hello, As we do each month, we’re providing advanced notification on the release of eight security bulletins, two Critical and six Important, to address 23 vulnerabilities across Internet Explorer, .NET Framework & Silverlight, Microsoft Windows, Microsoft Forefront UAG, and Microsoft Host Integration Server. As usual, the bulletin release is scheduled for the second Tuesday of the month, October 11, at approximately 10 a.

Is SSL broken? – More about Security Bulletin MS12-006 (previously known as Security Advisory 2588513)

Monday, September 26, 2011

On January 10th, Microsoft released MS12-006 in response to a new vulnerability discovered in September in SSL 3.0 and TLS 1.0. Here we would like to give further information about the technique used to exploit this vulnerability and workaround options Microsoft has released if you discover a compatibility issue after installing the update.

Microsoft releases Security Advisory 2588513

Monday, September 26, 2011

Hello. Today we released Security Advisory 2588513, addressing an information-disclosure issue in SSL (Secure Sockets Layer) 3.0 and TLS (Transport Layer Security) 1.0 to provide guidance for customers. This is an industry-wide issue with limited impact that affects the Internet ecosystem as a whole rather than any specific platform. Our Advisory addresses the issue via the Windows operating system.