Skip to main content
MSRC

msrc

Advance Notification Service for November 2010 Bulletins

Thursday, November 04, 2010

Hello. We’ve issued our Advance Notification Service for the November ’10 security bulletin release. This time around we’re releasing three updates addressing 11 vulnerabilities in Microsoft Office and Unified Access Gateway (UAG). One bulletin carries a Critical severity rating; the other two are rated Important. When customers buy Microsoft software, it includes high-quality security updates to be provided via predictable monthly bulletin releases, helping to protect their computing experience over time.

Read More

Microsoft Releases Security Advisory 2458511

Tuesday, November 02, 2010

Hi everyone, Today we released Security Advisory 2458511 to address a new vulnerability that could impact Internet Explorer users if they visit a website hosting malicious code. As of now, the impact of this vulnerability is extremely limited and we are not aware of any affected customers. The exploit code was discovered on a single website which is no longer hosting the malicious code.

Read More

Q&A from the October 2010 Security Bulletin Webcast

Monday, October 18, 2010

Hello, Today we published the October 2010 Security Bulleting webcast Questions & Answers page. The October release included 16 security updates, four rated Critical, ten rated Important, and two rated Moderate to address 49 vulnerabilities in Microsoft Windows, Microsoft Office, Microsoft Internet Explorer, and Microsoft .NET Framework. We invite our customers to join us for the next public webcast on Wednesday, November 10 @11AM PST when we will go into detail about the November bulletin release and answer questions live on the air.

Read More

October 2010 Security Bulletin Release

Monday, October 11, 2010

Hello - Today, as part of our regular monthly security bulletin release process, we are releasing 16 comprehensive updates addressing 49 vulnerabilities affecting Windows, Internet Explorer (IE), Microsoft Office, and the .NET Framework. This release represents our commitment to provide predictable, high-quality updates as part of the service our customers get when they buy Microsoft products.

Read More

Microsoft Releases MS10-070 to all distribution channels

Thursday, September 30, 2010

Hi everyone - Today we released out-of-band Security Update MS10-070through the remainder of our standard distribution channels, including Windows Update and Windows Server Update Services. We have completed our testing of these channels and confirmed the update can be successfully downloaded. Customers are strongly encouraged to download the Security Update, test it in their environments and deploy it as quickly as possible.

Read More

Q&A from the September 2010 Out-of-Band Security Release webcast

Thursday, September 30, 2010

Hello, Below you will find the webcast we conducted earlier this week as part of the MS10-070 Security Update which was released Out-of-Band. We have also published the questions and answers from that webcast and linked them here. The response for this webcast was amazing; however, due to time constraints, we were unable to answer all of the questions that were asked during the live webcast.

Read More

MS10-070 Released Out-of-Band Today

Tuesday, September 28, 2010

Hello, As we announced yesterday, today we released Security Bulletin MS10-070 out-of-band to address a vulnerability in ASP.NET. The bulletin and the blog by Scott Guthrie, corporate vice president of Microsoft’s .NET Developer Platform are available for more information. This security update addresses a vulnerability affecting all versions of the .

Read More

Out of Band Release to Address Microsoft Security Advisory 2416728

Sunday, September 26, 2010

Hello - Today we provided advance notification to customers that we will release an out-of-band security update to address the vulnerability discussed in Security Advisory 2416728. The update is scheduled for release tomorrow, Tuesday, September 28, 2010 at approximately 10:00 AM PDT. The bulletin has a severity rating of Important and addresses a publicly disclosed vulnerability in ASP.

Read More

Security Advisory 2416728 - Workaround Update

Friday, September 24, 2010

Hi everyone - We’ve updated Microsoft Security Advisory2416728 to include a step in the workaround requiring the blocking of requests that specify the application error path on the querystring. This can be done using URLScan, a free tool for Internet Information Services (IIS) that can selectively block requests based on rules defined by the administrator.

Read More