Thursday, May 12, 2011
Hello, Today we published the May Security Bulletin Webcast Questions & Answers page. We fielded twelve questions on various topics during the webcast, including bulletins released and the Malicious Software Removal Tool. There were two questions during the webcast that we were unable to answer and we have included those questions and answers on the QA page.
Tuesday, May 10, 2011
Hello everyone, Pete Voss here again, and as I previously mentioned in the Advanced Notification on Thursday, today we are releasing two bulletins to help protect customers. The bulletins address a Critical vulnerability in Microsoft Windows and two Important vulnerabilities in Microsoft Office. MS11-035 is the sole Critical bulletin this month, and we recommend customers prioritize this bulletin.
Thursday, May 05, 2011
Hello everyone, Today we are announcing changes to Microsoft’s Exploitability Index. Since October 2008, we have used the Exploitability Index to provide customers with valuable exploitability analysis for our security bulletins, and starting Tuesday this information will become even more comprehensive for those who use Microsoft’s latest platforms. The Exploitability Index assesses the likelihood of functional exploit code being developed for a particular vulnerability.
Thursday, May 05, 2011
Exploitability Index Improvements Now Offer Additional Guidance In October of 2008, Microsoft published its first Exploitability Index: a rating system that helps customers identify the likelihood that a specific vulnerability would be exploited within the first 30 days after bulletin release. As of this month, we are making some changes to the rating system to make vulnerability assessment more clear and digestible for customers.
Tuesday, April 19, 2011
Last summer at the Black Hat security conference, we announced a philosophical shift in how we refer to vulnerability disclosure, called “Coordinated Vulnerability Disclosure” (CVD). Our intent was to focus on how coordination and collaboration are required to resolve security issues in a way that minimizes risk and disruption for customers.
Thursday, April 14, 2011
Hello, Today we published the April Security Bulletin Webcast Questions & Answers page. We fielded 14 questions on various topics during the webcast, including bulletins released, deployment tools, and update detection tools. There were two questions during the webcast that we were unable to answer and we have included those questions and answers on the QA page.
Tuesday, April 12, 2011
Hello again everyone, Pete Voss here, and as I previously mentioned in the Advanced Notification blog on Thursday, today we are releasing 17 security bulletins, nine of which are Critical, and eight rated Important. These bulletins will increase protection by addressing 64 unique vulnerabilities in the following Microsoft products: Microsoft Windows, Microsoft Office, Internet Explorer, Visual Studio, SMB, .
Thursday, April 07, 2011
Hello everyone, My name is Pete Voss, and I’m a senior response communications manager with Microsoft Trustworthy Computing. I’ll be joining the rest of the team on the MSRC blog and @MSFTSecResponse Twitter handle to help provide you with the latest information and guidance for Microsoft security. Today, we’re providing advanced notification on the release of 17 security bulletins, nine rated Critical and eight rated Important.
Monday, April 04, 2011
Hi all – We’re pleased to announce the release of the new Microsoft Security Update Guide, Second Edition. Fully revised and updated from the first edition, which was released in 2009, this edition focuses on best practices for prioritizing and testing security updates before deployment within your organization’s IT environment.
Wednesday, March 23, 2011
Hello - Today we’re releasing Security Advisory 2524375, to address nine fraudulent digital certificates issued by Comodo Group Inc, a root certificate authority. Comodo has since revoked the digital certificates. This is not a Microsoft security vulnerability; however, one of the certificates potentially affects Windows Live ID users via login.live.com. These certificates may be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against end users.
