Skip to main content
MSRC

2012

Further insight into Security Advisory 2719615

Wednesday, June 13, 2012

During our regular Update Tuesday bulletin cycle this week, we released Security Advisory 2719615, which provides guidance concerning a remote code execution issue affecting MSXML Code Services. As part of that Advisory, we’ve built a Fix it workaround that blocks the potential attack vector in Internet Explorer. Fix its are a labor-saving mechanism that helps protect customers from a specific issue in advance of a comprehensive security update.

Read More

MSXML: Fix it before fixing it

Wednesday, June 13, 2012

Yesterday, Microsoft has released Security Advisory 2719615, associated to a vulnerability in Microsoft XML Core Services. We want to share more details about the issue and explain the additional workarounds available to help you protect your computers. Information about the vulnerability A vulnerability exists in Microsoft XML Core Services 3.0, 4.

Read More

Assessing risk for the June 2012 security updates

Tuesday, June 12, 2012

Today we released seven security bulletins. Three have a maximum severity rating of Critical and the other four have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack vector Max Bulletin Severity Max Exploit-ability Index Likely first 30 days impact Platform mitigations and key notes MS12-037(Internet Explorer) Victim browses to a malicious webpage.

Read More

Certificate Trust List update and the June 2012 bulletins

Tuesday, June 12, 2012

For Update Tuesday we’re releasing seven security bulletins – three Critical-class and four Important – addressing 26 unique CVEs to further improve the security postures of Microsoft Windows, Internet Explorer, Dynamics AX, Microsoft Lync, and the Microsoft .NET Framework. In addition to the security bulletins, we are releasing an automatic updater feature for Windows Vista and Windows 7 untrusted certificates.

Read More

Advance Notification Service for June 2012 Security Bulletin Release

Thursday, June 07, 2012

Hello – Today we’re releasing our advance notification for the June security bulletin release, which is scheduled for Tuesday, June 12. This month’s release includes 7 bulletins addressing 25 vulnerabilities in Microsoft Windows, Internet Explorer, Visual Basic for Applications, Dynamics AX, and the .NET Framework. All seven bulletins will be released on Tuesday at approximately 10 a.

Read More

Flame malware collision attack explained

Wednesday, June 06, 2012

Since our last MSRC blog post, we’ve received questions on the nature of the cryptographic attack we saw in the complex, targeted malware known as Flame. This blog summarizes what our research revealed and why we made the decision to release Security Advisory 2718704 on Sunday night PDT. In short, by default the attacker’s certificate would not work on Windows Vista or more recent versions of Windows.

Read More