Skip to main content

Month Archives: February 2012

February 2012 Security Bulletin Webcast and Q&A

Friday, February 17, 2012

Hello, Today we published the February Security Bulletin Webcast Questions & Answers page. We fielded ten questions on various topics during the webcast, including bulletins released, deployment tools, and update detection tools. Many of the questions centered on the .Net/Silverlight update MS12-016. Click here to access the slide deck that appears in the webcast.

Assessing risk for the February 2012 security updates

Tuesday, February 14, 2012

Today we released nine security bulletins. Four have a maximum severity rating of Critical with the other five having a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack vector Max Bulletin Severity Max Exploit-ability Likely first 30 days impact Platform mitigations and key notes MS12-010(Internet Explorer) Victim browses to a malicious website.

MS12-013: More information about the msvcrt.dll issue

Tuesday, February 14, 2012

Today we are shipping a security update to address a Critical-class memory corruption vulnerability in the Microsoft C Run-Time Library (msvcrt.dll) shipped with Windows. We have issued the bulletin with Critical severity because attackers could potentially trigger the vulnerability by luring a victim into browsing to a malicious webpage that launches Windows Media Player, or by opening a malicious file with Windows Media Player.

MS12-014: Indeo, a blast from the past

Tuesday, February 14, 2012

Today, we shipped security update MS12-014 to address an issue in the Indeo codec. With this blog post, we hope to preemptively answer some common questions that are likely to surface as researchers analyze this security update. Indeo: Blast from the Past Indeo is a video codec that was first developed in 1992, long before some of you reading this blog post were born.

MSRC looks back at ten years, and the February 2012 bulletins

Tuesday, February 14, 2012

Ever wondered where Update Tuesday bulletins come from, or what it’s like around Microsoft when a serious information-security situation arises? Or wondered who precisely is responsible for getting your monthly bulletin releases out the door? Update Tuesday, which brings us here today, is one of the most prominent results of that famous Bill Gates memo that put security at the center of Microsoft’s development and support efforts – just over 10 years ago.

ANS for February 2012, and some notes on SDL

Thursday, February 09, 2012

Hello. Today we’re releasing our advance notification for the February security bulletin release, which is scheduled for Tuesday, February 14. This month’s release includes nine bulletins addressing 21 vulnerabilities in Microsoft Windows, Office, Internet Explorer, and .NET/Silverlight. As always, we recommend that customers review the ANS summary page for more information and prepare for the testing and deployment of these bulletins as soon as possible.