MSRC

Monthly Security Bulletin Webcast Q&A - February 2010

Thursday, February 11, 2010

Hosts: Adrian Stone, Senior Security Program Manager Lead Jerry Bryant, Senior Security Communications Manager Lead Website: TechNet/security Chat Topic: February 2010 Security Bulletin Release Date: Wednesday, February 10, 2010 Q: MS10-003 supersedes MS09-062 which was released for Windows in addition to Office. Does MS10-003 supersede only the Office XP components of MS09-062 or does it supersede all of MS09-062?

• Pages
• Security Update
• Security Update Webcast
• Security Update Webcast Q & A
• Webcast Q&A

Restart issues after installing MS10-015

Thursday, February 11, 2010

Hi everyone, I am writing to let you know that we are aware that after installing the February security updates a limited number of users are experiencing issues restarting their computers. Our initial analysis suggests that the issue occurs after installing MS10-015 (KB977165). However, we have not confirmed that the issue is specific to MS10-015 or if it is an interoperability problem with another component or third-party software.

• Microsoft Windows
• Security Bulletin
• Security Update
• Workarounds

February 2010 Security Bulletin Release

Tuesday, February 09, 2010

MSRC Bulletin Release Blog Post Hi everyone, As mentioned in our ANS blog post last week, today we are releasing 13 bulletins addressing 26 vulnerabilities. 11 bulletins affect Windows and 2 affect older versions of Microsoft Office. In the post on Thursday, we mentioned that bulletins in the ANS listed as 1, 2, 3, and 6 were going to top our deployment priority list this month.

• ActiveX
• Attack Vector
• Exploitability
• Exploitability Index
• Killbit
• Microsoft Office
• Microsoft Windows
• Mitigations
• Security Bulletin
• Security Update
• Security Update Webcast
• Video

February 2010 Bulletin Release Advance Notification

Thursday, February 04, 2010

Today we released February bulletin information through our Advance Notification Service (ANS). This month, we will be releasing 13 bulletins - five rated Critical, seven rated Important, and one rated Moderate - addressing 26 vulnerabilities. Eleven of the bulletins affect Windows and the remaining two affect Office. More information about the upcoming security updates can be found on the Advance Notification Service (ANS) webpage.

• Microsoft Office
• Microsoft Windows
• Security Bulletin
• Security Update

Security Advisory 980088 Released

Wednesday, February 03, 2010

Hi everyone, Today we released Security Advisory 980088 to address a publicly disclosed vulnerability in Internet Explorer that may allow Information Disclosure for customers running on Windows XP or who have disabled Internet Explorer Protected Mode. At this time we are not aware of any attacks seeking to use the vulnerability.

January 2010 Out-of-Band Security Bulletin Webcast

Friday, January 22, 2010

Hello everyone, Yesterday Adrian Stone from the Microsoft Security Response Center (MSRC) and I hosted a live webcast to discuss Security Bulletin MS10-002 and Security Advisory 979682 in more detail with customers. Below is the video of that presentation and you can find the question & answer transcript here. We spent over an hour answering customer questions during the webcast.

Out-of-Band Security Bulletin Webcast Q&A - January 21, 2010

Friday, January 22, 2010

Hosts: Adrian Stone, Senior Security Program Manager Lead Jerry Bryant, Senior Security Communications Manager Lead Website: TechNet/security Chat Topic: January 2010 Out-of-Band Security Bulletin Date: Thursday, January 21, 2010 Q: I understand the severity for workstaitons. Is the severity lower for servers in terms of this vulnerability, since most servers (except Terminal Servers) do not use IE?

• Attack
• Defense-in-depth
• Exploitability
• Internet Explorer (IE)
• Microsoft Active Protections Program (MAPP)
• Microsoft Windows
• Pages
• Security Advisory
• Security Bulletin
• Security Update
• Security Update Webcast Q & A
• Webcast Q&A
• Zero-Day Exploit

Bulletin MS10-002 Released

Thursday, January 21, 2010

Hello, Today we released Security Bulletin MS10-002 out-of-band to address vulnerabilities in Internet Explorer. All customers using currently supported versions of Windows and Internet Explorer should apply this update as soon as possible. Once applied, customers are protected against the known attacks that have been widely publicized. For customers using automatic updates, this update will automatically be applied once it is released.

Advance Notification for Out-of-Band Bulletin Release

Wednesday, January 20, 2010

Today we issued our Advanced Notification Service (ANS) to advise customers that we will be releasing MS10-002 tomorrow, January 21st, 2010. We are planning to release the update as close to 10:00 a.m. PST (UTC -8) as possible. This is a standard cumulative update, accelerated from our regularly scheduled February release, for Internet Explorer with an aggregate severity rating of Critical.

Security Advisory 979682 Released

Wednesday, January 20, 2010

Today we released Security Advisory 979682 to address an Elevation of Privilege (EoP) vulnerability in the Windows kernel, affecting all currently supported versions of 32-bit Windows. 64-bit versions of Windows, including Windows Server 2008 R2, are not affected. The advisory provides customers with actionable guidance to help with protections against exploit of this vulnerability.