MSRC

Security Advisory 2982792 released, Certificate Trust List updated

Thursday, July 10, 2014

Today, we are updating the Certificate Trust List (CTL) for all supported releases of Microsoft Windows to remove the trust of mis-issued third-party digital certificates. These certificates could be used to spoof content and perform phishing or man-in-the-middle attacks against web properties. With this update, most customers will be automatically protected against this issue and will not need to take any action.

Read More

• Advisory
• Security Advisory

July 2014 Security Bulletin Release

Tuesday, July 08, 2014

Many around the globe have been following the 2014 FIFA World Cup Brazil™ closely. Regardless of which country you are supporting, many folks have been impressed by the defensive display put on by keeper Tim Howard in a loss against Belgium. It was a great performance highlighting a strong defense – always a good thing to have, be it on the pitch or on your system.

Read More

• Internet Explorer (IE)
• Microsoft Windows
• Security Advisory
• Security Bulletin

Advance Notification Service for the July 2014 Security Bulletin Release

Thursday, July 03, 2014

Today, we provide advance notification for the release of six Security Bulletins. Two of these are rated Critical, three are rated as Important, and one is rated Moderate in severity. These Updates are for Microsoft Windows and Internet Explorer. This month we will also premier the new format for our Security Bulletin Webcast, scheduled on Wednesday, July 9, at 11 a.

Read More

• ANS
• Internet Explorer (IE)
• Microsoft Windows

Driving a Collectively Stronger Security Community with Microsoft Interflow

Monday, June 23, 2014

Today, Microsoft is pleased to announce the private preview of Microsoft Interflow, a security and threat information exchange platform for analysts and researchers working in cybersecurity. Interflow uses industry specifications to create an automated, machine-readable feed of threat and security information that can be shared across industries and groups in near real-time.

Read More

• Announcements
• Interflow

Microsoft releases Security Advisory 2974294

Tuesday, June 17, 2014

Today, we released Security Advisory 2974294 to inform global customers about an update for the Microsoft Malware Protection Engine. This update addresses a privately disclosed issue and fixes a vulnerability that could allow a denial of service if the Microsoft Malware Protection Engine scans a specially crafted file. Updates for the Microsoft Malware Protection Engine are sent through security advisories as there is typically no action required to install the update.

Read More

• Malware Protection Engine
• Security Advisory

June 2014 Security Bulletin Webcast and Q&A

Friday, June 13, 2014

Today we published the June 2014 Security Bulletin webcast questions and answers page along with the webcast replay. We answered six questions on air, with the majority focusing on the updates for TCP and Internet Explorer. The transcript also includes a question we did not have time to answer on the air.

Read More

• Bulletin Webcast
• Internet Explorer (IE)
• Microsoft Windows
• Security Bulletin Webcast

Theoretical Thinking and the June 2014 Bulletin Release

Tuesday, June 10, 2014

As security professionals, we are trained to think in worst-case scenarios. We run through the land of the theoretical, chasing “what if” scenarios as though they are lightning bugs to be gathered and stashed in a glass jar. Most of time, this type of thinking is absolutely the correct thing for security professionals to do.

Read More

• Internet Explorer (IE)
• Microsoft Office
• Microsoft Windows
• Monthly bulletin release
• Security Bulletins
• Security Update

Advance Notification Service for the June 2014 Security Bulletin Release

Thursday, June 05, 2014

Today we provide advance notification for the release of seven Bulletins, two rated Critical and five rated Important in severity. These Updates are for Microsoft Windows, Microsoft Office and Internet Explorer. The Update for Internet Explorer addresses CVE-2014-1770, which we have not seen used in any active attacks. Also, in case you missed it, last month we released Security Advisory 2871997 to further enhance credentials management and protections on Windows 7, Windows 8, Windows Server 2008 R2, and Windows Server 2012.

Read More

• ANS
• Internet Explorer (IE)
• Microsoft Windows
• Monthly bulletin release

Meet myBulletins: an online security bulletin customization service

Wednesday, May 28, 2014

Microsoft is committed to promoting a safer, more trusted Internet and providing monthly security updates is one of the ways our customers keep their devices and connections to the Internet more secure. Packaging updates together into a monthly bulletin cycle stems from customer feedback and offers a predictable way to help protect them against newly discovered threats.

Read More

• Announcements

May 2014 Security Bulletin Webcast and Q&A

Friday, May 16, 2014

Today we published the May 2014 Security Bulletin Webcast Questions & Answers page. We answered 17 questions in total, with the majority focusing on the update for SharePoint (MS14-022), Group Policy (MS14-025) and Internet Explorer (MS14-029). Here is the video replay: We invite you to join us for the next scheduled webcast on Wednesday, June 11, 2014, at 11 a.

Read More

• Bulletin Webcast
• Internet Explorer (IE)
• Microsoft Office
• Microsoft Windows
• Security Bulletin Webcast