Skip to main content
MSRC

MSRC

Advance Notification Service for the April 2014 Security Bulletin Release

Thursday, April 03, 2014

Today we provide advance notification for the release of four bulletins, two rated Critical and two rated Important in severity. These updates address issues in Microsoft Windows, Office and Internet Explorer. The update provided through MS14-017 fully addresses the Microsoft Word issue first described in Security Advisory 2953095. This advisory also included a Fix it to disable opening rich-text format (RTF) files within Microsoft Word.

Read More

Microsoft Releases Security Advisory 2953095

Monday, March 24, 2014

Today we released Security Advisory 2953095 to notify customers of a vulnerability in Microsoft Word. At this time, we are aware of limited, targeted attacks directed at Microsoft Word 2010. An attacker could cause remote code execution if someone was convinced to open a specially crafted Rich Text Format (RTF) file or a specially crafted mail in Microsoft Outlook while using Microsoft Word as the email viewer.

Read More

The March 2014 Security Updates

Tuesday, March 11, 2014

This month we release five bulletins to address 23 unique CVEs in Microsoft Windows, Internet Explorer and Silverlight. If you need to prioritize, the update for Internet Explorer addresses the issue first described in Security Advisory 2934088, so it should be at the top of your list. While that update does warrant your attention, I want to also call out another impactful update.

Read More

Advance Notification Service for the March 2014 Security Bulletin Release

Thursday, March 06, 2014

Today we provide advance notification for the release of five bulletins for March 2014, two rated Critical and thee rated Important in severity. These updates address issues in Microsoft Windows, Internet Explorer and Silverlight. The update provided in MS14-012 fully addresses the issue first described in Security Advisory 2934088. While we have seen a limited number of attacks using this issue, they have only targeted Internet Explorer 10.

Read More

Announcing the Enhanced Mitigation Experience Toolkit (EMET) 5.0 Technical Preview

Tuesday, February 25, 2014

I’m here at the Moscone Center, San Francisco, California, attending the annual RSA Conference USA 2014. There’s a great crowd here and many valuable discussions. Our Microsoft Security Response Center (MSRC) engineering teams have been working hard on the next version of EMET, which helps customers increase the effort attackers must make to compromise a computer system.

Read More

Microsoft Releases Security Advisory 2934088

Wednesday, February 19, 2014

Today, we released Security Advisory 2934088 regarding an issue that impacts Internet Explorer 9 and 10. Internet Explorer 6, 7, 8 and 11 are not affected. At this time, we are only aware of limited, targeted attacks against Internet Explorer 10. This issue allows remote code execution if users browse to a malicious website with an affected browser.

Read More

February 2014 Security Bulletin Webcast and Q&A

Friday, February 14, 2014

Today we published the February 2014 Security Bulletin Webcast Questions & Answers page. We answered seven questions on air, with the majority of questions focusing on the MSXML bulletin (MS14-005) and the revision to Security Advisory 2915720. One question that was not answered on air has been included on the Q&A page.

Read More

Safer Internet Day 2014 and Our February 2014 Security Updates

Tuesday, February 11, 2014

In addition to today being the security update release, February 11 is officially Safer Internet Day for 2014. This year, we’re asking folks to Do 1 Thing to stay safer online. While you may expect my “Do 1 Thing” recommendation would be to apply security updates, I’m guessing that for readers of this blog, that request would be redundant.

Read More