MSRC

Clarification on Security Advisory 2896666 and the ANS for the November 2013 Security Bulletin Release

Thursday, November 07, 2013

Today, we’re providing advance notification for the release of eight bulletins, three Critical and five Important, for November 2013. The Critical updates address vulnerabilities in Internet Explorer and Microsoft Windows, and the Important updates address issues in Windows and Office. While this release won’t include an update for the issue first described in Security Advisory 2896666, we’d like to tell you a bit more about it.

• Advisory
• ANS
• Internet Explorer (IE)
• Microsoft Office
• Windows

Microsoft Releases Security Advisory 2896666

Tuesday, November 05, 2013

Today we released Security Advisory 2896666 regarding an issue that affects customers using Microsoft Windows Vista and Windows Server 2008, Microsoft Office 2003 through 2010, and all supported versions of Microsoft Lync. We are aware of targeted attacks, largely in the Middle East and South Asia. The current versions of Microsoft Windows and Office are not affected by this issue.

• Microsoft Office
• Microsoft Windows
• Security Advisory

Introduction: Chris Betz, new head of MSRC

Friday, October 25, 2013

By way of introduction, I am Chris Betz, the leader of the Microsoft Security Response Center (MSRC). I’m stepping in to fill the shoes of Mike Reavey, who has moved on to become the General Manager of Secure Operations, still within Trustworthy Computing. Since joining the MSRC, I’ve spent time immersed in learning the business, meeting our global team of security research and response professionals and many of the other teams we frequently interact with here at Microsoft.

10 years of Update Tuesdays

Monday, October 14, 2013

On October 1, 2003, Microsoft announced it would move to a monthly security bulletin cadence. Today, marks 10 years since that first monthly security update. We looked at many ways to improve our security preparedness and patch timing was the number one customer request. Your feedback was clear and we delivered a predictable schedule.

• Security Bulletins
• Update Tuesday

October 2013 Security Bulletin Webcast, Q&A, and Slide Deck

Sunday, October 13, 2013

Today we’re publishing the October 2013 Security Bulletin Webcast Questions & Answers page. We fielded 11 questions during the webcast, with specific bulletin questions focusing primarily on the SharePoint (MS13-084) and Kernel-Mode Drivers (MS13-081) bulletins. There was one additional question that we were unable to answer on air, and we have included a response to that question on the Q&A page.

• Customer Questions
• Security Bulletin Webcast
• Security Bulletins
• Webcast
• Webcast Q&A

An update on the bounty programs

Monday, October 07, 2013

Back in June of this year, we announced three new bounty programs that will pay researchers for techniques that bypass built-in OS mitigations and protections, for defenses that stop those bypasses and for vulnerabilities in Internet Explorer 11 Preview. This past Friday, we provided some additional details about the results of the IE11 Preview bounty program, which covered the first 30 days of the preview period.

• BlueHat Challenge
• BlueHat Prize
• Bounty Programs

The October 2013 security updates

Monday, October 07, 2013

This month we release eight bulletins – four Critical and four Important - which address 25* unique CVEs in Microsoft Windows, Internet Explorer, SharePoint, .NET Framework, Office, and Silverlight. For those who need to prioritize their deployment planning, we recommend focusing on MS13-080, MS13-081, and MS13-083. Our Bulletin Deployment Priority graph provides an overview of this month’s priority releases (click for larger view).

• Bulletins
• Internet Explorer (IE)
• Security
• Security Bulletin
• Security bulletin release
• Security Bulletins
• Security Update
• Update Tuesday

Advance Notification Service for October 2013 Security Bulletin Release

Wednesday, October 02, 2013

Today we’re providing advance notification for the release of eight bulletins, four Critical and four Important, for October 2013. The Critical updates address vulnerabilities in Internet Explorer, .NET Framework and Windows. The Critical update for Internet Explorer will be a cumulative update which will address the publicly disclosed issue described in Security Advisory 2887505.

• ANS
• Bulletins
• Internet Explorer (IE)
• Security
• Security Bulletins

Microsoft Releases Security Advisory 2887505

Tuesday, September 17, 2013

Today we released Security Advisory 2887505 regarding an issue that affects Internet Explorer. There are only reports of a limited number of targeted attacks specifically directed at Internet Explorer 8 and 9, although the issue could potentially affect all supported versions. This issue could allow remote code execution if an affected system browses to a website containing malicious content directed towards the specific browser type.

• Internet Explorer (IE)
• Security Advisory

September 2013 Security Bulletin Webcast, Q&A, and Slide Deck

Friday, September 13, 2013

Today we’re publishing the September 2013 Security Bulletin Webcast Questions & Answers page. The majority of questions focused on Office bulletins, especially SharePoint Server (MS13-067). We received multiple Office related questions that were very similar in nature, so the questions have been merged, as applicable, with consolidated answers provided. We were able to answer six questions on air, and those we did not have time for have been included on the Q&A page.

• Bulletins
• Monthly bulletin release
• Q&A
• Security bulletin release
• Security Bulletin Webcast
• Security Update
• Security Update Webcast
• Security Update Webcast Q & A
• Update Tuesday
• Webcast
• Webcast Q&A