msrc

June 2017 security update release

Tuesday, June 13, 2017

Microsoft releases additional updates for older platforms to protect against potential nation-state activity Today, as part of our regular Update Tuesday schedule, we have taken action to provide additional critical security updates to address vulnerabilities that are at heightened risk of exploitation due to past nation-state activity and disclosures. Some of the releases today are new, and some are for older platforms under custom support agreements, that we are making publicly available today.

• Microsoft Windows
• Security Advisory
• Security Update Release

Extending Microsoft Edge Bounty Program

Tuesday, May 16, 2017

Over the past 10 months, we’ve paid out more than $200,000 USD in bounties to researchers reporting vulnerabilities through the Microsoft Edge Bounty Program. Partnering with the research community has helped improve Microsoft Edge security, and to continue this collaboration, today we’re extending the end date of the Edge on Windows Insider Preview (WIP) bounty program to June 30, 2017.

• Bug Bounty Programs
• Microsoft Edge

Customer Guidance for WannaCrypt attacks

Saturday, May 13, 2017

Microsoft solution available to protect additional products Today many of our customers around the world and the critical systems they depend on were victims of malicious “WannaCrypt” software. Seeing businesses and individuals affected by cyberattacks, such as the ones reported today, was painful. Microsoft worked throughout the day to ensure we understood the attack and were taking all possible actions to protect our customers.

• Cyberattacks
• Microsoft Windows
• Ransomware
• Security Update
• Wannacry
• Wannacrypt
• Windows

Coming together to address Encapsulated PostScript (EPS) attacks

Tuesday, May 09, 2017

Today’s security updates include three updates that exemplify how the security ecosystem can come together to help protect consumers and enterprises. We would like to thank FireEye and ESET for working with us. Customers that have the latest security updates installed are protected against the attacks described below. As a best practice to ensure customers have the latest protections, we recommend they upgrade to the most current versions.

• Microsoft Office
• Microsoft Windows
• Security Update
• Update Tuesday

May 2017 security update release

Tuesday, May 09, 2017

Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this month’s security updates can be found on the Security Update Guide.

• Security Advisory
• Security Advisory Security Update Update Tuesday
• Security Update
• Update Tuesday

Taking your feedback on the Security Update Guide

Friday, April 21, 2017

The Security Update Guide has been in public preview since November 2016. This month marked our first release when security update information was published entirely in the new format. Over the last few months, customers and partners have provided a lot of feedback on the direction and implementation of the Security Update Guide.

• Security Update Guide

Bountycraft at Nullcon 2017

Thursday, April 20, 2017

Security is a critical component of our products at Microsoft. A strong emphasis on security is a persistent factor throughout our entire development process. Microsoft is committed to designing and developing secure software. Testing is performed both internally and by working closely with the broader security community. This is done through a wide range of partnerships and programs including bug bounties to ensure that customers receive the most secure products.

• Bounty Program

Protecting customers and evaluating risk

Saturday, April 15, 2017

Today, Microsoft triaged a large release of exploits made publicly available by Shadow Brokers. Understandingly, customers have expressed concerns around the risk this disclosure potentially creates. Our engineers have investigated the disclosed exploits, and most of the exploits are already patched. Below is our update on the investigation. When a potential vulnerability is reported to Microsoft, either from an internal or external source, the Microsoft Security Response Center (MSRC) kicks off an immediate and thorough investigation.

• Shadow Brokers

April 2017 security update release

Tuesday, April 11, 2017

Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide. MSRC team

• Security Advisory Security Update Update Tuesday

Announcing the new Bug Bounty Program for Office Insider Builds on Windows

Wednesday, March 15, 2017

We’ve engineered Office to be secure by design and continually invest in enhancing its security capabilities. In the spirit of maintaining a high security bar in Office, we’re launching the Bug Bounty Program for Office Insider Builds on Windows. The Office Bug Bounty Program complements our continuous internal engineering investments that include designing secure features through threat modeling, security in code reviews, security automation, and internal penetration testing.