Tuesday, February 09, 2010
MSRC Bulletin Release Blog Post Hi everyone, As mentioned in our ANS blog post last week, today we are releasing 13 bulletins addressing 26 vulnerabilities. 11 bulletins affect Windows and 2 affect older versions of Microsoft Office. In the post on Thursday, we mentioned that bulletins in the ANS listed as 1, 2, 3, and 6 were going to top our deployment priority list this month.
Thursday, February 04, 2010
Today we released February bulletin information through our Advance Notification Service (ANS). This month, we will be releasing 13 bulletins - five rated Critical, seven rated Important, and one rated Moderate - addressing 26 vulnerabilities. Eleven of the bulletins affect Windows and the remaining two affect Office. More information about the upcoming security updates can be found on the Advance Notification Service (ANS) webpage.
Wednesday, February 03, 2010
Hi everyone, Today we released Security Advisory 980088 to address a publicly disclosed vulnerability in Internet Explorer that may allow Information Disclosure for customers running on Windows XP or who have disabled Internet Explorer Protected Mode. At this time we are not aware of any attacks seeking to use the vulnerability.
Friday, January 22, 2010
Hello everyone, Yesterday Adrian Stone from the Microsoft Security Response Center (MSRC) and I hosted a live webcast to discuss Security Bulletin MS10-002 and Security Advisory 979682 in more detail with customers. Below is the video of that presentation and you can find the question & answer transcript here. We spent over an hour answering customer questions during the webcast.
Friday, January 22, 2010
Hosts: Adrian Stone, Senior Security Program Manager Lead Jerry Bryant, Senior Security Communications Manager Lead Website: TechNet/security Chat Topic: January 2010 Out-of-Band Security Bulletin Date: Thursday, January 21, 2010 Q: I understand the severity for workstaitons. Is the severity lower for servers in terms of this vulnerability, since most servers (except Terminal Servers) do not use IE?
Thursday, January 21, 2010
Hello, Today we released Security Bulletin MS10-002 out-of-band to address vulnerabilities in Internet Explorer. All customers using currently supported versions of Windows and Internet Explorer should apply this update as soon as possible. Once applied, customers are protected against the known attacks that have been widely publicized. For customers using automatic updates, this update will automatically be applied once it is released.
Wednesday, January 20, 2010
Today we issued our Advanced Notification Service (ANS) to advise customers that we will be releasing MS10-002 tomorrow, January 21st, 2010. We are planning to release the update as close to 10:00 a.m. PST (UTC -8) as possible. This is a standard cumulative update, accelerated from our regularly scheduled February release, for Internet Explorer with an aggregate severity rating of Critical.
Wednesday, January 20, 2010
Today we released Security Advisory 979682 to address an Elevation of Privilege (EoP) vulnerability in the Windows kernel, affecting all currently supported versions of 32-bit Windows. 64-bit versions of Windows, including Windows Server 2008 R2, are not affected. The advisory provides customers with actionable guidance to help with protections against exploit of this vulnerability.
Tuesday, January 19, 2010
We wanted to provide a quick update on the threat landscape and announce that we will release a security update out-of-band to help protect customers from this vulnerability. Based on our comprehensive monitoring of the threat landscape we continue to see very limited, and in some cases, targeted attacks. To date, the only successful attacks that we are aware of have been against Internet Explorer 6.
Monday, January 18, 2010
For today’s update we want to share some insight on the current threat landscape for Security Advisory 979352, some new resources we have published and the current status on producing a security update. As we’ve previously reported, attacks remain targeted to a very limited number of corporations and are only effective against Internet Explorer 6.
