Skip to main content
MSRC

2013

Assessing risk for the May 2013 security updates

Tuesday, May 14, 2013

Today we released ten security bulletins addressing 33 CVE’s. Two of the bulletins have a maximum severity rating of Critical, and eight have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack vector Max Bulletin Severity Max Exploit-ability Likely first 30 days impact Platform mitigations and key notes MS13-038(Internet Explorer 8) Victim browses to a malicious webpage.

Read More

Microsoft Customer Protections for May 2013

Tuesday, May 14, 2013

Today, we are releasing 10 bulletins, addressing 33 vulnerabilities in Microsoft products. Before we get into the details, we wanted to first let our enterprise customers know about a change in how we’re communicating technical details within our security advisories. Starting today, customers will be able to clearly identify key security updates within advisories.

Read More

MS13-037 addressing Pwn2own vulnerabilities

Tuesday, May 14, 2013

MS13-037 addresses a number of vulnerabilities in Internet Explorer, several of which were reported to us by the TippingPoint Zero Day Initiative (ZDI) program. We’ve gotten questions from customers about the specific vulnerabilities purchased by ZDI from the CanSecWest pwn2own contest. We’d like to use this blog post to provide more background on the set of vulnerabilities required for an attacker to exploit modern-day browsers and the state of fixes for those specific vulnerabilities.

Read More

Advance Notification Service for the May 2013 Security Bulletin Release

Thursday, May 09, 2013

Today we’re providing Advance Notification of 10 bulletins for release on Tuesday, May 14, 2013. This release brings two Critical and eight Important-class bulletins, which address 33 unique vulnerabilities. The Critical-rated bulletins address issues in Microsoft Windows and Internet Explorer. Of note, we are working to have the Internet Explorer Security Update address the issue described in Security Advisory 2847140, supplementing the currently available Fix it.

Read More

EMET 4.0's Certificate Trust Feature

Wednesday, May 08, 2013

Three weeks ago, we released a beta version of EMET 4.0 to get feedback on the new EMET features and to get more real-world testing before the official release. We have been amazed and so grateful for the thousands of downloads and hundreds of emails with feature suggestions, bug reports, questions about the new features, and kind words cheering us on.

Read More

Microsoft "Fix it" available to mitigate Internet Explorer 8 vulnerability

Wednesday, May 08, 2013

Today, we are making available a “Microsoft Fix it” solution to block attacks leveraging the Internet Explorer 8 (IE8) vulnerability described in Security Advisory 2847140. This code-signed, easily downloadable and install-able Fix it package uses the Windows application compatibility toolkit to make a small change at runtime to mshtml.dll every time IE is loaded.

Read More