Microsoft Windows | Microsoft Security Response Center

February 2011 Security Bulletin Release

Tuesday, February 08, 2011

Hello all – Today, as part of our monthly security bulletin release, we have 12 bulletins addressing 22 vulnerabilities in Microsoft Windows, Office, Internet Explorer, and IIS (Internet Information Services). Three bulletins are rated Critical, and these are the bulletins we recommend for priority deployment: o MS11-003. This bulletin resolves three critical-level and moderate-level vulnerabilities affecting all versions of Internet Explorer.

Microsoft releases Security Advisory 2501696

Friday, January 28, 2011

Hello. Today we’re releasing Security Advisory 2501696, which describes a publicly disclosed scripting vulnerability affecting all versions of Microsoft Windows. The main impact of the vulnerability is unintended information disclosure. We’re aware of published information and proof-of-concept code that attempts to exploit this vulnerability, but we haven’t seen any indications of active exploitation.

December 2010 Security Bulletin Release

Tuesday, December 14, 2010

Hi everyone. As part of our usual cycle of monthly security updates, today Microsoft is releasing 17 bulletins addressing 40 vulnerabilities in Microsoft Windows, Office, Internet Explorer, SharePoint Server and Exchange. Two of those bulletins carry a Critical rating, while 14 are rated Important and one is rated Moderate. We’ve assigned our highest deployment priority to the two Critical bulletins, though we recommend that customers deploy all updates as soon as possible.

September 2010 Security Bulletin Release

Monday, September 13, 2010

Hi everyone, With this month’s bulletin release, I want to highlight the great work done through our partnerships in the Microsoft Active Protections Program (MAPP). MAPP represents our commitment to community based defense and a shared sense of responsibility to help protect the computing ecosystem. In July of this year, the Stuxnet malware emerged onto the threat landscape and resulted in the release of an out-of-band security update, MS10-046, to address a zero-day vulnerability the malware used to compromise systems.

Update on the publicly disclosed Win32k.sys EoP Vulnerability

Tuesday, August 10, 2010

Hi everyone, Yesterday we tweeted to let customers know that we were investigating a publicly disclosed vulnerability in the Windows Kernel-mode drivers (win32k.sys) affecting all supported operating systems. We are not aware of attacks that try to use the reported vulnerability or of any customer impact at this time. Today we have more information, as well as a planned course of action.

Microsoft Windows

Out of Band Release to address Microsoft Security Advisory 2286198

Thursday, July 29, 2010

Today we’re announcing plans to release a security update to address the vulnerability discussed in Security Advisory 2286198 on Monday, August 2, 2010 at or around 10 AM PDT. We are releasing the bulletin as we’ve completed the required testing and the update has achieved the appropriate quality bar for broad distribution to customers.

Security Advisory 2286198 Updated

Tuesday, July 20, 2010

We’ve just updated Microsoft Security Advisory 2286198 to let customers know that we now have an automated “Fix It” available to implement the workaround we first outlined in our original posting on Friday, July 16, 2010. More information is available in the KB article 2286198, but in summary running the “Fix It” can help prevent attacks attempting to exploit this vulnerability.

July 2010 Security Bulletin Release

Tuesday, July 13, 2010

Hi everyone. As part of our usual monthly update cycle, today Microsoft is releasing four security bulletins to address five vulnerabilities in Windows and Microsoft Office. MS10-042 resolves a publicly disclosed and actively exploited vulnerability discussed in Security Advisory 2219475. The update addresses an issue in the Windows Help and Support Center feature included in Windows XP and Windows Server 2003.

July 2010 Bulletin Release Advance Notification

Thursday, July 08, 2010

Hi everyone. Today we’re releasing our advance notification for the July security bulletin release, which is scheduled for Tuesday, July 13. This month’s release includes four bulletins addressing five vulnerabilities. Two bulletins, both with a severity rating of Critical, affect Windows. Two of the bulletins affect Microsoft Office; of those, one carries a Critical severity rating and one is rated Important.

Security Advisory 2219475 Released

Thursday, June 10, 2010

Hello - We have released Security Advisory 2219475, addressing the vulnerability in the Windows Help and Support Center function in Windows XP and Windows Server 2003. We are not aware of any active attacks at this time. Customers running Windows Vista, Windows 7, Windows Server 2008 and Windows Server 2008 R2 are not vulnerable to this issue or at risk of attack.